Talk:CheckUser policy/Archive 4

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search
Archive This is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

checkuser in user log

Currently use of checkuser is not logged anywhere. It should be logged somewhere similar to logs of moving/uploading/blocking/protecting. For example: "User:XYZ checked user User:ABC." This would bring in transparency, and protect privacy. It would be a not so difficult technical task to make it work. Thanks. Phantom 34323 06:46, 26 November 2007 (UTC)

It is logged, but the logs are only available to checkusers for privacy reasons (which trump transparency). John Reaves (talk) 06:56, 26 November 2007 (UTC)
Every checkuser action in logeed privately. The log is visible for everybody with that permission, but not to general public due to privacy policy. Open log would make it easy to make corellations like "first they checked this user, one minute later they checked that IP. Guess whose IP it is?". Publishing username checks only is no less bad idea, as it would allow people to make usubstaintiated assumptions of bad faith like "he was checked, probably he has something to hide". MaxSem(Han shot first!) 06:58, 26 November 2007 (UTC)
Oh this is cool, and importantly very fair, IMO. Thanks for the info, and this info should be mentioned in policy page (if its not there already). Wikimedia is so much alive :) Phantom 34323 07:15, 26 November 2007 (UTC)
It is already there in policy page. Phantom 34323 04:57, 27 November 2007 (UTC)

Autoblock procedure

Unblocking of an autoblock needs to disclose one's ip address. Is it a necessary or just "list of autoblock #s" enough? I think this is important in view of privacy policy.. Thanks. Phantom 34323 04:57, 27 November 2007 (UTC)

(belated) You can unblock an autoblock by using the autoblock number (unblock #32623 for instance). The IP isn't necessary. Kylu 17:02, 10 July 2008 (UTC)

needing clarification

Hello, I'm trying to find out whether the change of the statements below is official, as the discussion above seems somewhat unsettled, and most translated versions of the policy have not reflected this change yet:

Even if the user is committing abuse, it's best not to reveal personal information if possible.

  • Generally, do not reveal IPs. Only give information such as same network/not same network or similar. If detailed information is provided, make sure the person you are giving it to is a trusted person and will not reveal it himself.
  • If the user has said they're from somewhere and the IP confirms it, it's not releasing private information to confirm it if needed.
  • If they're on a large national or international ISP (e.g. AOL, NTL, BT, Telstra) where they're one of millions of users, saying so is unlikely to be personally identifiable.
  • Revealing the country is generally not personally identifiable (e.g. "User:Querulous is coming in from the UK, User:Sockpuppet is coming in from Canada").
  • If you're in any doubt, give no detail.

was changed to

Even if the user is committing abuse, it's best not to reveal personal information if possible.

  • Generally, do not reveal IPs. Only give information such as same network/not same network or similar. If detailed information is provided, make sure the person you are giving it to is a trusted person and will not reveal it himself.
  • If the user has said they're from somewhere and the IP confirms it, it's not releasing private information to confirm it if needed.
  • If you're in any doubt, give no detail.

If it is official, please confirm, so that the translated versions can be adjusted accordingly. Thank you for your attention.-- 22:28, 2 December 2007 (UTC)


Just a piece of question. How many votes do you have to get to have a checkuser on a Wikipedia with less than 15 quite active wikipedians about 5 to 8 of which are very active but three of which don't want to vote and remain neutral? We already have three votes for one and another two for the other in a local checkuser election here in the Tagalog Wikipedia. -- Felipe Aira 07:13, 23 December 2007 (UTC)

I believe the feeling is that if you are not able to get at least 25 votes, then your community is not active enough to need local checkusers. Feel free to request that stewards perform checkusers for you on Requests for CheckUser information. Cbrown1023 talk 12:50, 23 December 2007 (UTC)

Removal for inactivity

I think this part of the policy needs to be clarified. Does anyone have any suggestions about ways to tweak the wording to clarify whether the inactivity is related to the Checkuser tools or overall account inactivity. Also, do we need to add wording about if there is a duty for an Arbitration Committees, stewards, or the Community to investigate an Checkusers level of activity. FloNight 21:00, 3 January 2008 (UTC)

I think there is no need to connect this to inactivity as checkuser. Smaller wikis have a good chance to have few problems that need CU. Should anyone who is active as editor check random users in order to show checkuser activity? :-) Bináris 07:53, 6 January 2008 (UTC)

Any wiki which is that inactive probably doesn't need the CU in the first place; I'd be surprised if the requisite 25-30 votes could be mustered on a wiki which has no need for a CU over the course of a full year.  – Mike.lifeguard | @en.wb 21:41, 6 January 2008 (UTC)

There must be at least 2 CUs per wiki. I can easily imagine that one of them is a network sysop IRL and spends his/her day in front of the monitor and will complete all the requests before the other arrives. Should the other one removed for inactivity and elected a third one instead of him/her immediately in order to have the 2 CUs? :-) Bináris 09:26, 15 January 2008 (UTC)

I think this needs approaching with common sense on a per wiki basis. If you have ample CUs some of whom are completely inactive (the case on Commons) then the policy allows removal. In the case you use I hope the community would discuss the matter and certainly not lose CU access completely --Herby talk thyme 09:32, 15 January 2008 (UTC)
Just to be a thorn in the side of common wisdom, might I point out that there may be Wikimedia projects with two dozen or more active participants whose cultural background would encourage them to elect two local CUs ready to protect the project even if they hadn't had a single serious problem yet? Some cultures prefer establishing authorities in advance of problems instead of resisting authority unless a compelling need is demonstrated. Not everyone buys into the overarching principle of personal freedom and privacy that many Western cultures demand. And although one might expect that the use of a wiki would encourage people to think that way, I suspect most cultures are more resilient and flexible about sustaining what might appear to be contradictory beliefs to the Western mind. In other words, I'd be surprised if we don't have (or will soon have) projects that can summon 25-30 votes for local CUs with no urgent need, simply because they'd rather act proactively than wait to suffer the problems they hear about on other projects. ~ Jeff Q (talk) 03:07, 9 March 2008 (UTC)
I agree with Herby that this should be handled case by case. "10 edits or actions in a year" seems like a reasonable low bar for absolute activity. However each wiki should be able to set their own standard for activity, and to remove inactive CUs and elect new ones. The default global standard should probably be "edits and logged actions" not just logged actions, since there may be little cause to use the tool. SJ · talk | translate 13:11, 2 March 2011 (UTC)

Arbcoms vs. elections for CUs

Elian made this revision back in November. While it's apparently what de:wp does (?) I'm not sure it's actually official policy, is it? I became aware of this because of this w:Wikipedia talk:Requests for checkusership in which Majorly proposed elections and the en:wp arbcom reasserted the appointment process. This may be something to bring up at "rewriting" as well. ++Lar: t/c 06:51, 27 January 2008 (UTC)

