[Foundation-l] check user...
Robert Horning
robert_horning at netzero.net
Sat Mar 31 17:45:30 UTC 2007
Gregory Maxwell wrote:
>
> I'll revise my position based on Aphaia's comment below:
> "I think that being at least the age of majority in their country of
> residence is important".
>
> Checkusers are in a somewhat unique position to cause irreversible
> harm and cause legal problems for themselves and the foundation. As
> such they should be old enough to assume legal responsibility for
> their actions.
>
> Just be glad that I'm not also suggesting that checkusers be insured. ;)
>
I disagree that the damage that somebody using checkuser privileges is
necessarily irreversible and necessarily causes too many legal problems
"for themselves and the foundation." There is obviously an extreme case
or two where this may be the case, but on the whole I can't really seen
where revealing the IP address of a user is necessarily going to be a
major problem. At best, the worst damage that can happen is to document
what computer an edit actually took place on. Only with 3rd party
records would it even be remotely possible to tie this with a specific
individual.
In addition, any user, including anonymous users, can trace the IP
addresses of many of the contributors to Wikimedia projects.... that is
the default log-in type. And accidental disclosure of IP addresses are
almost inevitable for most users, especially if you accidentally make an
anonymous IP edit because the cookie in your browser has expired (it has
for me on a couple of occasions). For example (and I mention this
because he also did one of these accidental disclosures and later noted
this IP address explicitly) Richard Stallman of the Free Software
Foundation fame is also [[w:User:Rmstallman]], and by only accessing
Wikipedia by anonymous status (I wasn't even logged into my Wikipedia
account), I can find out that at least one of the IP addresess he has
used to edit Wikipedia was with 128.30.16.48
See
http://en.wikipedia.org/w/index.php?title=Richard_Stallman&offset=20060117021941&limit=500&action=history
Mr. Stallman in this case claims these IP edits as his own in a public
manner, so in this case I don't think this is improper disclosure. But
it is ilustrative of how people without checkuser privileges could still
obtain this information.
I know that similar kinds of revelations of IP address can also be done
with my own account. Or at least make a very strong circumstantial case
where all you would have to ask the WMF or a "check user" would be
something like "Could you confirm that address 10.44.44.22 is being used
by User:Jimbo Wales?" Even if the WMF doesn't disclose this
information, an investigator familiar with Wikimedia projects is very
likely to be able to get this kind of information of a sufficient
quantity that all of the protections of the check user privileges is
essentially moot for users who have made a huge number of entries into
Wikimedia projects.
I would further note that the discussions of trying to protect an
anonymous user in China wrting something critical of the Chinese
government are also moot, as that government can make a formal request
to have that information revealed, and WMF policy is explicit to grant
that kind of request.
I should note here that I'm not asking for checkuser privileges to be
made available to all unregistered users, but I believe that the
paranoia over how dangerous an individual could be even if they made a
deliberate and conscious effort to disclose IP addresses for many users
is way overstated. By giving this user scan ability to people who are
otherwise considered trusted users on Wikimedia projects, for example
admins and bureaucrats (I've long challenged that all bureaucrats should
have this as a default ability), I fail to see what real damage is going
to happen.
If a 10-year-old has been given bureaucrat privileges on a Wikimedia
project, I would be very surprised. It may also present some
interesting legal problems for the WMF in terms of liability for that
user's actions, but I also believe that any such user who has achieved
that level of trust in a particular project is going to have a level of
maturity to keep from abusing the checkuser tool as well.
-- Robert Horning
More information about the foundation-l
mailing list