Re: [WikiEN-l] RFCU security (was Ryulong blocked ALL accounts)

List overview All Threads
Download

newer

older

Re: [WikiEN-l] Analysis of BLP...

Comic strip commentary

Info Control

20 Apr 2007 20 Apr '07

11:10 a.m.

On 4/20/07, Info Control <infodmz(a)gmail.com> wrote:

...

On 4/20/07, Tony Sidaway <tonysidaway(a)gmail.com> wrote:

I hope the checkusers have investigated this affair for possible abusive socking).

I hope that any checkusers abusing the privacy of their peers with undocumented, out of policy, out of bounds, and wrong use of the tool would be hauled in front of ArbCom and/or desysopped/banned.

Just for the ediifcation of those who do not know, why is it there is no public record of who ran what RFCU IP check? Shouldn't people be entitled to know if their privacy was for possible undocumented searches exposed? I ask as least *one* administrator is documented to have been active on Wikitruth, and at least one former admin (Everyking) is a Wikipedia Review editor. What recourse do users in good standing have to find out if their IP information was viewed?

Show replies by date

David Gerard

20 Apr 20 Apr

11:16 a.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 20/04/07, Info Control <infodmz(a)gmail.com> wrote:

...

Because that would expose them to idiots claiming a check was itself a black mark against them. CheckUser is essentially a system administrator level function which some trusted and technically competent editors can do because it saves bugging the devs. And system administrators can and will check all and any logs they feel they need to at any time. But you know what? Without good reason, they don't tell.

...

I ask as least *one* administrator is documented to have been active on Wikitruth, and at least one former admin (Everyking) is a Wikipedia Review editor. What recourse do users in good standing have to find out if their IP information was viewed?

They don't. Having been checked doesn't violate your privacy. - d.

Anthony

11:34 a.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 4/20/07, David Gerard <dgerard(a)gmail.com> wrote:

...

On 20/04/07, Info Control <infodmz(a)gmail.com> wrote:

Because that would expose them to idiots claiming a check was itself a black mark against them.

What if the information was only given to the person being checked?

...

They don't. Having been checked doesn't violate your privacy.

Sure it does. It reveals private information to the person doing the check. Anthony

Info Control

11:59 a.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 4/20/07, Anthony <wikilegal(a)inbox.org> wrote:

...

What recourse do users in good standing have to find out if their IP information was viewed?

They don't. Having been checked doesn't violate your privacy.

Sure it does. It reveals private information to the person doing the check.

This is partially my concern. One long-standing allegation and fear that runs about is that people can do RFCU on anyone, for any reason. What legitimate reason could there be for EVER using the Check user tool beside presented evidence of sockpuppetry? A record that said: * David Gerard 01:00:00 checkuser MrEditor Would reveal nothing of any harm. If it was an inappropriate check without backing documentation it would be a black mark vs. the check user, not the editor as you suggest. ;) Having a public record of who ran what would keep the watchers honest, of course. Is that a bad thing?

Silas Snider

12:04 p.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 4/20/07, Info Control <infodmz(a)gmail.com> wrote:

...

On 4/20/07, Anthony <wikilegal(a)inbox.org> wrote:

What recourse do users in good standing have to find out if their IP information was viewed?

They don't. Having been checked doesn't violate your privacy.

Sure it does. It reveals private information to the person doing the check.

This is partially my concern. One long-standing allegation and fear that runs about is that people can do RFCU on anyone, for any reason.

Ooh! Idea! What if we were able to change the software so that users could see if they (but no one else) had been checkusered, and by whom? Sincerely, Silas Snider -- -------------------------------------------------------------------------- Silas Snider is a proud member of the Association of Wikipedians Who Dislike Making Broad Judgements About the Worthiness of a General Category of Article, and Who Are In Favor of the Deletion of Some Particularly Bad Articles, but That Doesn't Mean They are Deletionist (AWWDMBJAWGCAWAIFDSPBATDMTD) , and the Harmonious Editing Club of Wikipedia. --------------------------------------------------------------------------

Matthew Brown

1:34 p.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 4/20/07, Info Control <infodmz(a)gmail.com> wrote:

...

