On 31/03/07, Florence Devouard <Anthere9(a)yahoo.com> wrote: And reveal there identity publicly. -- schiste

rofl. On 30/03/07, Pedro Sanchez <pdsanchez(a)gmail.com> wrote: -- Refije dirije lanmè yo paske nou posede pwòp bato.

On 3/30/07, christophe.henner(a)wikimedia.fr <christophe.henner(a)gmail.com> wrote: I don't know that publicly is important. I think that revealing it to the foundation is very important. I think that being over 18 is also important. -Greg (Checkuser, over 18, and identity known by the public)

On 3/31/07, Mohamed Magdy <mohamed.m.k(a)gmail.com> wrote: Because people who have checkuser are trusted with information that could mean they end up in court one day, whether to testify for or defend the Foundation. As such, they should have the capacity to act without the consent of their parents. I believe 18 is a(n almost?) world-wide age at which people attain majority, and are considered able to act responsibly before the law. Delphine -- ~notafish NB. This address is used for mailing lists. Personal emails sent to this address will probably get lost.

On 3/31/07, Aphaia <aphaia(a)gmail.com> wrote: Agreed. Delphine -- ~notafish NB. This address is used for mailing lists. Personal emails sent to this address will probably get lost.

Not only, the role is very important and critical. Who has knowledge of network and Internet can easily avoid the tools which are used by CU. In Italian Wikipedia I have said that I could connect to Wikipedia using two different IP and two different users in the same time on the same PC avoiding any control. It's very simple. IMHO the CU should have a strong knowledge of network. It's not a barnstar. Please... more quality. Ilario Florence Devouard wrote:

On 3/31/07, Mohamed Magdy <mohamed.m.k(a)gmail.com> wrote: I'll revise my position based on Aphaia's comment below: "I think that being at least the age of majority in their country of residence is important". Checkusers are in a somewhat unique position to cause irreversible harm and cause legal problems for themselves and the foundation. As such they should be old enough to assume legal responsibility for their actions. Just be glad that I'm not also suggesting that checkusers be insured. ;)

On Sat, 31 Mar 2007, Sebastian Moleski wrote: Weak agreement on this invocation of the Fear Of Law. Strong agreement that this discussion should be on a wiki page; see http://meta.wikimedia.org/wiki/Talk:CheckUser_policy I am generally loathe to use age as a barrier for anything; we should be clear about where this line is being drawn, and for what reasons. "This is a very important role" is not a reason to discriminate based on age. "This is a role that requires being responsible" is likewise not appropriate. "This is a role that requires being legally accountable for one's actions" is... SJ

On 3/31/07, Robert Brockway <rbrockway(a)opentrend.net> wrote: Including the US...

On 3/31/07, Pedro Sanchez <pdsanchez(a)gmail.com> wrote: Um. No, this should be a matter of foundation policy. Never did we give any arbcom the authority to meddle with our privacy policy.

On Sat, 31 Mar 2007, Gregory Maxwell wrote: +1

Gregory Maxwell wrote: I disagree that the damage that somebody using checkuser privileges is necessarily irreversible and necessarily causes too many legal problems "for themselves and the foundation." There is obviously an extreme case or two where this may be the case, but on the whole I can't really seen where revealing the IP address of a user is necessarily going to be a major problem. At best, the worst damage that can happen is to document what computer an edit actually took place on. Only with 3rd party records would it even be remotely possible to tie this with a specific individual. In addition, any user, including anonymous users, can trace the IP addresses of many of the contributors to Wikimedia projects.... that is the default log-in type. And accidental disclosure of IP addresses are almost inevitable for most users, especially if you accidentally make an anonymous IP edit because the cookie in your browser has expired (it has for me on a couple of occasions). For example (and I mention this because he also did one of these accidental disclosures and later noted this IP address explicitly) Richard Stallman of the Free Software Foundation fame is also [[w:User:Rmstallman]], and by only accessing Wikipedia by anonymous status (I wasn't even logged into my Wikipedia account), I can find out that at least one of the IP addresess he has used to edit Wikipedia was with 128.30.16.48 See http://en.wikipedia.org/w/index.php?title=Richard_Stallman&offset=20060… Mr. Stallman in this case claims these IP edits as his own in a public manner, so in this case I don't think this is improper disclosure. But it is ilustrative of how people without checkuser privileges could still obtain this information. I know that similar kinds of revelations of IP address can also be done with my own account. Or at least make a very strong circumstantial case where all you would have to ask the WMF or a "check user" would be something like "Could you confirm that address 10.44.44.22 is being used by User:Jimbo Wales?" Even if the WMF doesn't disclose this information, an investigator familiar with Wikimedia projects is very likely to be able to get this kind of information of a sufficient quantity that all of the protections of the check user privileges is essentially moot for users who have made a huge number of entries into Wikimedia projects. I would further note that the discussions of trying to protect an anonymous user in China wrting something critical of the Chinese government are also moot, as that government can make a formal request to have that information revealed, and WMF policy is explicit to grant that kind of request. I should note here that I'm not asking for checkuser privileges to be made available to all unregistered users, but I believe that the paranoia over how dangerous an individual could be even if they made a deliberate and conscious effort to disclose IP addresses for many users is way overstated. By giving this user scan ability to people who are otherwise considered trusted users on Wikimedia projects, for example admins and bureaucrats (I've long challenged that all bureaucrats should have this as a default ability), I fail to see what real damage is going to happen. If a 10-year-old has been given bureaucrat privileges on a Wikimedia project, I would be very surprised. It may also present some interesting legal problems for the WMF in terms of liability for that user's actions, but I also believe that any such user who has achieved that level of trust in a particular project is going to have a level of maturity to keep from abusing the checkuser tool as well. -- Robert Horning