Hmmm I am rather indifferent about this, and wonder if German Wikipedia just could choose a course to have their Arbcom say "yes" to existing CUs when their Arbcom was set up, but it introduce some ambiguity and better to have been discussed beforehand. I personally feel it would be better for us all to let each community decide if their Arbcom rules here or not, keeping the current flexibility, but anyway we need to discuss. (foundation-l perhaps?) --Aphaia 04:22, 28 January 2008 (UTC)
One of the pitfalls of this type of addition to policy without discussion is that the Community has no way of knowing about the change. The Wikipedia English Arbcom had no idea that the policy was changed. That is the reason that I'm pushing for a Wikicouncil to help review all the policies in an organized manner and make recommendations taking into account the needs of all the projects. As to the substance of the change, I think that we need to recognize that the needs of communities differ as well as the political dynamics that allow for changes to happen. For that reason, I think that we need to be as flexible as possible in allowing Communities to make decisions that keep their Community growing and thriving. FloNight 11:39, 28 January 2008 (UTC)
Just for clarification. On dewiki there is no policy for the appointment of Checkusers at all. Neither the checkusers themselves can appoint new collegues nor is the arbcom willing to do so. There must be a normal election just like for sysops and other people. --Thogo (talk) 11:43, 28 January 2008 (UTC)
Out of curiosity, who monitors the CU's activity to make sure that it falls within the activity level policy, or Foundation privacy policy, or other Community standards? FloNight 13:00, 28 January 2008 (UTC)
Every checkuser monitors the other checkusers, of course. --Thogo (talk) 13:03, 28 January 2008 (UTC)
So it is a self-monitoring system. As we appoint more CU on Wikipedia Englsih that are not on arbcom, I think we need to decide who is responsible for monitoring the CU. Since we are responsible for the appointments, we monitor the activity level to see the need for more appointments. We are also responsible for examining complaints of misuse as they relate to our policies. I wonder if any other communities do it differently than self monitoring and/or arbcom monitoring. Thanks for answering my questions as I try to sort this out. :-) FloNight 14:03, 28 January 2008 (UTC)
I thought the point of this section was to allow communities not large enough for an ArbCom to have CUs. If that's the case, then wikis with an ArbCom should have ArbCom appoint CUs, while wikis without an ArbCom will use the voting method. Is there some problem on dewikipedia that is solved by allowing an election despite there being an ArbCom?  – Mike.lifeguard | @en.wb 16:02, 28 January 2008 (UTC)
The role of an arbitration committee is dispute arbitration, not government; if some wikis want a reduced level of bureaucracy compared to the English Wikipedia, I really don't see a problem with letting them have regular elections instead. —{admin} Pathoschild 16:35:35, 28 January 2008 (UTC)
I am not opposed to that idea but I think it needs ratification by the Foundation Board, rather than just being changed by an edit with no prior discussion. The current process came from them. Because of privacy concerns, they may have reasons for wanting ArbCom involved if one exists. Or not... I agree that ArbComs are for problem resolution not governance, except that the Board has seen fit to give them some governance roles, and so has Jimbo directly (the en:wp IRC mandate being an example), whether they wanted them or not. ++Lar: t/c 17:06, 28 January 2008 (UTC)
Well yes, but my questions was really "What does the policy actually say on this point?" If it says that elections are for use where ArbCom doesn't exist, then we may want to change it. (As opposed to a change that went unnoticed for 2 months and is only now being discussed).  – Mike.lifeguard | @en.wb 17:09, 28 January 2008 (UTC)
The change is still there I think, last I checked. I'd advocate changing it back until it's clear that there is a mandate for the change. As an aside, I'm not sure I see how the WikiCouncil proposal would solve this issue. I am not sure that more talking shops without clear mandates would help matters, I suspect they would make things more confusing. This particular thing (CU permission granting) is one small policy that is not under the control of individual wikis. But most things are and I suspect most wikis like it that way and are not too keen on the idea of a vast new bureaucracy that will have authority over them. But I digress. ++Lar: t/c 17:21, 28 January 2008 (UTC)
We need to figure out a way to write policies that represent the needs of wiki of all sizes and types. What we are doing now will not scale. Having unstable versions of policies that are not regularly reviewed is problematic. Users that read a policy expect it to be an accurate statement of the actual policy and well thought out. Currently, no one is doing this work in a systematic timely manner. I suspect that elected representative that commit to doing research into the needs of the Global Community will have a better outcome than user(s) that makes changes based on their immediate thought. The step of forming a Wikicouncil to do some of these tasks for the Community meshes with the growth and maturity of the Foundation. Once all the work was done primarily by a volunteers. Hiring qualified staff is moving the Foundation forward. The Community need to find better ways to work with them. We need to figure out our needs so they can meet them better. FloNight 17:50, 28 January 2008 (UTC)
Mike, dewiki does actually have an arbcom, so there is no problem. If the foundation decides that only the arbcom can approve checkusers, we will do it this way, but until now we arbcom people didn't feel responsible for checkusers. I would wish a clarification of the foundation about this point in the policy. Otherwise I guess it's completely ok, if a community decides to elect their CUs like sysops/bureaucrats. --Thogo (talk) 18:01, 28 January 2008 (UTC)
Again, let's set the policy back the way the board had it. If de:wp arbcom wants to delegate the selection of CUs to the community, that's within their remit... they just say "we will have the community hold elections and after they are held, we submit the results as if we made the choice ourselves"... no need for policy change. As for the issue of the policy being changed, again, for this particular thing, no need for a big new bureaucracy... just put the policy on the wmfwiki, instead of here where it can be edited by just anyone that comes along. Maybe there is some need for a new 30(? ... 200 ?? ... whatever) person grand shiny new council to decide things but this isn't the thing that demonstrates that need as far as I can see. that would be way overkill for something that common sense sorts out easily. ++Lar: t/c 19:15, 28 January 2008 (UTC)

I support to change it back to the previous version of Elian's with a hope to update it reflecting all current situations. FloNight brought a good point: policy should cover all community needs. We have already two problematic cases which the original policy didn't consider, that is:

  1. A project which is too small to collect required 25 support but has an ArbCom, and their arbcom appoints Checkusers. (enwikinews case)
  2. A project which has been enough big to collect required 25 support but lacked their Arbcom until some time. Now they have an Arbcom and their CUs are not appointed by that Arbcom. The next CU should/can be elected by the community vote or should their Arbcom rule here now? (dewiki case, and predictably soon of many other wikis)

I think we are better to avoid "relying common sense" here. This policy was intended to be handled strictly, and we have seen what the common sense says are varied from the community to the community. While it doesn't directly concern the crucial part of this policy, say, privacy information handling, we are better to choose a way with the full precaution we can afford. --Aphaia 03:48, 29 January 2008 (UTC)

After reading a bit of the recent discussion, and some of the archived stuff, I think this is what was meant here.
The intent of this part of the policy is to put the bar fairly high (for obvious reasons). There are 2 methods, and whichever has the highest onus is the method a wiki uses. So using the ArbCom route to bypass the 25-vote minimum because it's a small wiki is not kosher. Likewise, the 25 votes method at enwiki (or other large wikis) is a bad joke. I have no good suggestions of what language to put in the policy, and I'm sure there will be some discussion to follow. – Mike.lifeguard | @en.wb 00:52, 9 March 2008 (UTC)
I think that whether or not the project's ArbCom appoints CUs should depend on two factors:
  1. whether or not the project community desired that the ArbCom should handle appointments in place of community elections when they set up the ArbCom, and
  2. whether or not the Foundation has given that ArbCom approval to appoint CUs.
It may be necessary for existing projects with ArbComs to resolve either or both of these points. --bainer (talk) 10:13, 9 March 2008 (UTC)
In light of discussions on CheckUser-l and here, I have "fixed" it to be clearer that the ArbCom needs to be approved by the Foundation to give out CheckUser before the wiki's ArbCom can do that. (I would hope that the Foundation would not approve without community support.) But this needs to be made clearer still, yes.
James F. (talk) 22:37, 10 March 2008 (UTC)

A Checkuser Question

I wonder if it might help to pop a note here about the question I asked at Talk:Ombudsman_commission...?

Basically, I've been enquiring about some aspects of the privacy policy, and having established that checkusers are free to share username information with whomever they wish, I wondered if other checkusers might be free (from a foundation perspective) to share the information about when a check was run, and maybe by whom?

I'm also happy to talk about why I think this might be a good idea!


Privatemusings 04:26, 19 February 2008 (UTC)


This needs to be updated to reflect the amended version passed in JuneGeo.plrd 19:01, 6 March 2008 (UTC)

Actually, for whatever reason, OTRS is excempt from that, although being 16 or over is preferred. Majorly (talk) 22:33, 6 March 2008 (UTC)

immediate removal of checkuser

The policy currently says that "In case of abusive use of the tool, the Steward or the editor with the CheckUser privilege will immediately have their access removed", yet the rest of the section doesnt indicate how this would occur. Quite the opposite in fact; it does say that a steward cant remove access on their own, and indicates local community consensus is required, which is far from "immediate". How would immediate removal occur? John Vandenberg 11:50, 4 April 2008 (UTC)

I suppose it means that as soon as abuse is discovered, a member of the ArbCom or another checkuser will ask for the bit to be removed. I don't know if checkuser has ever been forcibly removed from anyone, so if it ever did happen, the current wording is certainly confusing. Would it be a good idea for the (other) checkuser to bring up the issue on the checkuser mailing list, and ask for input on the issue? Perhaps with agreement of people there it could be removed. It would be difficult to ask the community, due to the privacy issues concerned. I suppose this also applies to oversight, but the consequences of oversight abuse aren't nearly so bad as those of checkuser. Majorly (talk) 12:48, 4 April 2008 (UTC)
Removal would occur immediately in situations akin to "emergency desysopping" when there is clear abuse happening right now. – Mike.lifeguard | @en.wb 16:23, 22 April 2008 (UTC)

Appointed by ArbCom or elected?

I have been trying to make sense of the Access to CheckUser section (here), but it gets more obscure every time I read it. There was a big change in November 2007 (here), allowing local projects more say in the matter.

  • Then came the change of 10 March 2008 (here), which first is quite emphatic that "[check]users can be appointed by the Arbitrators only" and then goes on to "On a wiki ... where the community prefers independent elections, ..." negating that strict requirement. This does not make sense.
  • It is not made clear what exactly is "an Arbitration Committee (ArbCom) which has been approved by the Foundation to assign CheckUser status...". Is there a list of Arbitration Committees approved by the Foundation for this purpose, or is this automatic (as per this list)?
  • The English Wikipedia has three checkusers appointed by the "Office". This, too, is mystifying as the Access section says nothing about them. Why are they there? Does the "Office" have carte blanche to appoint checkusers in any project they feel like? As many as they like? Etc?

- Brya 12:19, 22 April 2008 (UTC)

Will try to answer this; note that I'm just answering as I understand it, and I could be wrong. In order:
"where the community prefers independent elections"
I always understood this to mean "where the approved Arbitration Committee determines that the community would prefer to elect individuals directly; they remain responsible for making sure that the policy is followed and raising concerns to the Foundation if appropriate".
Approved Arbitration Committees
Is it automatic? No. Is there a list? No. Should there be? Yes. But I can't write this list off the top of my head; I'd recommend asking the Volunteer Co-ordinator. (Sorry, Cary! ;-))
Foundation-mandated individuals
Can the Foundation make changes its software as it wishes? Yes. Does this apply to all parts of its software? Yes. Is there a limit to this? No. (That is, the Office as part of the Foundation can do what it likes.)
Hope this is helpful. We (the CheckUsers) are currently discussing the issue to see if we need to clarify the policy further. Also, we might full-protect the page, given the nature of its content.
James F. (talk) 08:21, 26 April 2008 (UTC)
Basically agreeing with Jdforrester I certainly think this page should be protecting once it reads in the "agreed" way ( of course how long that will take is another matter....:)) --Herby talk thyme 08:40, 26 April 2008 (UTC)

The Foundation can traditionally give additional rights to people it chooses; there is at times WMF appointed sysop access, checkuser access, developer access and so on. These are all outside the scope of simple "editing access". As with many traditional matters on the wikis, it's a balance of having the right, and not excessively using the right. Basically if the WMF feels it would be useful, and appropriate/necessary to give a user a right on a wiki, they can, but they don't do it that way often. I think. FT2 (Talk | email) 12:23, 26 April 2008 (UTC)

Thank you. I do feel that the page should mention that the WMF has unlimited powers to appoint checkusers. This need not be more than a few words, just enough to be clear about it. - Brya 07:18, 27 April 2008 (UTC)

Better process?