Having a public record of who ran what would keep the watchers honest, of course. Is that a bad thing?

Yes. It would be a violation of the checked user's privacy and probably the Foundation's privacy policy. For one thing, it would be possible in some cases to work out, by comparison with other nearby checks from the same checkuser, to work out who someone was suspected of being a sock of (very damaging if the checkuser actually cleared them of it). Also, people would draw incorrect inferences from examination of this partial data. -Matt

Tony Sidaway

5:30 p.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 4/20/07, Info Control <infodmz(a)gmail.com> wrote:

...

One long-standing allegation and fear that runs about is that people can do RFCU on anyone, for any reason.

This isn't quite true. There does have to be "a valid motive to check a user". The suspicion that multiple socks are being used to escalate a discussion into a lynch mob is a valid motive.

Info Control

5:45 p.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 4/20/07, Tony Sidaway <tonysidaway(a)gmail.com> wrote:

...

This isn't quite true. There does have to be "a valid motive to check a user". The suspicion that multiple socks are being used to escalate a discussion into a lynch mob is a valid motive.

Do you think there would be harm in disclosing the usage patterns of Checkusers? e.g., who is running them with what frequency? If yes, what harm? The positives would appear to be a level of public accountability for such a critical access. People should have a right to know if they were checkusered--if not, how else could they lodge a complaint for review of the same? Note, for example, that Slimvirgin filed a complaint with the Foundation n regard to Kelly Martin using Checkuser on her in 2006. Such recourse for users and method of notification that their information was reviewed needs to exist.

David Gerard

21 Apr 21 Apr

1:11 p.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 20/04/07, Info Control <infodmz(a)gmail.com> wrote:

...

Note, for example, that Slimvirgin filed a complaint with the Foundation n regard to Kelly Martin using Checkuser on her in 2006. Such recourse for users and method of notification that their information was reviewed needs to exist.

As I noted just a short while ago: http://meta.wikimedia.org/wiki/Ombudsman_commission They watch the watchmen. - d.

Tony Sidaway

20 Apr 20 Apr

6 p.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 4/20/07, Info Control <infodmz(a)gmail.com> wrote:

...

A record that said: * David Gerard 01:00:00 checkuser MrEditor Would reveal nothing of any harm.

Actually I think it would. I won't labour the point, though. We have an ombudsman commission which is charged with offering "...a sympathetic ear to those reporting an abuse of the Wikimedia Foundation privacy policy..." http://meta.wikimedia.org/wiki/Ombudsman_commission http://wikimediafoundation.org/wiki/Resolution:Ombudsperson_checkuser

Mark Wagner

6:08 p.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 4/20/07, Info Control <infodmz(a)gmail.com> wrote:

...

A record that said: * David Gerard 01:00:00 checkuser MrEditor Would reveal nothing of any harm.

No, but a record that said * David Gerard 01:00:00 checkuser MrEditor * David Gerard 01:01:24 checkuser 192.168.23.6 * David Gerard 01:02:15 checkuser 192.168.23.57 * David Gerard 01:02:58 checkuser Willy on Wheels would indicate that he probably edits from the 192.168.23.0 IP range, and that he's suspected of being a reincarnation of Willy on Wheels. -- Mark [[User:Carnildo]]

Ron Ritzman

21 Apr 21 Apr

8:43 a.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 4/20/07, Info Control <infodmz(a)gmail.com> wrote:

...

What legitimate reason could there be for EVER using the Check user tool beside presented evidence of sockpuppetry?

I can think of one. That supposedly "retired" admin who recently deleted the main page and blocked a whole bunch of account including Jimbo, a checkuser could possibly be used to tell if his account had been hacked into or if he himself just went bat shit crazy.

David Gerard

9:04 a.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 21/04/07, Ron Ritzman <ritzman(a)gmail.com> wrote:

...

On 4/20/07, Info Control <infodmz(a)gmail.com> wrote:

...

