David,
I appreciate your comments. It's quite possible that you're right,
and that having these logs available would be more trouble than it's
worth.
A. 1. It would be a gross and blatant violation of the
privacy policy.
Note that your privacy is not being breached by having a developer or
a checkuseruser look up your IP, but only by it being revealed.
I wasn't suggesting that the *result* of the check be available on the
public log. Simply the admin's username, the user who was checked,
the timestamp, and the admin's stated reason.
2. it would be utterly poisonous to the community.
Merely being
checked on would be seen as a black mark (c.f. geni's attacks on Kelly
Martin's character in this thread).
I think that this danger would be minimized if the admin explained the
reason for the check, ideally with a link to something that would be
considered "reasonable evidence".
3. It's a sysadmin level function, allowing
certain people to assist
the devs so they can get on with running the actual servers. No-one
using a website can seriously expect the sysadmins will *not* check
their IP, usage patterns, etc. as is necessary for good functioning of
the site.
I'm worried about "you should have expected it" as a rationale for
revealing personal information, but perhaps.
4. There's a log the other checkuser users can see
and keep an eye on
each other. If you react "ZOMG CABAL!!!", you can say that to the devs
next, because they can check this stuff too, and do as they see fit.
With no logs at all.
Does this log contain explanations or comments on why a specific check
was done? This certainly would prevent an admin from doing a check on
everyone they came in contact with. But if you see one or two checks
a week on users you've never heard of, are you going to track down the
admin and ask about it?
I'm sorry to be contributing to the already-long discussion against
this. I'm not at all convinced that checkuser is a bad idea. But I
want to make sure that we've thought about the best way of
implementing it.
-- Creidieki