As for "appointed or elected", this would probably need more discussion. Clearly a well-agreed communal decision is fine, but as drafted this doesn't yet work for me. What I'd rather see at WMF level would be something that ensures a high quality standard if communal decision-making is decided upon. Quick outline concept in case it's useful:

"On wikis with an ArbCom, Checkuser is normally appointed by that ArbCom following internal deliberations and any process that the Committee may determine. Alternatively, a wiki with an ArbCom may decide to communally appoint its Checkusers. A consultative process is required to agree this:
  • Policy - A policy must be drafted which:
  • Must faithfully reflect WMF privacy and checkuser policies and affirm their primacy.
  • Must cover how checkusers are to be appointed and removed. It should make clear that usually CheckUser should not be granted unless there is an actual need for more CheckUsers. (minimize access to IP data: checkusers don't get appointed "just because they'd be good" or popularity, but only if there's actual need for more.)
  • Must also ensure that significant changes affecting appointment and usage, require reasonable length discussion and clear consensus on the talk page. Typically this would cover nominations/requests, appointment, removal, usage and accountability. (ensures key issues get discussed first not just "added to policy")
  • Additionally it should cover basic checkuser criteria (trust, necessity, technical competence) and may cover other processes or norms or information as needed.
  • Consultation process - The consultation process may include measures to ensure a high quality decision, including a minimum standard for suffrage, a limit on comment length, agreement on the process and structure of consultation, and a decision on who shall ratify it at the close or (if needed) for interim stages. The consultation may be single- or multi-stage, and will often involve discussion and (recommended) a "straw poll" to resolve any issues before a formal vote is taken.
  • Consensus - The community must be consulted on the proposed policy, which must be widely advertized and discussed beforehand on the wiki and noted on 'meta', and a high standard for adoption obtained. A typical suggested standard is 150 - 400 valid votes (depending on the size of the wiki) and somewhere in the range of 70% - 90% support (or equivalent). For smaller wikis, a lower number of votes may be agreed by consensus.
  • ArbCom - The ArbCom should be consulted as needed, and at critical junctures, for a view whether WMF policy is being correctly complied with, and any feedback to the community.
  • Ratification - If WMF policy has been complied with, the decision will be ratified and become the communal decision."

A quick stab at "what a WMF policy section on this might look like". FT2 (Talk | email) 13:06, 26 April 2008 (UTC)

An attempt to phrase this more user friendly:

"On wikis with an ArbCom, a Checkuser is normally appointed by that ArbCom, following a procedure set for or by the ArbCom, as the case may be. Alternatively, a wiki with an ArbCom may choose to appoint (all, or some) Checkusers by a community decision, but only if a policy has been adopted.
  • Requirements:
  1. The policy must faithfully reflect WMF privacy and checkuser policies and affirm their primacy. It should make clear that usually additional CheckUsers should not be appointed unless there is an actual need for more CheckUsers. It should cover basic checkuser criteria (trust, necessity, technical competence) and may cover other processes or norms or information as needed. (Reflect WMF policy. Also minimize access to IP data: checkusers don't get appointed "just because they'd be good" or popularity, but only if there's actual need for more.)
  2. The policy must cover how checkusers are to be appointed and removed.
  3. The policy must ensure reasonable discussion, publicity, and time frames, for proposed changes that will significantly affect nominations/requests, appointment, removal, usage, and accountability. (ensures key issues get discussed first not just "added to policy")
  • Formal adoption of this policy must go through the following steps:
  1. Consultation process - The draft of this policy must be up for discussion by the community. The consultation process may include measures to ensure a high quality decision, including a minimum standard for suffrage, a limit on comment length, agreement on the process and structure of consultation, and a decision on who shall ratify it at the close or (if needed) for interim stages. The consultation may be single- or multi-stage, and will often involve discussion and (recommended) a "straw poll" to resolve any issues before a formal vote is taken.
  2. Consensus - The community must be consulted on the proposed policy, which must be widely advertized and discussed beforehand on the wiki and noted on 'meta', and a high standard for adoption obtained. A typical suggested standard is 100 - 400 valid votes (depending on the size of the wiki) and somewhere in the range of 70% - 90% support (or equivalent). For smaller wikis, a lower number of votes may be agreed by consensus.
  3. ArbCom - The ArbCom should be consulted as needed, and at critical junctures, for a view whether WMF policy is being correctly complied with, and any feedback to the community.
  4. Ratification - If WMF policy has been complied with, the decision will be ratified and become the community decision."

I am not sure if this addresses all the issues. Also, by my standards it looks still too wordy and too inexact (two things which tend to go hand in hand) - Brya 07:53, 27 April 2008 (UTC)

Two minor edits - the full rationale for the first item (better explanation is being discussed), and 70 - 90% (realistically it'll almost always be 75% or 80%, maybe 85, but indicating "somewhere between 70 - 90" lets the community choose fully) FT2 (Talk | email) 02:44, 1 May 2008 (UTC)

Age Restriction

The age restriction is no longer a firm requirement as of 2 June 2007. The policy needs to be changed to reflect the update. Geo.plrd 06:21, 27 April 2008 (UTC)

You seem to misunderstand. It is no firm requirement only for the chosen role, in the current context, OTRS volunteers. Checkuser is still very strictly restricted by that requirement. --Aphaia 07:53, 27 April 2008 (UTC)
Aphaia is correct, see foundation:Access to nonpublic data policy for more information. Cbrown1023 talk 14:29, 27 April 2008 (UTC)
which may include proof that such user is at least 18 and explicitly over the age at which they are capable to act without the consent of their parent in the jurisdiction in which they reside. This is not a firm requirement. Geo.plrd 02:50, 28 April 2008 (UTC)
That's complete nitpicking, even if it is not a firm requirement from that specific policy, it is one in practice. Cbrown1023 talk 21:20, 28 April 2008 (UTC)
Notice, "and", not "or"...... and that "proof of age" may be asked does not imply the age limit will be waived..... FT2 (Talk | email) 02:22, 1 May 2008 (UTC)

CheckUser vs. SUL

It seems to me that SUL-enabled accounts will have their IP addresses visible to checkusers of any wikimedia project.

  1. This should apply at least as soon as they first visit a project, when they have their accounts created automatically. Does this also apply to subsequent visits, even if the users performed login on another project?
  2. IIUC, checkuser logs only last a limited amount of time. However, can checkusers see the IP address that registered the account (either automatically or manually) forever, independent of how long the checkuser logs last?

Balabiot 08:39, 2 June 2008 (UTC)

I don't see why there's any difference between merged and non-merged accounts from a CU standpoint. What's your basis for that?  – Mike.lifeguard | @en.wb 11:39, 2 June 2008 (UTC)
I'm just asking. My point is that while accessing a project for the first time definitely creates an association between you and your IP in the check-user logs, it's not clear to me whether accessing a project subsequently constitutes a login action. Since check-user logs cannot be written (for performance reason) on every page visit, what actions can (for example) checkusers see about me? That I just logged into meta? That I just logged into Neither of these as long as I don't visit Neither of these as long as I don't edit Neither of these, they can only see me if I explicitly log into I hope this clarifies my first question.
Regarding the second, I was wondering if the specific IP address/user account used for registration is special and remains for more time in the checkuser logs (similar to how bureaucrats creating accounts have their actions logged forever). In this case, does the first IP I used to visit a project (thus creating a SUL login there) remain forever? Balabiot 04:37, 3 June 2008 (UTC)
CheckUsers on a wiki can see only data for that wiki - it is not a global permission. The data a CU at enwiki can see is just actions at enwiki. All CU data is treated the same I think, so that would be purged along with other data.  – Mike.lifeguard | @en.wb 11:30, 3 June 2008 (UTC)
Yes, that I know. But which actions? Is visiting a page on with a SUL login considered an action? logging out (even if I logged in from a different wiki)? editing? Balabiot 12:12, 3 June 2008 (UTC)
Checkusers can only see what is recorded in recent changes, so viewing pages is not recorded, but editing pages yes. The "account created automatically" log entry isn't anymore recorded in recent changes, so the IP address of that action is not accessible to checkusers. iAlex 12:25, 3 June 2008 (UTC)
Checkusers can see your IP if you have logged in and not edited... i tried it several times and the usual dipshits nailed the account and the IP even if it didn't edit anything... TIV 22:21, 11 July 2008 (UTC)

Selection method

Crossposted from [1]; discussing this change.

