David,
I appreciate your comments. It's quite possible that you're right, and that having these logs available would be more trouble than it's worth.
A. 1. It would be a gross and blatant violation of the privacy policy. Note that your privacy is not being breached by having a developer or a checkuseruser look up your IP, but only by it being revealed.
I wasn't suggesting that the *result* of the check be available on the public log. Simply the admin's username, the user who was checked, the timestamp, and the admin's stated reason.
- it would be utterly poisonous to the community. Merely being
checked on would be seen as a black mark (c.f. geni's attacks on Kelly Martin's character in this thread).
I think that this danger would be minimized if the admin explained the reason for the check, ideally with a link to something that would be considered "reasonable evidence".
- It's a sysadmin level function, allowing certain people to assist
the devs so they can get on with running the actual servers. No-one using a website can seriously expect the sysadmins will *not* check their IP, usage patterns, etc. as is necessary for good functioning of the site.
I'm worried about "you should have expected it" as a rationale for revealing personal information, but perhaps.
- There's a log the other checkuser users can see and keep an eye on
each other. If you react "ZOMG CABAL!!!", you can say that to the devs next, because they can check this stuff too, and do as they see fit. With no logs at all.
Does this log contain explanations or comments on why a specific check was done? This certainly would prevent an admin from doing a check on everyone they came in contact with. But if you see one or two checks a week on users you've never heard of, are you going to track down the admin and ask about it?
I'm sorry to be contributing to the already-long discussion against this. I'm not at all convinced that checkuser is a bad idea. But I want to make sure that we've thought about the best way of implementing it.
-- Creidieki