M. Creidieki Crouch wrote:
David Gerard wrote:
- it would be utterly poisonous to the community. Merely being
checked on would be seen as a black mark (c.f. geni's attacks on Kelly Martin's character in this thread).
I think that this danger would be minimized if the admin explained the reason for the check, ideally with a link to something that would be considered "reasonable evidence".
Even then, it's much easier to not violate it and not cause trouble in the community by not making the log public. It's hard to run afoul of the privacy policy by doing your very best imitation of a [[Magic 8-ball]].
This is not ideal. I recently misidentified [[User:TheChief]] as [[User:Agriculture]]. It was highly questioned but I couldn't answer most of the questions people were asking so as to substantiate the match as I simply wasn't allowed to do so. Eventually someone else spotted that they had close-together edits at widely disparate geographical locations. (I'd done a time-IP chart myself, but evidently missed that one.) Which is not hard (if I wanted I could show an IP record of me flitting from Australia to Wisconsin to London in five minutes, all through legitimate accounts), but is very far from common, so I called it "not a match."
It's all a tricky one. Saying "'cos I say so" really doesn't go down well, but it's often the only answer I can give. Getting second opinions from other checkers can help, though that certainly isn't going to become routine. (I'm sure *requests* for it will ...)
- It's a sysadmin level function, allowing certain people to assist
the devs so they can get on with running the actual servers. No-one using a website can seriously expect the sysadmins will *not* check their IP, usage patterns, etc. as is necessary for good functioning of the site.
I'm worried about "you should have expected it" as a rationale for revealing personal information, but perhaps.
It's not *revealing* the personal information - that's what's *not* happening. It's *having someone look at it at all*. No-one can reasonably expect the people running a site will never look at the usage in as close detail as is needed.
What they *can* expect is that the data will be confidential per the privacy policy. At present, all those on en: with it are arbitrators. (I also asked for Linuxbeak and Fvw to get it, but the board is presently happier with just the AC having it. That's fine, 'cos Linuxbeak and Fvw know they need only ask if they have some heavy-duty vandals that need tracking. In the last few weeks I ran a pile of checks for Linuxbeak tracking Jarlaxle and MARMOT, for instance, and some time tracking [[User:SuperTroll]].)
I got the power at all because the devs didn't have time to give the AC the checks it needed (they're busy running the site and writing the software) and I was on the AC and knew my way around a network. The AC are people trusted not to fuck up Wikimedia's policies, ways of doing things and internal and external image and so forth, so were considered suitable for the confidential information. They also know how good and bad editors work, and the social structure of the wiki. So we picked some of them that can find their way around a network (the technical consideration). You'd typically find the technical skills in a sysadmin, for example (there's lots on Wikipedia). I picked up mine tracking Usenet and email spammers for my own amusement ;-)
(And just to cross-thread: this is a good example of something that people shouldn't even be thinking of voting on, any more than you'd vote for root or MediaWiki lead. [[m:Voting is evil (and stupid)]] )
- There's a log the other checkuser users can see and keep an eye on
each other. If you react "ZOMG CABAL!!!", you can say that to the devs next, because they can check this stuff too, and do as they see fit. With no logs at all.
Does this log contain explanations or comments on why a specific check was done? This certainly would prevent an admin from doing a check on everyone they came in contact with. But if you see one or two checks a week on users you've never heard of, are you going to track down the admin and ask about it?
It just has lines like:
* 15:54, 10 July 2005 David Gerard got IPs for David Gerard * 15:55, 10 July 2005 David Gerard got edits for 82.153.102.255
(that's me looking up my own name and then one of the IPs.)
Note that it's not "admins". It's not every admin having access to this. It's a (deliberately) very small pool of people.
I'm sorry to be contributing to the already-long discussion against this. I'm not at all convinced that checkuser is a bad idea. But I want to make sure that we've thought about the best way of implementing it.
It gives sensitive information, but it doesn't actually give a huge amount.
* I'll typically be found on two static IPs and one that's dynamic but changes slowly. * Someone else might be on dialup and have their IP for any given session be anywhere in a /12, which is 1,048,576 possible addresses, in which case you have to understand social aspects of the wiki (usage patterns and what sort of things sockpuppeteers tend to do) to declare a "possible match" or "likely match" or whatever. * Someone else might be on AOL, where each *page view* might use a different AOL proxy, in which case you can stop the check right there because you can't say anything other than "is on AOL" (which is 22% of the US internet, so generally wouldn'tt really count as revealing personal information). * Someone else might have their username using IPs from all over the world in close succession ... in which case it's a good guess that the IPs are open proxies and the user is hopping about on them to evade detection.
This sort of thing is why a software version that just gives "MATCH", "NEAR MATCH" or "NO MATCH" or whatever is not possible (and again, if someone thinks it is, show us the code and show us it works well enough). It takes a human who knows the little ways of the Internet and the little ways of good and bad editors to make sense of the little information you get from knowing what IP a given user made a given edit from.
Any more questions, anyone?
- d.