The change was the result of a long discussion on the checkuser-L mailing list. The problem, essentially, is that there is no single system, and seems to be no easy way to describe any of the current systems. During the discussion, no one from the Foundation weighed in. For example, enwiki has an Arbcom, which appoints checkusers. dewiki has an arbcom, but checkusers are elected. eswiki (if I recall correctly) has one CU elected by the community before the creation of their arbcom and one CU appointed by the arbcom, with no clear decision (and some controversy) about whether future CUs will be elected or appointed. There was also concern on the list about the recent attempts to establish an arbcom in order to appoint some people as CUs who had failed to be elected (I think it was en wikiquote but I would have to look it up to make sure). I think the requirement of having a minimum number of votes and 75-80% consensus is a good idea, especially if it has been established as a precedence. But that language was being used by some people on enwiki to justify creating an election mechanism that would be independent of Arbcom. So that's the problem. Perhaps the confusion could be addressed by saying, "If a wiki currently has a mechanism to appoint or elect checkusers, future checkusers must be selected using the same mechanism. If a wiki does not have checkusers, the 30 vote/80% consensus rule applies. I confess I have not given this much though recently but does that seem reasonable? Thatcher 17:22, 10 July 2008 (UTC)

Sorry, private list (checkuser-l) is not the place for talking about policy changing. So, please, start to talk here. --Millosh 18:58, 10 July 2008 (UTC)
Actually, there is considerable discussion above that was never implemented, and in March JamesF made changes based on checkuser-L without objection. Perhaps you should revert to Bastique's version. Thatcher 19:57, 10 July 2008 (UTC)
As I said at CU list, this is not your mistake (at least, not 100%). Practice of talking at private lists and changing policies should be changed. Policies are public and it should be publicly discussed about them. At the other side: Yes, of course, CUs are the most introduced contributors into the CU issues, so their word should have a significant weight. --Millosh 20:12, 10 July 2008 (UTC)
The only problem with this policy change is that it affected small wikis and that it is now possible that someone becomes CU with 7:1 score. If you change that, I don't have any objections to your changes. (However, others should say what do they think, too.) --Millosh 20:12, 10 July 2008 (UTC)

Why shouldn't a normal user see if their account has been checked? TIV 22:18, 11 July 2008 (UTC)

There is some control measures already installed. For example, on fr wiki, a request page lists all the checks details (request, cu decision to make or not the verification, check result). Then, any checkuser have access to others checkusers log. Finally, there is an ombudsman commission to deal with complaints. --Dereckson 04:15, 14 July 2008 (UTC)


Does the required support of 25 people mean that a community could block an appointment to checkuser that the arbcom wishes to make by calling a community vote and failing to come up with this number of support votes? Can a community call for the removal of someone who already has access without going through the arbcom? (the logical answer IMO would be that if the community fails to support the arbcom that means the community does not have confidence in the arbcom to select checkusers, and it reverts to the no-arbcom scenario) —Random832 19:51, 29 August 2008 (UTC)

I think there's two answers to this:
On most projects with Foundation-approved arbcoms, the correct course of action would be to petition the arbcom to overturn its decision regarding the potential checkuser, though other solutions may include holding a vote of no-confidence in the current arbcom, or at the extreme, hold a vote to abolish the current arbcom and nullify its current actions.
On the English Wikipedia, there is ongoing controversy regarding the relationship between its arbcom and the community: The best solution would be to petition arbcom there to reverse its decision and request that they state whether the current members of arbcom there believe that it can be overruled by the community regarding these sorts of situations.
There is no current policy allowing stewards to overrule a local arbcom regarding checkuser access except in cases of the user failing to provide sufficient identity to the Foundation, nor is any branch of Meta willing to take on such a task as to provide oversight of local consensus: Projects are requested and required to determine that themselves.
While the Board of Trustees has the authority to perform such actions as revoking permissions, it is highly unlikely that they will do so, and unless there is an extreme and urgent need for Board intervention, requesting such intervention is highly discouraged.
I hope this helps to resolve your situation. Kylu 20:23, 29 August 2008 (UTC)
It was a purely theoretical question - though, who exactly judges the vote when there is no local arbcom? —Random832 06:30, 30 August 2008 (UTC)
The local community judges the vote. The stewards only intervene when it's clear that the requirements haven't been met or someone brings up suspicion of vote stacking/sockpuppetry to them. If the outcome isn't absolutely clear, stewards will not act. Kylu 18:00, 30 August 2008 (UTC)


This policy contains a serious contradiction regarding the appointment of CheckUsers. It states (emphasis added):

Yet immediately follows with (emphasis added):

Which is it? Can CheckUsers only be appointed by qualifying ArbComs (where applicable) or can CheckUsers be appointed by election when the community prefers indepedent elections? Vassyana 11:45, 25 November 2008 (UTC)

Let's face it. This policy is completely and utterly stupid. It is ignored by English Wikipedia, whose CheckUsers can do whatever the hell they want, without facing any consequences for misuse - same for Oversight.
I tried, earlier this year, to implement a Requests for checkusership process on English Wikipedia - it failed spectacularly, when ArbCom found out about it (and a Bureaucrat/Arbitrator closed my own nomination, in a massive COI). See the page for the details, and the talk page (especially the first archive), where it was shot down by Arbitrators, unsurprisingly, who hated the idea of the community taking their so-called right away from them. Majorly talk 12:45, 25 November 2008 (UTC)
:-( FloNight 19:54, 25 November 2008 (UTC)
I also find it strange and I wonder why this was put down like this in the first place. We have decided on plwiki that ArbCom has nothing to do with the CheckUser powers at all. Actually (except for the one short exception, but even then no CU checks were made by the CheckUser elected while sitting in ArbCom) we maintain separation between ArbCom and CheckUsers. Personally (not the community opinion) I find this separation of powers very good - ArbCom should ask for CheckUser data just like any other user, even via public request page (as mandated by few wikis). Nlwiki goes even further - checkusers are not even sysops. Separating ArbCom from CheckUsers adds additional checks and balances, since it limits the need to "dig for evidence" or explain the issue deeper than just a straight sockpuppet check.  « Saper // @talk »  20:35, 6 March 2011 (UTC)

Combining CheckUser and Oversight flags

CheckUser and Oversight rights both involve handling private personal data, though OS is usually used to hide something for the future, and CU is used to unhide something from the past... What do people think about combining these rights into a single flag? I'm not sure what one would call it; oversight of [hidden revisions and hidden IP addresses]? -- sj | help translate |+ 21:09, 5 April 2009 (UTC)

I'm in favour of the idea. No clear name springs to mind though. Any cons to this? ++Lar: t/c 15:33, 12 April 2009 (UTC)
"privateers"? :P Cbrown1023 talk 22:15, 12 April 2009 (UTC)
Agreed that this is a good idea. Cirt (talk) 22:23, 2 October 2009 (UTC)
While I see benefit in automatically granting (full or partial) oversight flags to a checkuser, I am less persuaded that granting checkuser flags to an oversighter should be automatic. The skill set for oversight mainly focuses on solid understanding of the privacy policy and demonstrated decision-making and communication skills; checkusers also require additional technical skills and knowledge that simply aren't necessary for one to be a good oversighter. As well, on enwiki there is a significant demand around the clock for oversighters, whose job is more time-sensitive; thus, we have extended this permission to a larger group than we have the checkuser permission. There are multiple overlaps, of course. Risker 20:42, 9 December 2009 (UTC)

Maybe this is a stupid question, but.....

At what wikis do these CheckUser policies actually apply? I ask because I know Conservapedia does not abide by these rules and I was wondering if anything can be done. It is common on Conservapedia for users to be blocked before they even make an edit because the checkusers run a check on every new account. Can anything be done about this or does Conservapedia not fall under these rules? Thanks. Keegscee 03:57, 9 December 2009 (UTC)

This policy only applies to wikis listed on Special:SiteMatrix. Conservapedia is not owned or controlled by the Wikimedia Foundation and as such, the WMF cannot do anything regarding their usage of Checkuser. MBisanz talk 04:01, 9 December 2009 (UTC)

Additions to our privacy policy subsection on the meta Checkuser page

Per my discussions with Risker here, I wished to add the following line to our privacy policy subsection on the Checkuser page.

  • Checkusers can, in the interests of the project and for the purposes of protecting Wikipedia against actual and potential disruption and abuse, maintain a personal record or backup of checkuser findings.

This will allow users to know that apart from the three-month standard maintenance on our logs, ip and usage information could be stored by Checkusers otherwise too for protecting our project's interests. Thanks♪ ♫ Wifione ♫ ♪ 06:43, 30 October 2010 (UTC)