> What legitimate reason could there be for EVER using the Check user tool > beside presented evidence of sockpuppetry?

...

Vandal/troll accounts are frequently checked. It's helped root out many nests of 0wnz0r3d server boxes, for instance, or to establish that a given vandal is an already-known problem vandal. Being checked is not a privacy violation unless and until information is revealed in a way that's a privacy violation. Wikipedia is not an anonymising service, and anyone who thinks it can or should be treated as one is simply being foolish. - d.

Andrew Gray

20 Apr 20 Apr

1:39 p.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 20/04/07, Info Control <infodmz(a)gmail.com> wrote:

...

On 4/20/07, Info Control <infodmz(a)gmail.com> wrote: > > On 4/20/07, Tony Sidaway <tonysidaway(a)gmail.com> wrote: > > > > I hope the checkusers have > > investigated this affair for possible abusive socking). > > I hope that any checkusers abusing the privacy of their peers with > undocumented, out of policy, out of bounds, and wrong use of the tool would > be hauled in front of ArbCom and/or desysopped/banned.

As an aside, this could have been an entirely legitimate point to do such a check. Half a dozen editors all editing on the same topic, with no previous histories, arguing on the same side, and with interestingly correlated edit times. Not to find out who the editors "behind it" were, but to find out if there were in fact six seperate editors - or just one troublemaker trying to play silly buggers. Because if it *is* the latter - and it appears possible - then it is a very bad thing; it's someone wilfully and maliciously trolling and trying to screw the consensus their way.

...

Your privacy is exposed when the data is announced publicly. It is not exposed by internal, secure, unpublished checks; indeed, it can be argued that exposing the logs of who checked what is going to reveal the private data indirectly.

...

I ask as least *one* administrator is documented to have been active on Wikitruth, and at least one former admin (Everyking) is a Wikipedia Review editor.

This is relevant why? Those people never had access to IP data. -- - Andrew Gray andrew.gray(a)dunelm.org.uk

Matthew Brown

3:22 p.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 4/20/07, Andrew Gray <shimgray(a)gmail.com> wrote:

...

I ask as least *one* administrator is documented to have been active on Wikitruth, and at least one former admin (Everyking) is a Wikipedia Review editor.

This is relevant why? Those people never had access to IP data.

Checkusers, in fact, have to identify themselves to the Foundation and must agree to follow the Foundation's privacy policy. There's a good reason why standard adminship doesn't come with the Checkuser feature. -Matt

MacGyverMagic/Mgm

4:11 p.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 4/20/07, Matthew Brown <morven(a)gmail.com> wrote:

...

On 4/20/07, Andrew Gray <shimgray(a)gmail.com> wrote:

> I ask as least *one* administrator is documented to have been active

> Wikitruth, and at least one former admin (Everyking) is a Wikipedia

Review

editor.

This is relevant why? Those people never had access to IP data.

Yes and that's exactly why such things aren't published -- to protect your privacy. Mgm

Info Control

4:24 p.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 4/20/07, MacGyverMagic/Mgm <macgyvermagic(a)gmail.com> wrote:

...

Yes and that's exactly why such things aren't published -- to protect your privacy.

I am (obviously) all for privacy, but my concern is that at least once the Foundation has been deceived quite heavily about the identity of at least one Checkuser level person. Also, publishing some form of released information would be of tremendous assurance. Perhaps it ought to be disclosed then, when a person uses Checkuser, if not who they ran it against? That would alleviate concerns about the privacy of editors, and add a layer of public scrutiny and accountability to the people with the ability to CU--if one person was (in theory) farming for information vs. users, the patterns would be visibly evident. "Why is such and such running so many CUs without documenting ANY findings publically?" could then be reviewed by community oversight. I fail to comprehend why the usage of the tool in some fashion shouldn't be disclosed, if doing so does not put at risk any private editor data. The actions *with* the tool, of the CU users themselves, obviously should not be private any more than the standard Administrative logs are. If AdminX is running multiple CU lookups per day, people should be entitled to know this.

