I am not asking for checkuser results, rather the basic logs about when/why/who may have checkusered the account. I am not asking CUs to release IP/user-agent/other info, but to let users know that they are being CUed, by whom and why. and to be able to request that historical information from the CU logs
On Wed, Jun 13, 2012 at 9:54 PM, James Alexander jamesofur@gmail.comwrote:
To be honest the biggest problem is that releasing this information can hurt quite a lot. It can give away the techniques the checkuser (or checkusers, more then one working together is very common to make sure they're right) used to draw the connections. This is especially true for technical information where it can easily give away 'tell-tale' signs used as part of the determination.
Almost every time I've ever seen the information demanded it was quite clear (usually even with out any type of technical information) that the user was guilty as charged and now they just wanted one of those two things: A target (the CU) or the information (to find out where they went wrong).
Yes, if a horrible checkuser was checking you you wouldn't know instantly but that's why we have so many checks and balances. Giving all of this information to everyone, especially automatically, would make it almost infinitely harder for checkusers to do their job.
James
On Wed, Jun 13, 2012 at 6:30 PM, John phoenixoverride@gmail.com wrote:
Risker comment was basically "lets not set a global accountability and ability to get CU related logs of our self on a global level, instead
take
it to each project and fight it out there" to me that reeks of
obfuscation.
Realistically this should be a global policy, just like our privacy
policy
is. Why shouldnt users know when they have been checkusered and why?
On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia
Foundation <
pbeaudette@wikimedia.org> wrote:
I dunno, John, you almost had me convinced until that email. I saw in
that
mail a reasonable comment from Risker based on long time precedent.
As you may know, there are a number of checks and balances in place. First, the CUs watch each other. With a broad group, you can be assured they don't all always agree and there is healthy debate and dialogue. Second, enwp has an audit subcommittee that routinely audits the logs
with
a fine toothed comb. They are NOT all previous checkusers, to avoid
the
sort of groupthink that appears to concern you. Then, the WMF has an ombudsman commission, which also may audit with commission from the
Board.
Those people take their role very seriously. And last, anyone with
genuine
privacy concerns can contact the WMF: me, Maggie, anyone in the legal
or
community advocacy department.
Is it an iron clad assurance of no misbehavior? Probably not, and we
will
continue to get better at it: but I will say that in 3 years of being pretty closely involved with that team, I'm impressed with how much
they
err on the side of protection of privacy. I have a window into their
world,
and they have my respect.
Best, PB
Philippe Beaudette Director, Community Advocacy Wikimedia Foundation, Inc
Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: John phoenixoverride@gmail.com Sender: wikimedia-l-bounces@lists.wikimedia.org Date: Wed, 13 Jun 2012 21:17:09 To: Wikimedia Mailing Listwikimedia-l@lists.wikimedia.org Reply-To: Wikimedia Mailing List wikimedia-l@lists.wikimedia.org Subject: Re: [Wikimedia-l] CheckUser openness
Yet another attempt from a checkuser to make monitoring their actions
and
ensuring our privacy more difficult.
On Wed, Jun 13, 2012 at 9:10 PM, Risker risker.wp@gmail.com wrote:
Each project has its own standards and thresholds for when checkusers
may
be done, provided that they are within the limits of the privacy
policy.
These standards vary widely. So, the correct place to discuss this
is
on
each project.
Risker
On 13 June 2012 21:02, Thomas Dalton thomas.dalton@gmail.com
wrote:
Why shouldn't spambots and vandals be notified? Just have the
software
automatically email anyone that is CUed. Then the threshold is
simply
whether you have an email address attached to your account or not.
This seems like a good idea. People have a right to know what is
being
done
with their data. On Jun 14, 2012 12:35 AM, "Risker" risker.wp@gmail.com wrote:
On 13 June 2012 19:18, John phoenixoverride@gmail.com wrote:
> This is something that has been bugging me for a while. When a
user
has
> been checkusered they should at least be notified of who
preformed
it
and
> why it was preformed. I know this is not viable for every
single
CU
action > as many are for anons. But for those users who have been around
for a
> period, (say autoconfirmed) they should be notified when they
are
CU'ed
and > any user should be able to request the CU logs pertaining to
themselves
> (who CU'ed them, when, and why) at will. I have seen CU's
refuse
to
provide > information to the accused. > > See the Rich Farmbrough ArbCom case where I suspect obvious
fishing,
where > the CU'ed user was requesting information and the CU claimed it
would
be
a > violation of the privacy policy to release the
time/reason/performer
of
the > checkuser. > > This screams of obfuscation and the hiding of information. I
know
the
> ombudsman committee exists as a check and balance, however
before
something > can be passed to them evidence of inappropriate action is
needed.
Ergo
> Catch-22 > > I know checkusers keep a private wiki > https://checkuser.wikimedia.org/wiki/Main_Page and I know
according
to
our > privacy policy we are supposed to purge our information
regularly
(on
wiki > CU logs exist for 90 days) however who oversees the regular
removal
of
> private information on the wiki? > > My proposal would be for all users who are at least auto
confirmed
to
be
> notified and be able to request all CU logs regarding
themselves
at
any
> point, and any mentions of themselves on the CU wiki should be retrievable. > > > Perhaps some full disclosure should be made here John. You are a
checkuser
yourself, have access to the checkuser-L mailing list and the
checkuser
wiki, helped to set up the Audit Subcommittee on the English
Wikipedia
(which carries out reviews of checkuser/oversighter actions on
request);
you are also a member of the English Wikipedia functionaries
mailing
list
because you are a former arbitrator, a checkuser and an
oversighter
on
enwp. (so have access there to express your concerns or suggest
changes
in
standards), It seems you are complaining about a specific case,
and
instead of talking things out about this specific case, you've
decided
to
propose an entirely different checkusering standard. I'll point
out
in
passing that half of the spambots blocked in recent weeks by
checkusers
were autoconfirmed on one or more projects, and even obvious
vandals
can
hit the autoconfirmed threshold easily on most projects.
Full disclosure on my part: I am also an Enwp checkuser and a
member
of
the
Arbitration Committee.
Risker _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
-- James Alexander jamesofur@gmail.com _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l