To be honest the biggest problem is that releasing this information can hurt quite a lot. It can give away the techniques the checkuser (or checkusers, more then one working together is very common to make sure they're right) used to draw the connections. This is especially true for technical information where it can easily give away 'tell-tale' signs used as part of the determination.
Almost every time I've ever seen the information demanded it was quite clear (usually even with out any type of technical information) that the user was guilty as charged and now they just wanted one of those two things: A target (the CU) or the information (to find out where they went wrong).
Yes, if a horrible checkuser was checking you you wouldn't know instantly but that's why we have so many checks and balances. Giving all of this information to everyone, especially automatically, would make it almost infinitely harder for checkusers to do their job.
James
On Wed, Jun 13, 2012 at 6:30 PM, John phoenixoverride@gmail.com wrote:
Risker comment was basically "lets not set a global accountability and ability to get CU related logs of our self on a global level, instead take it to each project and fight it out there" to me that reeks of obfuscation. Realistically this should be a global policy, just like our privacy policy is. Why shouldnt users know when they have been checkusered and why?
On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia Foundation < pbeaudette@wikimedia.org> wrote:
I dunno, John, you almost had me convinced until that email. I saw in
that
mail a reasonable comment from Risker based on long time precedent.
As you may know, there are a number of checks and balances in place. First, the CUs watch each other. With a broad group, you can be assured they don't all always agree and there is healthy debate and dialogue. Second, enwp has an audit subcommittee that routinely audits the logs
with
a fine toothed comb. They are NOT all previous checkusers, to avoid the sort of groupthink that appears to concern you. Then, the WMF has an ombudsman commission, which also may audit with commission from the
Board.
Those people take their role very seriously. And last, anyone with
genuine
privacy concerns can contact the WMF: me, Maggie, anyone in the legal or community advocacy department.
Is it an iron clad assurance of no misbehavior? Probably not, and we
will
continue to get better at it: but I will say that in 3 years of being pretty closely involved with that team, I'm impressed with how much they err on the side of protection of privacy. I have a window into their
world,
and they have my respect.
Best, PB
Philippe Beaudette Director, Community Advocacy Wikimedia Foundation, Inc
Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: John phoenixoverride@gmail.com Sender: wikimedia-l-bounces@lists.wikimedia.org Date: Wed, 13 Jun 2012 21:17:09 To: Wikimedia Mailing Listwikimedia-l@lists.wikimedia.org Reply-To: Wikimedia Mailing List wikimedia-l@lists.wikimedia.org Subject: Re: [Wikimedia-l] CheckUser openness
Yet another attempt from a checkuser to make monitoring their actions and ensuring our privacy more difficult.
On Wed, Jun 13, 2012 at 9:10 PM, Risker risker.wp@gmail.com wrote:
Each project has its own standards and thresholds for when checkusers
may
be done, provided that they are within the limits of the privacy
policy.
These standards vary widely. So, the correct place to discuss this is
on
each project.
Risker
On 13 June 2012 21:02, Thomas Dalton thomas.dalton@gmail.com wrote:
Why shouldn't spambots and vandals be notified? Just have the
software
automatically email anyone that is CUed. Then the threshold is simply whether you have an email address attached to your account or not.
This seems like a good idea. People have a right to know what is
being
done
with their data. On Jun 14, 2012 12:35 AM, "Risker" risker.wp@gmail.com wrote:
On 13 June 2012 19:18, John phoenixoverride@gmail.com wrote:
This is something that has been bugging me for a while. When a
user
has
been checkusered they should at least be notified of who
preformed
it
and
why it was preformed. I know this is not viable for every single
CU
action
as many are for anons. But for those users who have been around
for a
period, (say autoconfirmed) they should be notified when they are
CU'ed
and
any user should be able to request the CU logs pertaining to
themselves
(who CU'ed them, when, and why) at will. I have seen CU's refuse
to
provide
information to the accused.
See the Rich Farmbrough ArbCom case where I suspect obvious
fishing,
where
the CU'ed user was requesting information and the CU claimed it
would
be
a
violation of the privacy policy to release the
time/reason/performer
of
the
checkuser.
This screams of obfuscation and the hiding of information. I know
the
ombudsman committee exists as a check and balance, however before
something
can be passed to them evidence of inappropriate action is needed.
Ergo
Catch-22
I know checkusers keep a private wiki https://checkuser.wikimedia.org/wiki/Main_Page and I know
according
to
our
privacy policy we are supposed to purge our information regularly
(on
wiki
CU logs exist for 90 days) however who oversees the regular
removal
of
private information on the wiki?
My proposal would be for all users who are at least auto
confirmed
to
be
notified and be able to request all CU logs regarding themselves
at
any
point, and any mentions of themselves on the CU wiki should be
retrievable.
Perhaps some full disclosure should be made here John. You are a
checkuser
yourself, have access to the checkuser-L mailing list and the
checkuser
wiki, helped to set up the Audit Subcommittee on the English
Wikipedia
(which carries out reviews of checkuser/oversighter actions on
request);
you are also a member of the English Wikipedia functionaries
mailing
list
because you are a former arbitrator, a checkuser and an oversighter
on
enwp. (so have access there to express your concerns or suggest
changes
in
standards), It seems you are complaining about a specific case,
and
instead of talking things out about this specific case, you've
decided
to
propose an entirely different checkusering standard. I'll point
out
in
passing that half of the spambots blocked in recent weeks by
checkusers
were autoconfirmed on one or more projects, and even obvious
vandals
can
hit the autoconfirmed threshold easily on most projects.
Full disclosure on my part: I am also an Enwp checkuser and a
member
of
the
Arbitration Committee.
Risker _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l