On 4/20/07, Info Control infodmz@gmail.com wrote:
On 4/20/07, Tony Sidaway tonysidaway@gmail.com wrote:
I hope the checkusers have investigated this affair for possible abusive socking).
I hope that any checkusers abusing the privacy of their peers with undocumented, out of policy, out of bounds, and wrong use of the tool would be hauled in front of ArbCom and/or desysopped/banned.
Just for the ediifcation of those who do not know, why is it there is no public record of who ran what RFCU IP check? Shouldn't people be entitled to know if their privacy was for possible undocumented searches exposed?
I ask as least *one* administrator is documented to have been active on Wikitruth, and at least one former admin (Everyking) is a Wikipedia Review editor. What recourse do users in good standing have to find out if their IP information was viewed?
On 20/04/07, Info Control infodmz@gmail.com wrote:
Just for the ediifcation of those who do not know, why is it there is no public record of who ran what RFCU IP check? Shouldn't people be entitled to know if their privacy was for possible undocumented searches exposed?
Because that would expose them to idiots claiming a check was itself a black mark against them.
CheckUser is essentially a system administrator level function which some trusted and technically competent editors can do because it saves bugging the devs. And system administrators can and will check all and any logs they feel they need to at any time.
But you know what? Without good reason, they don't tell.
I ask as least *one* administrator is documented to have been active on Wikitruth, and at least one former admin (Everyking) is a Wikipedia Review editor. What recourse do users in good standing have to find out if their IP information was viewed?
They don't. Having been checked doesn't violate your privacy.
- d.
On 4/20/07, David Gerard dgerard@gmail.com wrote:
On 20/04/07, Info Control infodmz@gmail.com wrote:
Just for the ediifcation of those who do not know, why is it there is no public record of who ran what RFCU IP check? Shouldn't people be entitled to know if their privacy was for possible undocumented searches exposed?
Because that would expose them to idiots claiming a check was itself a black mark against them.
What if the information was only given to the person being checked?
I ask as least *one* administrator is documented to have been active on Wikitruth, and at least one former admin (Everyking) is a Wikipedia Review editor. What recourse do users in good standing have to find out if their IP information was viewed?
They don't. Having been checked doesn't violate your privacy.
Sure it does. It reveals private information to the person doing the check.
Anthony
On 4/20/07, Anthony wikilegal@inbox.org wrote:
What recourse do users in good standing have to find out if their IP information was viewed?
They don't. Having been checked doesn't violate your privacy.
Sure it does. It reveals private information to the person doing the check.
This is partially my concern. One long-standing allegation and fear that runs about is that people can do RFCU on anyone, for any reason.
What legitimate reason could there be for EVER using the Check user tool beside presented evidence of sockpuppetry?
A record that said:
* David Gerard 01:00:00 checkuser MrEditor
Would reveal nothing of any harm. If it was an inappropriate check without backing documentation it would be a black mark vs. the check user, not the editor as you suggest. ;)
Having a public record of who ran what would keep the watchers honest, of course. Is that a bad thing?
On 4/20/07, Info Control infodmz@gmail.com wrote:
On 4/20/07, Anthony wikilegal@inbox.org wrote:
What recourse do users in good standing have to find out if their IP information was viewed?
They don't. Having been checked doesn't violate your privacy.
Sure it does. It reveals private information to the person doing the check.
This is partially my concern. One long-standing allegation and fear that runs about is that people can do RFCU on anyone, for any reason.
Ooh! Idea! What if we were able to change the software so that users could see if they (but no one else) had been checkusered, and by whom?
Sincerely, Silas Snider
On 4/20/07, Info Control infodmz@gmail.com wrote:
Having a public record of who ran what would keep the watchers honest, of course. Is that a bad thing?
Yes. It would be a violation of the checked user's privacy and probably the Foundation's privacy policy. For one thing, it would be possible in some cases to work out, by comparison with other nearby checks from the same checkuser, to work out who someone was suspected of being a sock of (very damaging if the checkuser actually cleared them of it). Also, people would draw incorrect inferences from examination of this partial data.
-Matt
On 4/20/07, Info Control infodmz@gmail.com wrote:
One long-standing allegation and fear that runs about is that people can do RFCU on anyone, for any reason.
This isn't quite true. There does have to be "a valid motive to check a user". The suspicion that multiple socks are being used to escalate a discussion into a lynch mob is a valid motive.
On 4/20/07, Tony Sidaway tonysidaway@gmail.com wrote:
This isn't quite true. There does have to be "a valid motive to check a user". The suspicion that multiple socks are being used to escalate a discussion into a lynch mob is a valid motive.
Do you think there would be harm in disclosing the usage patterns of Checkusers? e.g., who is running them with what frequency? If yes, what harm?