David Gerard

21 Apr 21 Apr

1:09 p.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 20/04/07, Info Control <infodmz(a)gmail.com> wrote:

...

I am (obviously) all for privacy, but my concern is that at least once the Foundation has been deceived quite heavily about the identity of at least one Checkuser level person.

If you mean Essjay, no, he identified himself to the foundation. If you mean something else ... look, say who you're talking about when you talk about this stuff. Vagueness doesn't help this discussion.

...

Also, publishing some form of released information would be of tremendous assurance. Perhaps it ought to be disclosed then, when a person uses Checkuser, if not who they ran it against? That would alleviate concerns about the privacy of editors, and add a layer of public scrutiny and accountability to the people with the ability to CU--if one person was (in theory) farming for information vs. users, the patterns would be visibly evident. "Why is such and such running so many CUs without documenting ANY findings publically?" could then be reviewed by community oversight.

Because much of it doesn't require public documenting, or isn't appropriate. Remember: WP:RFCU was invented to stop people bugging the checkers personally; it's in no way a mandatory part of the checking process. Quite the opposite.

...

I fail to comprehend why the usage of the tool in some fashion shouldn't be disclosed, if doing so does not put at risk any private editor data. The actions *with* the tool, of the CU users themselves, obviously should not be private any more than the standard Administrative logs are. If AdminX is running multiple CU lookups per day, people should be entitled to know this.

I typically run multiple CU lookups a day. And now you know as much as you did before. - d.

Conrad Dunkerson

7:46 a.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

* Info Control wrote:

...

I agree. The checkuser policy has always said that access will be removed "if checks are done routinely on editors without a serious motive to do so (links and proofs of bad behavior should be provided)"... yet given that people often don't know when they've been checked this seems meaningless. How would such a thing, which the foundation itself describes as abuse requiring removal of access, ever be uncovered? Is there someone going through the checkuser logs and reviewing each to verify that it was valid? I doubt it and would hope not as it would be a tremendous waste of time better spent elsewhere. The USUAL way that we uncover problems is that someone says, 'hey, you should not have done that!'... and if a dozen other people say, 'hey yeah... he did the same thing to me' then we look into it. We should not be espousing the high ideal that we will remove access from anyone who abuses it by running checks without "serious motive" requiring "links and proofs of bad behaviour"... while then making it impossible (for all practical purposes) to ever detect such abuse. There has been at least one past kerfluffle about an unjustified check amongst the very small circle of users who DO have access to the checkuser logs. If everyone had access to see they they, and ONLY they, had been checkusered we'd obviously get alot more complaints... but what if some of them are valid? IMO, if you set up a system with no oversight it WILL be abused. Every time. If you somehow limit the access only to saints who will never do the least thing wrong... the fact that no one can check that will still inevitably lead people to BELIEVE it is being abused. The only way to prevent abuse and the perception of abuse is to allow people to see what is being done. Since this is private information we'd obviously not release it publicly, but the only reason not to release it to the people actually checked is to avoid complaints. And that's never a good excuse.

David Gerard

8:13 a.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 21/04/07, Conrad Dunkerson <conrad.dunkerson(a)att.net> wrote:

...

This appears to be putting the cart before the horse, i.e. making detection of violations easier at the expense of causing violations. If it's no shame to show up in a CheckUser log, why are people shitting themselves at the idea?

...

There has been at least one past kerfluffle about an unjustified check amongst the very small circle of users who DO have access to the checkuser logs. If everyone had access to see they they, and ONLY they, had been checkusered we'd obviously get alot more complaints... but what if some of them are valid?

I'm unaware of the kerfuffle you're speaking of. Details? - d.

Conrad Dunkerson

6:17 p.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

* David Gerard wrote:

...

This appears to be putting the cart before the horse, i.e. making detection of violations easier at the expense of causing violations.

The only way that statement makes any kind of sense to me would be if you were assuming that checkuser logs would be made public. That's obviously a bad idea. However, there would obviously be no breach of privacy in allowing users to see checkuser requests run on THEMSELVES. That would make 'detection of violations easier' without 'causing violations'.