Not all WMF projects are Wikipedias. --Pi zero 13:50, 30 October 2010 (UTC)
Sure. Maintaining a personal record or backup of checkuser finding is obviously useful and necessary in various situations, since some logs may be expired from the system before the investigation is completed or sockpuppets of banned users appear in the distant future. Ruy Pugliesi 14:54, 30 October 2010 (UTC)
Should be made clear. Fred Bauder 18:24, 30 October 2010 (UTC)
I think this might be better off as a silent policy. Making this explicit will likely lead to the assumption that all Checkusers not only may, but do, maintain such information; there's a lot of fuzzy-edged privacy stuff in there that would get even more confusing if official policy permitted (read: encouraged) Checkusers to maintain private data. --Jpgordon 19:38, 30 October 2010 (UTC)
At least the original wording at Wikipedia is not being proposed, but this states what CheckUsers already know. The checkuser-l mailing list archives go back to the beginning of 2006 and people's email clients routinely archive messages received. Whether explicitly defined in policy or not and despite a three month expiration window on data, records on people and IPs that have gained attention go back years. Adrignola 20:40, 30 October 2010 (UTC)
The original wording is strange, as it includes admins and editors as well. People can obtain IPs from a raft of sources, including IRC, and IP edits being signed by a logged in user. We can't force people to forget this information; all we can do is ensure that it is not acceptable to repost this information publicly on our projects.
I don't mind if the checkuser policy informs people that checkusers may retain records for longer than the three month period, but I agree with Jpgordon that this is hairy area. I don't like the proposed wording, as it starts to lock down when we are allowed to keep records. Who is going to judge 'potential disruption'? In short, checkusers are appointed to make good judgements, there is a WMF ombudsmen to review misuse and dubious cases, and there is an audit subcommittee on English Wikipedia. John Vandenberg 00:27, 31 October 2010 (UTC)
I am in agreement with John and Josh here. It is already common knowledge that the mailing lists are archived, if individual checkusers wish to keep copies of their records, there is nothing the foundation can do to prevent that outside of subpoenaing their computers. Many other checkusers do not keep records. What we do know is that currently the log-in records on projetcs are set to be scraped after three months. That is a reasonable thing to have in the policy—forcing CUs to keep or not keep records is not. Our CUs are supposed to the editors with the highest degree of "clue" in the projects; we trust them or we don't. -- Avi 00:52, 31 October 2010 (UTC)
I agree with Avraham and John. Ruy Pugliesi 13:54, 31 October 2010 (UTC)
I do not consider the proposed privacy policy necessary. I see nothing wrong for those who keep a personal record or backup of checkuser findings, as long as they do not leak sensitive information improperly. As I do not this kind of record or backup in my computer, I abstain from supporting or opposing the proposal here.Jusjih 22:12, 31 October 2010 (UTC)
I do not see any value in the additional statement, especially as the general communication means between checkusers is such a record, and would be self-evident a record, whether it is used for forensic analysis or otherwise. A variation to John's statement that may be useful is the clean statement "historical records of use and abuse exist and may be used for the purposes of protecting Wikimedia sites against actual and potential disruption and abuse." billinghurst sDrewth 11:12, 1 November 2010 (UTC)
As a CheckUser with almost 2 years of experience on plwiki I personally don't like keeping logs beyond the usual span of the CheckUser data. We don't have a whole lot of long-term persistent sockpuppeting as other wikis do, so this was not necessary for me and I am a pretty active CU. The point is why I don't like this is that limited availability of the CU information is there for a reason, and this reason is still valid. CheckUsers may use information available in the CheckUser log as a hint on previous, even very old checks - sometimes it provides the needed information (i.e. old IP addresses vs. username). I don't like doing this either. Checkuser-l archives are another method of evading limited data retention period. Some persistent sockpuppeteers come often enough to compare their data with their recent sockpuppet, not with the original account (usually blocked long ago for a long time). And, if somebody is blocked for, say 2 years, and comes back silently after a year and makes no visible harm except for being a sockpuppet of the old blocked account - so be it. That's actually a problem with computers - people do forget old stuff and relations have a chance to improve over time, computers usually don't. I agree that this is an issue for some wikis (especially enwiki) but this should be addressed in the original data retention policy. Maybe the data retention period should be longer on enwiki? I am pretty comfortable with a fact that after 2 or 3 years sockpupeteering goes forgotten. It's bad editing that we should go after, and not sockpuppets. Blocking socks is just an additional method to keep block enforceable. But of course this is a problem for users blocked forever, and we have very few of them on plwiki.  « Saper // @talk »  20:16, 6 March 2011 (UTC)

Random user checks

Due to massive sockpuppeting in the hebrew wikipedia, it was suggested by a user that the community should allow the local checkusers to do random IP checks for users, even if no evidence for sockpuppeting is present, in order to prevent future sockpuppeting. Is such a suggestion consistent with the global checkuser policy? לירן 11:41, 5 March 2011 (UTC)

Hi לירן, according to the policy "there must be a valid reason to check a user". This means that every check should be individually motivated and justified by some observed behaviour of that user, and that imho is not compatible with doing random checks. Regards, --Sir48 12:20, 5 March 2011 (UTC)
The policy states: "There must be a valid reason to check a user." So, in my opinion, random checks is not allowed as it violates the policy. Usually, CU is not used for fishing. Pmlineditor (t · c · l) 12:59, 5 March 2011 (UTC)
Random user checks are not permitted, abuse could result in action, certainly I'd consider removing checkuser from someone who was using it so abusively after being asked to stop, and then refer to case to the locals or ombudsman if privacy policy violations had also occurred. Also, do keep in mind it would violate Fishing CheckUser is not for fishing. As Sir48 has said, each use of checkuser must be able to be justified on its own merits. If hewiki needs help in how to do checks on known socker's and their ranges that's one thing, and we'd all be willing to help (there are tips and tricks that can be used instead), but random checks without a good justification would be bad. Remember that CUs should be done to back up other evidence, not to look for prima facie evidence on its own. fr33kman 13:30, 5 March 2011 (UTC)
it is done in meta. for whatever reason meta finds it valid to check users who voted, such should be the case in the hebrew wikipedia: random checks of users who used the voting privilages. 18:19, 5 March 2011 (UTC)
Could you please clarify? Not all of us can read Hebrew, so we can't really understand the link to pointed to. Regards, Pmlineditor (t · c · l) 18:26, 5 March 2011 (UTC)
I think he meant to refer to this link: [2]/ אני ואתה 15:42, 6 March 2011 (UTC)
indeed. my mistake. my point is that making sure no puppets are used in out official voted is a "valid reason to check a user" -- just like it is done here. do you not agree? 20:46, 6 March 2011 (UTC)

Added schools and businesses ...

as acceptable circumstances of cases where release of information may be allowed. Schools and businesses can validly be seen as ISPs for their users and are usually responsible in some fashion for the use of their networks. Revert or discuss if disageee. :) fr33kman 14:17, 5 March 2011 (UTC)

As this pertains to any owner of the network address block (and this can be virtually any entity), I have copied over the actual wording from the 2008 privacy policy, which IMHO addresses this problem better, listing ISPs only as example.  « Saper // @talk »  20:24, 6 March 2011 (UTC)
Makes better sense!Cheers :) fr33kman 20:47, 6 March 2011 (UTC)

Removal for inactivity 2

Any user account with CheckUser status that is inactive for more than a year will have their CheckUser access removed.

I find this statement very incomplete. When a user account is considered inactive? No checks in a year? No activity in a year? No checks and no activity in a year? etc.

I already requested clarification from the Board, however one of its members have told me that this policy is not governed by them so I'm putting this here for consideration.

Personally I've always interpreted that paragraph in this way: no edits and no checks (both) in a full year.

Comments welcome as well other proposals.

Regards, -- Dferg ☎ talk 14:31, 6 March 2011 (UTC)

On plwiki we interpret this as no checks only. I have requested one just a moment ago, as this was with the previous request, although the user had some edits during the preceding year (contributions). The older case the user was inactive as CU for 1 year and 3 months and didn't edit for the last 3 months. All of those users are still with us again (after some periods of inactivity perhaps). Our community somehow got used to a very quick response from checkusers (it's usually almost immediate), and it seems like there is quite a bit of disconcern when one request recently need to wait for a week. We are thinking about electing one or two more CheckUsers but growing number of CheckUsers beyond 7-8 for the wiki of this size might seem an overkill. This is a very special area of work and it's very different from editing or even typical sysop tasks. Losing interest in this kind of work doesn't have to impact other activities - in fact, some inactive CheckUsers seem to be quite busy editors. For now, I think no checks only policy is enough for us, but I would like to hear about more experience in other wikis, especially larger or smaller than us. Speaking for myself only, during extremely real-life busy times (like organizing last year's Wikimania) I reduced my Wiki activity almost exclusively to CheckUsers tasks, but others mileage may vary.  « Saper // @talk »  19:45, 6 March 2011 (UTC)
I've always read it as "inactive as a checkuser", but found the policy to be incomplete. The last time I found a user that was inactive as a checkuser, I asked him to resign himself, so that we didn't need to clarify it because of his case... Laaknor 19:51, 6 March 2011 (UTC)
I too have interpreted this as inactive with their functionary (CheckUser or oversight) permissions. Certainly on enwiki the Arbitration Committee has occasionally removed active editors who were inactive with their functionary rights. PeterSymonds 20:07, 6 March 2011 (UTC)
Having said above, however, enforcing this policy among users makes them upset, which is not a good thing.  « Saper // @talk »  23:20, 6 March 2011 (UTC)
There are certain expectations for activity at en.wikibooks, where one year of inactivity will result in desysopping. While this thread discusses CheckUsers, at en.wikibooks they are tied to each other. Local policies require CheckUsers to be administrators first. Part of the definition of inactivity as it applies to administrators is the use of administrative tools. I quote: "Administrators who are not using privileges, those privileges provided by the community due to the user's knowledge and activity, do not need to continue having them. Administrators do not have a 'lifetime membership' and are expected to continually use their tools for the good of the community." As a local bureaucrat, I then interpret that to extend to CheckUsers in the same manner; namely, if they are not using the tools for a year, they face removal of the tools just as an admin would. – Adrignola talk 23:22, 6 March 2011 (UTC)
My question is what are is trying to be achieved with a clarification of the rule? Are you wanting a hard and fast rule to make it easier to enforce, or because you think that people are not pulling their weight, or that there are people disappearing and we have a security hole because of it? Let us set the context and that allows a simple rule, that enables governance with good guidelines and principles. At this point in time I like the rule as it is, and feel that there needs to be the flexibility of the enforcement, and stewards and/or communities can act as the overarching governance.
Issues that I see are
  • Difference in activities between sites. A larger site may remove for inactivity as a checkuser for non-use of the tool, though smaller sites may not have the necessity, and we surely do not want to be encouraging activity in CheckUser tool solely to remain compliant to a use-based rule.
  • Requirement for a minimum of two checkusers. If sites have the minimum of two, and remove one then you have removed that wikis capacity. So if you are going to enforce such a rule the implications where one may do checkuse, and the other does audit, then we have issues.
  • Existing definitions of inactivity and confirmations. Some sites (like enWS which I represent) have confirmation discussions (at enWS that is annually). I would see that such a community conversation should be sufficient to continue the endorsement of retention of a tool whether the tool is being used or not, especially if they already have a consideration for what is inactive (enWS inactive)
Possible solution. Request communities to explicitly set their definition of inactivity, and where they do not set their definition then a model WMF definition applies. If a community set definition seems that seems excessive, then let us have that discussion. So in practice this could be (made-up examples only) inactivity equals
  • WMF default (for stewards to apply) is no use of admin tools (easy to check)
  • enWP community decision is no use of checkuser tools
  • enWS community decision is based upon passing administrator confirmation where there is already a definition of activity.
So this gives a governing and achievable framework for stewards, and allows communities where there is the activity and the support to define their (in)activity criteria. To what a WMF model would be, let the stewards decide and tell the community, and let us not have a bunfight to determine. If a particular community doesn't like it, they have the opportunity to set theirs and not rely on the default. billinghurst sDrewth 01:24, 7 March 2011 (UTC)