The positives would appear to be a level of public accountability for such a critical access. People should have a right to know if they were checkusered--if not, how else could they lodge a complaint for review of the same?
Note, for example, that Slimvirgin filed a complaint with the Foundation n regard to Kelly Martin using Checkuser on her in 2006. Such recourse for users and method of notification that their information was reviewed needs to exist.
On 20/04/07, Info Control infodmz@gmail.com wrote:
Note, for example, that Slimvirgin filed a complaint with the Foundation n regard to Kelly Martin using Checkuser on her in 2006. Such recourse for users and method of notification that their information was reviewed needs to exist.
As I noted just a short while ago:
http://meta.wikimedia.org/wiki/Ombudsman_commission
They watch the watchmen.
- d.
On 4/20/07, Info Control infodmz@gmail.com wrote:
A record that said:
- David Gerard 01:00:00 checkuser MrEditor
Would reveal nothing of any harm.
Actually I think it would. I won't labour the point, though.
We have an ombudsman commission which is charged with offering "...a sympathetic ear to those reporting an abuse of the Wikimedia Foundation privacy policy..."
http://meta.wikimedia.org/wiki/Ombudsman_commission http://wikimediafoundation.org/wiki/Resolution:Ombudsperson_checkuser
On 4/20/07, Info Control infodmz@gmail.com wrote:
A record that said:
- David Gerard 01:00:00 checkuser MrEditor
Would reveal nothing of any harm.
No, but a record that said
* David Gerard 01:00:00 checkuser MrEditor * David Gerard 01:01:24 checkuser 192.168.23.6 * David Gerard 01:02:15 checkuser 192.168.23.57 * David Gerard 01:02:58 checkuser Willy on Wheels
would indicate that he probably edits from the 192.168.23.0 IP range, and that he's suspected of being a reincarnation of Willy on Wheels.
On 4/20/07, Info Control infodmz@gmail.com wrote:
What legitimate reason could there be for EVER using the Check user tool beside presented evidence of sockpuppetry?
I can think of one. That supposedly "retired" admin who recently deleted the main page and blocked a whole bunch of account including Jimbo, a checkuser could possibly be used to tell if his account had been hacked into or if he himself just went bat shit crazy.
On 21/04/07, Ron Ritzman ritzman@gmail.com wrote:
On 4/20/07, Info Control infodmz@gmail.com wrote:
What legitimate reason could there be for EVER using the Check user tool beside presented evidence of sockpuppetry?
I can think of one. That supposedly "retired" admin who recently deleted the main page and blocked a whole bunch of account including Jimbo, a checkuser could possibly be used to tell if his account had been hacked into or if he himself just went bat shit crazy.
Vandal/troll accounts are frequently checked. It's helped root out many nests of 0wnz0r3d server boxes, for instance, or to establish that a given vandal is an already-known problem vandal.
Being checked is not a privacy violation unless and until information is revealed in a way that's a privacy violation.
Wikipedia is not an anonymising service, and anyone who thinks it can or should be treated as one is simply being foolish.
- d.
On 20/04/07, Info Control infodmz@gmail.com wrote:
On 4/20/07, Info Control infodmz@gmail.com wrote:
On 4/20/07, Tony Sidaway tonysidaway@gmail.com wrote:
I hope the checkusers have investigated this affair for possible abusive socking).
I hope that any checkusers abusing the privacy of their peers with undocumented, out of policy, out of bounds, and wrong use of the tool would be hauled in front of ArbCom and/or desysopped/banned.
As an aside, this could have been an entirely legitimate point to do such a check. Half a dozen editors all editing on the same topic, with no previous histories, arguing on the same side, and with interestingly correlated edit times. Not to find out who the editors "behind it" were, but to find out if there were in fact six seperate editors - or just one troublemaker trying to play silly buggers. Because if it *is* the latter - and it appears possible - then it is a very bad thing; it's someone wilfully and maliciously trolling and trying to screw the consensus their way.
Just for the ediifcation of those who do not know, why is it there is no public record of who ran what RFCU IP check? Shouldn't people be entitled to know if their privacy was for possible undocumented searches exposed?
Your privacy is exposed when the data is announced publicly. It is not exposed by internal, secure, unpublished checks; indeed, it can be argued that exposing the logs of who checked what is going to reveal the private data indirectly.
I ask as least *one* administrator is documented to have been active on Wikitruth, and at least one former admin (Everyking) is a Wikipedia Review editor.
This is relevant why? Those people never had access to IP data.
On 4/20/07, Andrew Gray shimgray@gmail.com wrote:
I ask as least *one* administrator is documented to have been active on Wikitruth, and at least one former admin (Everyking) is a Wikipedia Review editor.
This is relevant why? Those people never had access to IP data.
Checkusers, in fact, have to identify themselves to the Foundation and must agree to follow the Foundation's privacy policy. There's a good reason why standard adminship doesn't come with the Checkuser feature.