On Sat, 31 Mar 2007, Sebastian Moleski wrote: With respect: ANYTHING AT ALL can subject a project or person to a lawsuit. Every editor of the site can do something that would subject someone to a related lawsuit -- the someone could be an individual editor who the suer tracks down, the foundation, or anyone else in the world. Many such suits would be woefully misguided, but they could be brought all the same. Please describe actual risk of exposure if you are proposing policy changed founded in legal FUD. FUD is not always 'wrong' -- there are cases in which there really is justifiable uncertainty and doubt, and in which it is proper to be fearful as a result. But please do not spread this sense without attention to detail, or without addressing the question of how likely a particular disaster scenario is. Then we can consider why such scenarios have not yet happened, and what the tradeoffs are to being paranoid about security [at what point do we shut down the site to all edits, remove all biographies, and only modify it further in response to takedown requests?]. SJ [I said earlier that I agree weakly with the statement that IF we have explicit legal concerns, it makes sense to describe the necessary response in terms of age of majority in the local jurisdiction... I am not at all convinced that these concerns merit the policy changes being discussed.]

On 31/03/07, Sean Whitton (Xyrael) <sean(a)silentflame.com> wrote: Sam Korn was on the en:wp arbcom at age 16, though he quit so as not to interfere with his A-levels. - d.

Sebastian Moleski wrote: I would like to point out that if you connect to the internet from any connection, you are "broadcasting" who you are and where you are at. I know this is something that some individuals look at differently, but trying to maintain anonymity on the internet is a complex task at the best and futile at its worst. I know some of this has to do with what a server operator claims to do with their usage logs, but you really shouldn't expect to have your privacy maintained, so far as the address to the computer is concerned, if you are using any internet connection. I have seen some server operators actually publish all access logs to their website in a very public manner. An IP address is not a personally identifying piece of information by itself, as compared to a nationally issued ID number or your full legal name. As I mentioned here above, you must used additional information such as signed logs or billing records of the ISP in order to tie a particular IP address to a specific individual. That is a major accomplishment, and congratulations to that individual. And to get there, they must have demonstrated a huge degree of maturity as well. This is also something self-correcting as this particular bureaucrat will be 18 in three years, making any argument about this particular individual moot in time. I've heard a whole bunch of bluster here about how this abuse "may be subject to a lawsuit". Is there any clear legal examples of this happening with other ISPs in situations similar to a disclosure by a volunteer operator/moderator of an IP address? How is this different from admins who have to delete (or undelete) copyrighted material, or set themselves up for potential liability issues and other legal matters by performing user blocks? Or even ordinary users setting themselves up with libel issues based on what they write on Wikimedia projects? I believe that the hyperparanoia over the permission of check user access is actually a short coming to improving Wikimedia projects, and removing a very valuable tool to help fight vandalism and other mischief. Particularly for smaller Wikimedia projects the current rules place huge obstacles to being able to help fight those who mean harm. These discussions to even further limit the scope of those eligible (even if mainly symbolic) smacks of the elitism that I perceived even when the check user policy was issued in the first place. Certainly in the case of somebody trying to demonstrate eligibility for becoming a member of the board of trustees, an age requirement is absolutely necessary. What is missing here in these discussions is what the actual legal requirements would be according to the laws of a specific country for some volunteer coordinator who has access to information tied between a user name and an IP address, and what both the liability to the foundation would be if they accidentally or intentionally disclosed this information. Furthermore, if the person who did this disclosure was a minor, would that substantially increase the liability of the WMF? Sure anything can trigger a lawsuit, but has any similar lawsuit been filed in this kind of situation, ever? And been successful and not thrown out as laughable by the judge? -- Robert Horning

On 3/31/07, Samuel Klein <meta.sj(a)gmail.com> wrote: Agreed. The age barrier in this case seems sensible, though we should resist the urge to consider it sacrosanct -- there may be ways to find exceptions even to this rule. Certainly something for a future Legal Coordinator to look into. -- Peace & Love, Erik DISCLAIMER: This message does not represent an official position of the Wikimedia Foundation or its Board of Trustees. "An old, rigid civilization is reluctantly dying. Something new, open, free and exciting is waking up." -- Ming the Mechanic

christophe.henner(a)wikimedia.fr wrote: Not necessarily, as long as it's known to key people. Ec