Why isn't this up to the projects that have checkusers? I know EnWiki ArbCom is actively discussing this now. -- Avi 02:15, 7 March 2011 (UTC)

indeed, big enough to have CUs, big enough to have a policy :) fr33kman 02:47, 7 March 2011 (UTC)
Persian Wikipedia doesn't have a policy specifically for Checkusers, but the existing policy (which was created to deal with inactive sysops) considers one year of "no edits" as the requirement for removal of access. Huji 04:51, 7 March 2011 (UTC)
Since inactive CU usually ask on meta to remove a flag on their own, we never had a so long time of inactivity, --DR 07:10, 7 March 2011 (UTC)

To clarify, stewards are supposed to implement community consensus on projects too small to have local "functionaries" as it were; subject to wikimedia foundation guidelines (foundation trumps local wiki, obviously). If the wikimedia foundation or global community has agreed to certain preconditions to various bits (minimum of 2 per project, must be identified and over 18, etc.) we must enforce that. Other than that, as freekman put it, if a community is large enough to have these kinds of editors, it is large enough to control the access (subject to adherence to foundation requirements, which is a precondition to each and every project's existence). -- Avi 11:51, 7 March 2011 (UTC)

I have a very simple view on this and related issues. If you are not active why the hell do you need these (or other tools). They are not badges of office, they are tools to be used. If you are not using them to help the community you do not need them. --Herby talk thyme 17:08, 8 March 2011 (UTC)

It should not be forgotten that "orphaned accounts" also pose a risk to the projects. A lot has been written about this issue - some examples are:
--Sir48 23:21, 8 March 2011 (UTC)

Section on privacy policy

The italized sentences about release of information in the section on Privacy policy differs somewhat from the stipulations in the Privacy police approved by the board in October 2008. Although the section links there, the wording is probably left over from some earlier version and ought to be updated and identical. Rgds --Sir48 17:28, 6 March 2011 (UTC)

I have boldly copied point 5 about the information release to ISPs from the current WMF policy, see also above. This is because it is just a better wording, since we are releasing information to the owners of allocated IP address blocks, irrelevant who they are (ISPs, education, government, private persons, whatever). What's left is an interesting issue of point 3. The current version of CheckUser policy says:

data (...) may be released by the system administrators or users with CheckUser access (...) 3. To the chair of Wikimedia Foundation, his legal counsel, or his designee, when necessary for investigation of abuse complaints;

, while the newer WMF Privacy Policy says

data (...) may be released by Wikimedia volunteers or staff (..) 3. When necessary for investigation of abuse complaints,

It looks like the board has decided that privacy policy should be about relations of the Foundation (as the data owner) vs. the external world, and checkusers (or people with OTRS access etc.) are treated as Foundation agents of some kind (with regards to this policy of course). This makes and Foundation employee equally empowered to access or request data from the checkusers. I am not going to discuss this issue whether it's good or not. But CheckUser policy, as it affects primarily Wikimedia volunteers, might be more specific in clarifying relations between Foundation and the CheckUsers. I think it is okay to limit number of people who can talk to CheckUsers and that CUs should know exactly who might talk to them in the name of the Foundation. This limits the possibility of some social engineering or plain abuse. I think that this will be very limited, as the Foundation might actually obtain all data internally, but I imagine that Foundation employees might need to work together with local checkusers in cases of dealing with some abuse complaints or court cases outside of the United States, where knowledge of the local community/policies/languages/law might be necessary and even hiring local lawyers by the Foundation might not always fully resolve the issue. My current suggestion would be to copy the WMF policy verbatim (as this is supposed to be an actual quote), but we might consider adding additional provision to clearly appoint people that might contact volunteers with requests. This can be Foundation CEO or legal counsel, designated DMCA agents, but for example, it should be none of the Trustees or Foundation contractors.  « Saper // @talk »  20:56, 6 March 2011 (UTC)

I find that point 3 should also be copied. It covers other potential situations than interaction between Foundation staff and CUs. If additions regarding CU are needed, they should be described - and discussed - separately from the citation. Rgds --Sir48 22:45, 6 March 2011 (UTC)

Yes check.svg Done, copied verbatim the whole paragraph again.  « Saper // talk »  20:55, 12 March 2011 (UTC)

Unblock id

kindly view the history of Omer123hussain, for my every edit i took responciblity and discussed it by my own id, i never used any false id's to support my edits to work on WP. I understand, when i discussed with my friends about my work on WP, may be any of them might have created account and try to support my work/ or may be someone delibrately created the account to prove it my false id and stop me from working. but its not true that i used other (false) accounts to support my edit. for my every edit since begning i used my own id, though i am only one month new on WP, i did my best to follow WP standards, what ever i was adviced by the administrators and senior regular editors i followed those WP policies. though i agree may be some time i did mistakes un-intentionaly, but i never used any false id to support my work. Kindly unblock my id. Kindly advice? -- 04:16, 15 May 2011 (UTC)

Page could do with some archiving

It may be worthwhile having a level of (slow) automated archiving. It would seem that 2008 conversations would be well to be but to bed. (my opinion only) billinghurst sDrewth 01:32, 7 March 2011 (UTC)

Well, I actually read almost thewhole page today, since the issue of "user inactivity", adjusting policy to 2008 privacy policy changes as well as issues pertaining checkuser appointment on English Wikipedia are still relevant....  « Saper // @talk »  03:11, 7 March 2011 (UTC)
I've cleaned up the heading code (subpage created) and ordered MiszaBot to archive threads older than 60 days in the the new /Archive 4 subpage. Max. size of the archives: 100K. Thanks. —Marco Aurelio (Nihil Prius Fide) 12:19, 29 December 2011 (UTC)

Request for Checkuser at Wikiquote

There is an ongoing Request for Checkuser permissions, at Wikiquote. Those interested in the processes at the Wikiquote project, please see q:Wikiquote:Request for Checkuser and Bureaucrat/BD2412. Thank you for your time, -- Cirt (talk) 17:06, 27 May 2011 (UTC)

Moved to 2 pages, now at q:Wikiquote:Requests for checkuser/BD2412 and q:Wikiquote:Request for bureaucrat/BD2412. -- Cirt (talk) 18:21, 27 May 2011 (UTC)

Stewards and local checkusers

A local checkuser check my IP wrongly. I sent e-mail to all local checkusers. But they have not been receiving an answer for three weeks. Two of them is inactive. Stewards cannot check on projects with local checkusers. Ombudsman Communission only deals with privacy policy violations. So, how can a user prove his or her innocence? I think stewards should recheck a finished checkuser request. And they should check by user's own request. Duke ϡ»» message ^^ 22:59, 28 December 2011 (UTC)

The only way that would happen is if the local CheckUsers specifically requested stewards to perform the check. In the absence of this, stewards cannot intervene. Generally, the CheckUser tool isn't used to prove one's innocence anyway, because you can't really prove anything with technical evidence. It is only what it is. PeterSymonds (talk) 23:01, 28 December 2011 (UTC)
I know. Really thank you. But it does not help. I think the policy should reconsider. If someone (not me) was deliberately blamed, nobody can do anything. Because policy is deficient. Duke ϡ»» message ^^ 23:15, 28 December 2011 (UTC)
We have your comment about a situation, and no knowledge of the incident that you say has occurred, nor the wiki to even know what checkuser approach is in play (such we have to respond generically). Are you saying that the CU was using it outside of the reason "The tool is to be used to fight vandalism …", or are you saying that the CU used it "to get control over you and your edits", or are you saying that they did a check and have misinterpreted the results"? I presume that you are not saying that they are breaching privacy provisions. To note that it is December and that is typically a quieter period for wiki activity, and one where there are many calls on people's time. billinghurst sDrewth 10:17, 29 December 2011 (UTC)
For general info see here and regarding the inactivity pointed by Koc61, here. Thanks. —Marco Aurelio (Nihil Prius Fide) 11:53, 29 December 2011 (UTC)

Why can't stewards be allowed to do local checks on wikis with local CheckUsers or be local CheckUsers themselves?

