Daniel Arnold wrote:
Am Mittwoch, 21. Juni 2006 16:07 schrieb Robert Scott Horning:
I've heard a lot of fear mongering and what I percieve to be unwarrented fears about abuses to checkuser actions. Can you give some clear examples of what have been percieved as abuses of those with checkuser privileges, at least types of problems that have happened as a matter or practice?
I did never take the time investigating the background of any checkuser of others. I just noticed some statistics:
en.wikipedia (and some other smaller projects as well) have overproportional heavy use of CheckUser. de.wikipedia (the second largest one, which has like en.wikipedia many trolls but probably has different approaches keeping them down, which naturally also have their specific positive and negative side effects) has no checkuser trace in the logfiles (a developer can make a Checkuser directly at the servers without Checkuser logfile traces but nonetheless it were only a few in case of de.wikipedia).
The point I was trying to make here is that there have been enough checkuser scans and enough people with checkuser privileges that there must be, just through statistical analysis, some abuse that has taken place, or at least something that should have been investigated to see if a person with checkuser privileges has gone too far. Or if that has not happened that perhaps the whole worry is way overrated. Take for example somebody with sysop privileges and having deleted about 1000 pages from a given project. Don't tell me that 100% of those deletions are going to occur without *somebody* complaining that the admin went too far, even for the very best admin that is completely on top of policies and one of the most trusted Wikimedians. I was trying to ask if there are some specific examples here for checkuser abuse rather than some vague "it will happen in the future". Even investigations that later were proven to be legitimate uses of checkuser scans.
I know I am speaking from an apparent minority opinion on this mailing list, but I fail to see what real damage is happening from simply looking up the IP address of a user.
My concerns are as follows: A Checkuser of an IP from let us say China or Saudi Arabia can have *serious* impact if these informations come into the wrong hands although the probability of a worst case scenario is quite low.
Who is this information going to be protected from? The governments of those countries, aka Chinese and Saudi governments? According to Wikimedia Foundation policy, this information can be, indeed must be, turned over to authorized government officials of any government that makes an official request for this information. The check user policy is not going to be any kind of protection in this situation. In addition, as I've pointed out earlier, both of these governments are more than capable technologically to be able to obtain the IP addresses of Wikimedia users without even having to ask for it from the Foundation. The Chinese have an entire battalion of their army that does nothing but electronic surveilance and warfare. This is a trivial task for people with that kind of training. They don't call it the Great Firewall of China for a trivial reason, as all IP traffic into and out of China is monitored.
As for the Saudis, I was offered a job with a Saudi company for $150,000/year (turned it down BTW). They certainly have the financial means to get whatever technological talent they need, especially if it is perceived as a threat to the royal family in any form, or even religious zealots within their government. If I were a Saudi citizen, I would not count on the Wikimedia checkuser policy as offering even a shred of protection. At best a speed bump to slow down the government by a few days. And a nightmare of negative publicity for the WMF if board members tried to drag their heels intentionally with an overtly political act to stop any government from obtaining this information.
So if en.wp makes heavy regular use of checkuser why shouldn't zh.wp and ar.wp do the same as well (and logfile data of a palestinian on he.wp is also a potentially serious matter for example)? It is a question of caution and role model function of en.wp.
So I don't suggest to en.wp stop checkuser but use it more seriously. Just block an IP or recently created vandal account unilaterally if you think it's a sock puppet without investigating deeper (hey you're admin you have to *be bold* sometimes) and only perform a checkuser afterwards in case there was a real demand from several third persons.
That way you also avoid creating a large bueraucracy on blocking of small fishes like IPs and short lived accounts and have more time for far more important matters.
Checkuser should mainly be a weapon against sock puppets of people that are involved deeper in the project (let's say several accounts of a single person that abuses them for quite some time in a sophisticated way with a mixture out of valid and POV edits).
Just my 2 cents...
Arnomane
I agree that sockpuppets and persistant vandals (a variation of sock puppet abuse) would be the main reasons for even using checkuser scans. While I can dream up some scenerios of abuse, what I'm asking is what actual abuse has happened based on experience. Apparently there is none at all.
It is too bad that non-Wikipedia projects can't use checkuser scans, however. That is another fight for another thread.