...

If it's no shame to show up in a CheckUser log, why are people shitting themselves at the idea?

Strawman. I know for certain that there have been checkuser requests run on my account and I'm not 'shitting myself' about it. I've been posting to online forums under my real name for decades and have a list of IP addresses I've used in the past right on my user page... so there aren't exactly alot of 'privacy' matters which anyone could 'reveal' about me which aren't publicly accessible in the first place. However, as a matter of general principle - humans are both fallible and suspicious. Any power which is entrusted to humans is guaranteed to be abused from time to time... and any power which is wielded in secret is guaranteed to arose suspicion. IMO those are immutable facts of human nature. So why have a system which serves to perpetuate both?

...

I'm unaware of the kerfuffle you're speaking of. Details?

Best not to drag old conflicts back out into the present. I'll send you the details privately.

David Gerard

6:33 p.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 21/04/07, Conrad Dunkerson <conrad.dunkerson(a)att.net> wrote:

...

* David Gerard wrote:

...

> This appears to be putting the cart before the horse, i.e. making > detection of violations easier at the expense of causing violations.

...

Hmm, possibly. I'm trying to work out a way of doing this that wouldn't involve "and after you run the check, edit these five pages." It's got to be automatic in the tool.

...

However, as a matter of general principle - humans are both fallible and suspicious. Any power which is entrusted to humans is guaranteed to be abused from time to time... and any power which is wielded in secret is guaranteed to arose suspicion. IMO those are immutable facts of human nature. So why have a system which serves to perpetuate both?

Yes, I do see your point ... I'm wondering what the actual current need is. Checkusers do look at each other's logs and there's the ombudsmans, who can look at the logs as they wish.

...

> I'm unaware of the kerfuffle you're speaking of. Details?

...

Best not to drag old conflicts back out into the present. I'll send you the details privately.

(looking at private mail) I vaguely recall that one, OK. - d.

Andrew Gray

22 Apr 22 Apr

9:19 a.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 21/04/07, David Gerard <dgerard(a)gmail.com> wrote:

...

Hmm, possibly. I'm trying to work out a way of doing this that wouldn't involve "and after you run the check, edit these five pages." It's got to be automatic in the tool.

Email notification? If the user-who-is-checked is has an email, they get an email generated to their address saying so and with a handy explanation. -- - Andrew Gray andrew.gray(a)dunelm.org.uk

David Gerard

9:53 a.m.

New subject: RFCU security (was Ryulong blocked ALL accounts)

On 22/04/07, Andrew Gray <shimgray(a)gmail.com> wrote:

...

On 21/04/07, David Gerard <dgerard(a)gmail.com> wrote:

...

> Hmm, possibly. I'm trying to work out a way of doing this that > wouldn't involve "and after you run the check, edit these five pages." > It's got to be automatic in the tool.

...

Email notification? If the user-who-is-checked is has an email, they get an email generated to their address saying so and with a handy explanation.

This should lead to wild fun. "Why did you check me?!" "Can't tell you, sorry." "This is a privacy violation!" "Not when I didn't tell anyone." "YUO ARE A ROUGE CHECKUSeR!!" "Um, no I'm not. But you can ask these guys to go over it if you're sure I am." [ wait a month due to huge ombudsman queue ] "No really, he's not." So far this is all striking me as "we must do something, this is something, therefore we must do this" rather than anything that will actually be productive. It's not clear what can be done with the function existing at all that will meaningfully deal with the apparent fears and problems. Someone is going to be able to look. It's not just the few devs with database access because they don't scale. - d.

6236

days inactive

6238

days old

wikien-l@lists.wikimedia.org

Manage subscription

23 comments

11 participants

tags (0)

participants (11)

Andrew Gray
Anthony
Conrad Dunkerson
David Gerard
Info Control
MacGyverMagic/Mgm
Mark Wagner
Matthew Brown
Ron Ritzman
Silas Snider
Tony Sidaway