I don't see a valid reason for either of these, especially the latter. A steward knowing that a user on a busy wiki like Commons is a long-term vandal that needs to be stopped immediately should not have to wait as long as many hours for local CheckUsers to check. Nor should a steward have to wait if the community has consensus for him/her to be a local CheckUser.--Jasper Deng (talk) 22:07, 4 May 2012 (UTC)

Of course stewards can be local checkusers, and many of them are. And stewards are permitted to do local checks by policy if it's an emergency or a crosswiki case. Jafeluv (talk) 23:00, 4 May 2012 (UTC)
It's for local and urgent cases (that are not necessarily emergencies). The following quote is what I'm talking about when I said stewards can't be local CheckUsers:

The community must approve local, non-steward, CheckUsers per consensus. The user requesting CheckUser status must request it within his local community and advertise this request properly (village pump, mailing list when available, ...). The editor must be familiar with the privacy policy. After gaining consensus (at least 70%-80% in pro/con voting or the highest number of votes in multiple choice elections) in his local community, and with at least 25-30 editors' approval, the user should list himself under Steward requests/Permissions with a link to the page with the community's decision.

If an insufficient number of voters vote for at least two CheckUsers on a wiki, there will be no CheckUser on that wiki. Editors will have to ask a Steward to check if UserX is a sockpuppet of UserY. To do so, simply add your request to Steward requests/Checkuser listing these users and explaining why you ask for such a check (with links). You also need a community consensus (like above). The Steward will answer you if these two users are from the same IP, same proxy, same network, same country, or are they completely unrelated (see discussion for what the Steward should more precisely say to the editor).

The boldened part probably means that stewards don't count for those purposes, but I take it to mean that stewards can't be local CheckUsers.--Jasper Deng (talk) 00:46, 5 May 2012 (UTC)
That part means the community should appoint local checkusers that are not acting as a part of their steward duty. Users who are stewards can still be local checkusers. Normally when a steward makes themselves CU, they are performing their steward duty. Bencmq (talk) 01:35, 5 May 2012 (UTC)
Let's clarify that then.--Jasper Deng (talk) 01:38, 5 May 2012 (UTC)

Causes problems on

On, we're trying to make some local CheckUsers. However, because this wiki is spammed frequently, we do not often have enough !voters to rapidly approve stewards, and the person who wants it only needs it for development purposes, this is frustrating to us.--Jasper Deng (talk) 19:46, 5 May 2012 (UTC)

Hi. This policy does not require stewards to be approved there. Stewards can go and check without being voted because we always use the temporary access and once we are done we remove ourselves the permission. However if we or any user wants the flag to be permanent they need to pass an RfCU. —Marco Aurelio (audiencia) 15:20, 6 May 2012 (UTC)

Idea for new Extension

I think Wikipedia needs a new Extension, similar to Extension:CheckUser, but allow more people, like admins, to quickly check if they suspect two users are the same person. This would be a first step prior to kicking off a full investigation, and might help find more sock puppets.

The extension would compare the last "N" number of IP addresses of TWO named users, then report whether any IP addresses match. The extension would NOT accept an IP address NOR report any IP addresses in its output. The extension would optionally log (so you can determine if people are abusing it): person performing the search, date/time stamp of the search, two named users, output of search. The default "N" number and IP mask should be determined by someone at implementation time and allow override by a PHP variable.

Input Screen Fields
  • Name of 1st User
  • Name of 2nd User
Output Examples
  • 5 of 10 IP addresses match between user "FIRST" and "SECOND".
  • 10 of 10 IP addresses match between user "FIRST" and "SECOND" with IP mask of

Sbmeirow (talk) 10:10, 26 May 2012 (UTC)

A match of an IP address does not mean that users are the same. Conversely the different IP addresses do not mean that the users are different. Ruslik (talk) 14:30, 26 May 2012 (UTC)
Plus, proxies could be used. It would not be very useful in my opinion.--Jasper Deng (talk) 19:20, 26 May 2012 (UTC)

Inactivity beyond one year

The following discussion is closed: Please see Talk:Oversight policy#Inactivity beyond one year instead.

If the account owner denotes that they will be inactive for a longer (but finite and predetermined) period of time they should be exempt from a demotion provided the wiki has two or more other CheckUsers. This is particularly a problem for people whom needs to be away form the site for a variety of reasons including draft, illness and other such real-world reasons. Users access can be removed until return date where they would need to verify their identity. -- とある白い猫 chi? 19:50, 1 June 2012 (UTC)

That is clearly not allowed under the policy. Nothing stops them from reapplying on their return. As for the "should", no they should not. There's plenty of valid reasons to be away from the site, and nobody would dispute that; but that makes them inactive. Inactive users should not have access to advanced and sensitive userrights. It should be removed as provided by policy, and they're free to reapply at any time. I'm sure if they were entrusted with it two years before, they would be entrusted with it two years later. Snowolf How can I help? 19:55, 1 June 2012 (UTC)

Reactivation of checkuser in a wiki

If Checkuser is deactivated in a wiki and has been done in metha wiki, can it be reactivated again without a new consensus? --Sicaspi (talk) 01:49, 28 August 2012 (UTC)

Depends. The question is why they were removed. Also note that there must be at least two checkusers on a local project. If one was removed because the other stepped down, then we can just give back the right when there is a second one. But as said, it always depends. -Barras talk 07:58, 28 August 2012 (UTC)

"Founder" CU(s)

JW is listed under the subsubsubheading "Founder" for the English Wikipedia. That terse title leaves ambiguous whether the implication is "Ex-officio as 'founder'", or "Appointed by self". The rights log comment for the most recent CU grant to self implies the latter, especially as it states that it's for a particular, temporary purpose. That this happened five years ago, and hasn't been reset since, might be read as leaning more towards the former. 04:36, 11 February 2013 (UTC)

Take it to enWP. No point stirring here. — billinghurst sDrewth 04:47, 11 February 2013 (UTC)
I use CU on a regular basis and I'm likely to need to use it across all projects from time to time.--Jimbo Wales (talk) 14:07, 11 February 2013 (UTC)
The consensus about the founder's flag, as far as I remember, was that it retains all passive rights of a steward (that is reading, checking, looking beyond oversight, etc.), while not the active ones. Checkuser is clearly a passive tool of this sort, and stewards use it the same way (whenever needed, grant themselves the CU rights, use them, and remove them), they do not hold CU on many projects as regular checkusers do. So I don't see what's the issue here (unless the whole comment is aimed at stripping the founder flag from passive insight as well). Pundit (talk) 14:29, 11 February 2013 (UTC)

Claims of CheckUser abuse

The following discussion is closed. Please do not modify it. Subsequent comments should be made in a new section.

Is it possible to get an independent investigation about use of CU? Serious claims about CU used as a tool to get rid of one of the former leaders of Wikimedia Norge (Norwegian chapter of Wikimedia) is circulating at discussions board at Wikipedia in Norwegian (bokmål) [3]. Both the former leader, in a private mail, and a former VP for Wikimedia Norge at the discussion board, have made clear statements about claims of abuse. According to one of the users with CU access, three of the holders of CU access at Wikipedia in Norwegian (bokmål) was agree about the CU. It is claimed to have been according to CU policies at the Norwegian wiki, but it may be violating the general Check User policy as stated here, and the privacy policies and the Privacy Policies presentet at Wikimedia Foundation (

While difficult to prove, it appears the current VP at Wikimedia Norge is involved in the CU request somehow. The current VP have a long record conflict with the former leader at wikipedia Norge. The conclusion of the CU was, she had two accounts. It was though no proofs of illegal use of those accounts, like voting double or supporting own claims. Regardless the outcome of a discussion whether she have broken any policies, it appears the CU was made on a way to thin basis according to the policy.

I doubt it will be possible to get a consensus at the Norwegian wiki for investigating. Way to many of the most active users are involved in Wikimedia Norge's current activities. If this is the wrong place for asking for an investigation, please let me know. Grrahnbahr (talk) 17:01, 2 March 2014 (UTC)

The Ombudsman Commission deals with CU/OS misuse complaints, I'd recommend privately contacting them. Ajraddatz (Talk) 17:08, 2 March 2014 (UTC)
We will investigate. On behalf of the Ombudsman Commission,
--Stryn (talk) 17:12, 2 March 2014 (UTC)
Thank you. If more information is needed, please send me a private message, and I'll share what I have. Grrahnbahr (talk) 17:58, 2 March 2014 (UTC)
Dear Grrahnbahr,
We have investigated and have answered the original complainer. We can add that we did not find any violation of the WMF rules and policies.
For the Ombudsmen Commission,
Huji (talk) 02:51, 7 March 2014 (UTC)
I can't say I'm not surprised. Thank you anyway for investigated the case. Grrahnbahr (talk) 01:58, 11 March 2014 (UTC)
To my knowledge none is contacted about this and the OTRS request (Ticket#2014021710019366) is still unanswered. — Jeblad 09:02, 11 March 2014 (UTC)
May I ask who the original complainer should be? As far as I can see, I am the only one who fits a description of an original complainer in a strict interpretation of the expression, while User:Jeblad, who first brought up the case at Tinget, could may be considered as well if using a broader interpretation (the first one afaik to bring it up at a serious level at Tinget). Since the involved users critical to the use of CU, is not been asked for their opinion in the case, and it is not asked for more information regarding details, I do questioning in a friendly manner whether the investigation is neutral and thoroughly. Grrahnbahr (talk) 16:03, 11 March 2014 (UTC)
Grranbahr: This issue was brought to us by another member of the community; the Commission has already investigated this case and reached its conclusions (as I indicated above).
The contact information for the Ombudsman Commission is listed here. OC does not have access to the OTRS by default, so if that ticket is pertinent to privacy issues, please submit a detailed request to the OC". Huji (talk) 20:14, 12 March 2014 (UTC)
I can confirm Huji's statement that another no-wikipedia-user (not me) already had registered a complaint with the OC when yours came, Grrahnbahr. BR Noorse (talk) 07:43, 13 March 2014 (UTC)
Sorry but none of the involved persons have been informed, so I would say that this check is not done. — Jeblad 00:35, 13 March 2014 (UTC)
@Tiptoety: Can you please see which queue owns Ticket:2014021710019366 and transfer it to a member of the OC who can respond.  — billinghurst sDrewth 02:12, 13 March 2014 (UTC)
I have taken care of this. Best, Tiptoety talk 02:31, 13 March 2014 (UTC)