-Matt
On 4/20/07, Matthew Brown morven@gmail.com wrote:
On 4/20/07, Andrew Gray shimgray@gmail.com wrote:
I ask as least *one* administrator is documented to have been active
on
Wikitruth, and at least one former admin (Everyking) is a Wikipedia
Review
editor.
This is relevant why? Those people never had access to IP data.
Checkusers, in fact, have to identify themselves to the Foundation and must agree to follow the Foundation's privacy policy. There's a good reason why standard adminship doesn't come with the Checkuser feature.
-Matt
Yes and that's exactly why such things aren't published -- to protect your privacy.
Mgm
On 4/20/07, MacGyverMagic/Mgm macgyvermagic@gmail.com wrote:
Yes and that's exactly why such things aren't published -- to protect your privacy.
I am (obviously) all for privacy, but my concern is that at least once the Foundation has been deceived quite heavily about the identity of at least one Checkuser level person.
Also, publishing some form of released information would be of tremendous assurance. Perhaps it ought to be disclosed then, when a person uses Checkuser, if not who they ran it against? That would alleviate concerns about the privacy of editors, and add a layer of public scrutiny and accountability to the people with the ability to CU--if one person was (in theory) farming for information vs. users, the patterns would be visibly evident. "Why is such and such running so many CUs without documenting ANY findings publically?" could then be reviewed by community oversight.
I fail to comprehend why the usage of the tool in some fashion shouldn't be disclosed, if doing so does not put at risk any private editor data. The actions *with* the tool, of the CU users themselves, obviously should not be private any more than the standard Administrative logs are. If AdminX is running multiple CU lookups per day, people should be entitled to know this.
On 20/04/07, Info Control infodmz@gmail.com wrote:
I am (obviously) all for privacy, but my concern is that at least once the Foundation has been deceived quite heavily about the identity of at least one Checkuser level person.
If you mean Essjay, no, he identified himself to the foundation.
If you mean something else ... look, say who you're talking about when you talk about this stuff. Vagueness doesn't help this discussion.
Also, publishing some form of released information would be of tremendous assurance. Perhaps it ought to be disclosed then, when a person uses Checkuser, if not who they ran it against? That would alleviate concerns about the privacy of editors, and add a layer of public scrutiny and accountability to the people with the ability to CU--if one person was (in theory) farming for information vs. users, the patterns would be visibly evident. "Why is such and such running so many CUs without documenting ANY findings publically?" could then be reviewed by community oversight.
Because much of it doesn't require public documenting, or isn't appropriate.
Remember: WP:RFCU was invented to stop people bugging the checkers personally; it's in no way a mandatory part of the checking process. Quite the opposite.
I fail to comprehend why the usage of the tool in some fashion shouldn't be disclosed, if doing so does not put at risk any private editor data. The actions *with* the tool, of the CU users themselves, obviously should not be private any more than the standard Administrative logs are. If AdminX is running multiple CU lookups per day, people should be entitled to know this.
I typically run multiple CU lookups a day. And now you know as much as you did before.
- d.
* Info Control wrote:
Just for the ediifcation of those who do not know, why is it there is no public record of who ran what RFCU IP check? Shouldn't people be entitled to know if their privacy was for possible undocumented searches exposed?
I agree. The checkuser policy has always said that access will be removed "if checks are done routinely on editors without a serious motive to do so (links and proofs of bad behavior should be provided)"... yet given that people often don't know when they've been checked this seems meaningless. How would such a thing, which the foundation itself describes as abuse requiring removal of access, ever be uncovered? Is there someone going through the checkuser logs and reviewing each to verify that it was valid? I doubt it and would hope not as it would be a tremendous waste of time better spent elsewhere.
The USUAL way that we uncover problems is that someone says, 'hey, you should not have done that!'... and if a dozen other people say, 'hey yeah... he did the same thing to me' then we look into it.
We should not be espousing the high ideal that we will remove access from anyone who abuses it by running checks without "serious motive" requiring "links and proofs of bad behaviour"... while then making it impossible (for all practical purposes) to ever detect such abuse.
There has been at least one past kerfluffle about an unjustified check amongst the very small circle of users who DO have access to the checkuser logs. If everyone had access to see they they, and ONLY they, had been checkusered we'd obviously get alot more complaints... but what if some of them are valid?
IMO, if you set up a system with no oversight it WILL be abused. Every time. If you somehow limit the access only to saints who will never do the least thing wrong... the fact that no one can check that will still inevitably lead people to BELIEVE it is being abused. The only way to prevent abuse and the perception of abuse is to allow people to see what is being done. Since this is private information we'd obviously not release it publicly, but the only reason not to release it to the people actually checked is to avoid complaints. And that's never a good excuse.