Continued conversation of an active situation doesn't belong here on the talk page of the policy. We can transfer the whole slab of text to Talk:Ombudsman commission, or it can be taken off-line as suggested, if the conversation needs to continue.  — billinghurst sDrewth 02:06, 13 March 2014 (UTC)

I would like to add myself to the list of peoples that wants to know what is going on about this matter, as I was one of the people a high profile admin on nowiki made some claims about, and as those claims is what at least one of the people involved in the CU used as a reason for running the checks. Thanks for the understanding and forwarding the info to me. — Jeblad 00:43, 19 March 2014 (UTC)
@Jeblad: then contact the Ombudsman Commission. Posting on a policy talk page is not going to get the right privacy, nor is appropriate for notification.  — billinghurst sDrewth 16:07, 19 March 2014 (UTC)

It is clearly said that the page is policy, yet it is not clear what is the scope of this policy. Is it only for meta? Is it for some of the projects? Is it for all WMF projects? If it is not for all the projects, then it should be clearly said why some projetcs can violate the policy.

The scope is somewhat identified by "The tool is to be used to fight vandalism, to check for sockpuppet abuse, and to limit disruption of the project. It must be used only to prevent damage to any of Wikimedia projects." To me that identifies three roles where use is accepted; vandalism, sock puppet abuse, and disruption. Then it goes on to say "any of the Wikimedia projects". That means that any projects that are in violation of this must update their policy to reflect this.

Later on the policy says "The tool should not be used for political control; to apply pressure on editors; or as a threat against another editor in a content dispute. There must be a valid reason to check a user. Note that alternative accounts are not forbidden, so long as they are not used in violation of the policies (for example, to double-vote or to increase the apparent support for any given position)." In short that it should not be used for control, pressure or threat, and that "alternative accounts are not forbidden". Use of the tool for such purposes are in violation of the policy.

Due to this I find it very strange that CU is used on nowiki for these purposes, which is clearly in breach of the policy. It is used for applying control, pressure and threats, on users that has alternate accounts but without vandalism, abuse or disruption. And when complaints are rised there are no CU abuse? Sorry but I don't understand this. How can this be? What is so special at nowiki that such abuse is accepted? Is this a Wikimedia-wide policy or not? If not then it should be rewritten or even deleted altogether. — Jeblad 13:37, 22 March 2014 (UTC)

... and? Your two options here are to discuss this with the Ombudsman Commission, WMF, or the Wikimedia Board of Trustees, or follow local procedures for removal of a CheckUser, should the community no longer trust them. Writing long blocks of text on this page will not resolve the issues. --Rschen7754 08:06, 23 March 2014 (UTC)
Either this page is the current policy and it governs all projects or it is not. According to the present precedent it is not a project-wide policy and should be rewritten. — Jeblad 00:34, 24 March 2014 (UTC)

That's enough. You have been told repeatedly where you can raise these concerns, and you insist on bringing them to the wrong venue, where nobody can do anything about them. Therefore, I am closing this thread. --Rschen7754 00:37, 24 March 2014 (UTC)

The above discussion is preserved as an archive. Please do not modify it. Subsequent comments should be made in a new section.

Small clarification

I submit that this checkuser policy should not say "Stewards - upon request" unless they only have that right upon request, which does not seem to be the case. Rather, it should say "Stewards" or better yet "Stewards" plus something that's accurate - e.g. that stewards self-grant local checkuser access on meta only for a brief time, because that maximizes transparency. See ENWP discussion --Elvey (talk) 21:59, 27 May 2014 (UTC)


Hi. According to this policy it is possible to lose flag because inactivity. However, in es:WP there is some CU inactives and they didn´t loose them. An admin told me than "is not clear what it means "inactive" according to this policy". So I ask: what "inactive" exactly means? Thanks. --Ganímedes (talk) 09:13, 11 November 2014 (UTC)

Basic editing would be my understanding of inactive, though there are other measures that would be looked at to making a determination, eg. they may be running CU checks or undertaking actions that are not editing, so a common explanation of activity should be interpreted for the purposes of alerting your community. If you have concerns over actvity of esWP checkusers then please bring it to the notice of your admins/crats/CUs and they can do the leg work and notify stewards accordingly. Having two or more checkusers should allow for them to monitor each other.  — billinghurst sDrewth 11:52, 11 November 2014 (UTC)
Basically you're saying that someone could be CU indefinetely only doing edits, no matter he didn´t check nothing in several years. Is that correct? --Ganímedes (talk) 17:48, 12 November 2014 (UTC)
No, the CU policy isn't clear regarding inactivity - so he advices you to go back to the community. You could, for example, begin a de-RfCU there. Though I agree the policy should be clarified soon about this point. It was set up when we didn't have that many CUs and it's not yet up to date anymore. We should have some clarification; maybe I'll set up a RFC about it soon. Maybe this answer helps? With regards, Trijnsteltalk 18:24, 12 November 2014 (UTC)
I am indicating that there are many measures of inactivity and numbers of them can be used. There are a number of means to investigate, however, the first in this case would be from within the community, and allow the discussion to take place. CU checks should only be undertaken when they are needed, not as a means to retain the tool. As multiple CUs are needed within a community to retain the right, you may find that one is more active and undertakes more/first checks, and the others act as review, they may participate in discussions about the data (which is confidential and can only be shared by those with the right). So, I am saying we can measure "inactive" in numbers of ways, and this becomes a discussion, not solely regarded as a specific measure. In the end, they are appointed by the community, and can be removed by the community, and you can all suggest in a mature discussion the means forward.  — billinghurst sDrewth 00:57, 13 November 2014 (UTC)
(In my opinion we have to use edit count. We should not encourage looking at private information without good reason; CheckUsers should not lose rights just because not enough requests for checks have been done).--Jasper Deng (talk) 18:58, 12 November 2014 (UTC)
And what if someone has been a CU for years, without having performed even 1 CU while they still edit regularly? (And yes, I know this happens.) Trijnsteltalk 19:12, 12 November 2014 (UTC)
As long as they don't abuse it, though being unresponsive to valid CU requests would be a separate problem in and of itself.--Jasper Deng (talk) 23:26, 12 November 2014 (UTC)
It depends on the wiki, really. Some enwiki arbs never CU, but they are expected to hold it, whereas there are CUs on other wikis (I can think of two right now) who show up and make 4 edits a year to their userspace and then leave for the next year. --Rschen7754 02:30, 13 November 2014 (UTC)
If those communities are comfortable with that as a display of activity, then I am not really certain that others can do or say much, it is activity. One could still call less than a handful of edits as inactive for a person in that role. Still the issue is about any harm from action or inaction, and each community's needs.  — billinghurst sDrewth 05:21, 13 November 2014 (UTC)
Well, they still retain access to private information, including a subscription to checkuser-l, and the CU wiki, so I'm not entirely sure that a completely detached approach is a good idea. --Rschen7754 06:06, 13 November 2014 (UTC)
Also: I think that maybe the policy should be changed to 6 months inactive, and keep it as no logged actions/no edits - it would catch most of the CUs who are completely tuned out from Wikimedia. --Rschen7754 04:18, 13 November 2014 (UTC)
How about inactivity as "12 (or 6 as Rschen7754 proposed above) months with no edits, no publicly-viewable logged actions, no formal community approval with the same consensus level and procedure as in appointment"? I expect monitoring-only CUs would have no problem with fulfilling the last condition (ArbCom approval or a new election), when needed. Also, it might be a good idea to make it explicit that this is a minimum standard for necessary activity levels, and that local communities may have a stricter policy on inactivity than this. whym (talk) 13:53, 16 November 2014 (UTC)

This topic has been raised at least two times before: 1, 2. My preference is to understand activity widely, not limited just to CU; otherwise we will force users to make use of the CU tool just to keep the right, which would be contrary to the spirit of this policy, as CU should be a tool of last resort (I agree with Jasper Deng above). However I'd support a clarification and probably a whole update to this policy for which I support Trijnstel's idea to open a RFC. Best regards. — M 15:55, 16 November 2014 (UTC)

It's unpleasant and uncomfortable force someone to use the tool, yes, but in the other hand this is not a flag like rest; it gives access to private information and should be carefully handle, I think. Thanks for interest. --Ganímedes (talk) 18:18, 21 November 2014 (UTC)
@Ganímedes: your enquiry was raised among checkusers and stewards, and there is some discussion about your concerns. There is a range of views, though my personal feeling is that some level of reassurance from checkusers to communities about how they review activity.  — billinghurst sDrewth 05:32, 22 November 2014 (UTC)