On 21/04/07, Conrad Dunkerson conrad.dunkerson@att.net wrote:
I agree. The checkuser policy has always said that access will be removed "if checks are done routinely on editors without a serious motive to do so (links and proofs of bad behavior should be provided)"... yet given that people often don't know when they've been checked this seems meaningless. How would such a thing, which the foundation itself describes as abuse requiring removal of access, ever be uncovered? Is there someone going through the checkuser logs and reviewing each to verify that it was valid? I doubt it and would hope not as it would be a tremendous waste of time better spent elsewhere.
This appears to be putting the cart before the horse, i.e. making detection of violations easier at the expense of causing violations.
If it's no shame to show up in a CheckUser log, why are people shitting themselves at the idea?
There has been at least one past kerfluffle about an unjustified check amongst the very small circle of users who DO have access to the checkuser logs. If everyone had access to see they they, and ONLY they, had been checkusered we'd obviously get alot more complaints... but what if some of them are valid?
I'm unaware of the kerfuffle you're speaking of. Details?
- d.
* David Gerard wrote:
This appears to be putting the cart before the horse, i.e. making detection of violations easier at the expense of causing violations.
The only way that statement makes any kind of sense to me would be if you were assuming that checkuser logs would be made public. That's obviously a bad idea. However, there would obviously be no breach of privacy in allowing users to see checkuser requests run on THEMSELVES. That would make 'detection of violations easier' without 'causing violations'.
If it's no shame to show up in a CheckUser log, why are people shitting themselves at the idea?
Strawman. I know for certain that there have been checkuser requests run on my account and I'm not 'shitting myself' about it. I've been posting to online forums under my real name for decades and have a list of IP addresses I've used in the past right on my user page... so there aren't exactly alot of 'privacy' matters which anyone could 'reveal' about me which aren't publicly accessible in the first place.
However, as a matter of general principle - humans are both fallible and suspicious. Any power which is entrusted to humans is guaranteed to be abused from time to time... and any power which is wielded in secret is guaranteed to arose suspicion. IMO those are immutable facts of human nature. So why have a system which serves to perpetuate both?
I'm unaware of the kerfuffle you're speaking of. Details?
Best not to drag old conflicts back out into the present. I'll send you the details privately.
On 21/04/07, Conrad Dunkerson conrad.dunkerson@att.net wrote:
- David Gerard wrote:
This appears to be putting the cart before the horse, i.e. making detection of violations easier at the expense of causing violations.
The only way that statement makes any kind of sense to me would be if you were assuming that checkuser logs would be made public. That's obviously a bad idea. However, there would obviously be no breach of privacy in allowing users to see checkuser requests run on THEMSELVES. That would make 'detection of violations easier' without 'causing violations'.
Hmm, possibly. I'm trying to work out a way of doing this that wouldn't involve "and after you run the check, edit these five pages." It's got to be automatic in the tool.
However, as a matter of general principle - humans are both fallible and suspicious. Any power which is entrusted to humans is guaranteed to be abused from time to time... and any power which is wielded in secret is guaranteed to arose suspicion. IMO those are immutable facts of human nature. So why have a system which serves to perpetuate both?
Yes, I do see your point ... I'm wondering what the actual current need is. Checkusers do look at each other's logs and there's the ombudsmans, who can look at the logs as they wish.
I'm unaware of the kerfuffle you're speaking of. Details?
Best not to drag old conflicts back out into the present. I'll send you the details privately.
(looking at private mail) I vaguely recall that one, OK.
- d.
On 21/04/07, David Gerard dgerard@gmail.com wrote:
Hmm, possibly. I'm trying to work out a way of doing this that wouldn't involve "and after you run the check, edit these five pages." It's got to be automatic in the tool.
Email notification? If the user-who-is-checked is has an email, they get an email generated to their address saying so and with a handy explanation.
On 22/04/07, Andrew Gray shimgray@gmail.com wrote:
On 21/04/07, David Gerard dgerard@gmail.com wrote:
Hmm, possibly. I'm trying to work out a way of doing this that wouldn't involve "and after you run the check, edit these five pages." It's got to be automatic in the tool.
Email notification? If the user-who-is-checked is has an email, they get an email generated to their address saying so and with a handy explanation.
This should lead to wild fun.
"Why did you check me?!" "Can't tell you, sorry." "This is a privacy violation!" "Not when I didn't tell anyone." "YUO ARE A ROUGE CHECKUSeR!!" "Um, no I'm not. But you can ask these guys to go over it if you're sure I am." [ wait a month due to huge ombudsman queue ] "No really, he's not."
So far this is all striking me as "we must do something, this is something, therefore we must do this" rather than anything that will actually be productive.
It's not clear what can be done with the function existing at all that will meaningfully deal with the apparent fears and problems. Someone is going to be able to look. It's not just the few devs with database access because they don't scale.
- d.