This is something that has been bugging me for a while. When a user has been checkusered they should at least be notified of who preformed it and why it was preformed. I know this is not viable for every single CU action as many are for anons. But for those users who have been around for a period, (say autoconfirmed) they should be notified when they are CU'ed and any user should be able to request the CU logs pertaining to themselves (who CU'ed them, when, and why) at will. I have seen CU's refuse to provide information to the accused.
See the Rich Farmbrough ArbCom case where I suspect obvious fishing, where the CU'ed user was requesting information and the CU claimed it would be a violation of the privacy policy to release the time/reason/performer of the checkuser.
This screams of obfuscation and the hiding of information. I know the ombudsman committee exists as a check and balance, however before something can be passed to them evidence of inappropriate action is needed. Ergo Catch-22
I know checkusers keep a private wiki https://checkuser.wikimedia.org/wiki/Main_Page and I know according to our privacy policy we are supposed to purge our information regularly (on wiki CU logs exist for 90 days) however who oversees the regular removal of private information on the wiki?
My proposal would be for all users who are at least auto confirmed to be notified and be able to request all CU logs regarding themselves at any point, and any mentions of themselves on the CU wiki should be retrievable.
John
On 13 June 2012 19:18, John phoenixoverride@gmail.com wrote:
This is something that has been bugging me for a while. When a user has been checkusered they should at least be notified of who preformed it and why it was preformed. I know this is not viable for every single CU action as many are for anons. But for those users who have been around for a period, (say autoconfirmed) they should be notified when they are CU'ed and any user should be able to request the CU logs pertaining to themselves (who CU'ed them, when, and why) at will. I have seen CU's refuse to provide information to the accused.
See the Rich Farmbrough ArbCom case where I suspect obvious fishing, where the CU'ed user was requesting information and the CU claimed it would be a violation of the privacy policy to release the time/reason/performer of the checkuser.
This screams of obfuscation and the hiding of information. I know the ombudsman committee exists as a check and balance, however before something can be passed to them evidence of inappropriate action is needed. Ergo Catch-22
I know checkusers keep a private wiki https://checkuser.wikimedia.org/wiki/Main_Page and I know according to our privacy policy we are supposed to purge our information regularly (on wiki CU logs exist for 90 days) however who oversees the regular removal of private information on the wiki?
My proposal would be for all users who are at least auto confirmed to be notified and be able to request all CU logs regarding themselves at any point, and any mentions of themselves on the CU wiki should be retrievable.
Perhaps some full disclosure should be made here John. You are a checkuser yourself, have access to the checkuser-L mailing list and the checkuser wiki, helped to set up the Audit Subcommittee on the English Wikipedia (which carries out reviews of checkuser/oversighter actions on request); you are also a member of the English Wikipedia functionaries mailing list because you are a former arbitrator, a checkuser and an oversighter on enwp. (so have access there to express your concerns or suggest changes in standards), It seems you are complaining about a specific case, and instead of talking things out about this specific case, you've decided to propose an entirely different checkusering standard. I'll point out in passing that half of the spambots blocked in recent weeks by checkusers were autoconfirmed on one or more projects, and even obvious vandals can hit the autoconfirmed threshold easily on most projects.
Full disclosure on my part: I am also an Enwp checkuser and a member of the Arbitration Committee.
Risker
I am not a checkuser, I do not have access to checkuser-l, the CU wiki, or any other private information. This goes far beyond the one case, I was just using it as a recent example
On Wed, Jun 13, 2012 at 7:34 PM, Risker risker.wp@gmail.com wrote:
On 13 June 2012 19:18, John phoenixoverride@gmail.com wrote:
This is something that has been bugging me for a while. When a user has been checkusered they should at least be notified of who preformed it and why it was preformed. I know this is not viable for every single CU
action
as many are for anons. But for those users who have been around for a period, (say autoconfirmed) they should be notified when they are CU'ed
and
any user should be able to request the CU logs pertaining to themselves (who CU'ed them, when, and why) at will. I have seen CU's refuse to
provide
information to the accused.
See the Rich Farmbrough ArbCom case where I suspect obvious fishing,
where
the CU'ed user was requesting information and the CU claimed it would be
a
violation of the privacy policy to release the time/reason/performer of
the
checkuser.
This screams of obfuscation and the hiding of information. I know the ombudsman committee exists as a check and balance, however before
something
can be passed to them evidence of inappropriate action is needed. Ergo Catch-22
I know checkusers keep a private wiki https://checkuser.wikimedia.org/wiki/Main_Page and I know according to
our
privacy policy we are supposed to purge our information regularly (on
wiki
CU logs exist for 90 days) however who oversees the regular removal of private information on the wiki?
My proposal would be for all users who are at least auto confirmed to be notified and be able to request all CU logs regarding themselves at any point, and any mentions of themselves on the CU wiki should be
retrievable.
Perhaps some full disclosure should be made here John. You are a checkuser yourself, have access to the checkuser-L mailing list and the checkuser wiki, helped to set up the Audit Subcommittee on the English Wikipedia (which carries out reviews of checkuser/oversighter actions on request); you are also a member of the English Wikipedia functionaries mailing list because you are a former arbitrator, a checkuser and an oversighter on enwp. (so have access there to express your concerns or suggest changes in standards), It seems you are complaining about a specific case, and instead of talking things out about this specific case, you've decided to propose an entirely different checkusering standard. I'll point out in passing that half of the spambots blocked in recent weeks by checkusers were autoconfirmed on one or more projects, and even obvious vandals can hit the autoconfirmed threshold easily on most projects.
Full disclosure on my part: I am also an Enwp checkuser and a member of the Arbitration Committee.
Risker _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
My apologies to you John - and also to John Vandenberg, whose name popped up when I cursored over this.
Please do consider expressing a concern to the Audit Subcommittee with respect to this case, or alternately to the Ombudsman.
Risker
On 13 June 2012 19:37, John phoenixoverride@gmail.com wrote:
I am not a checkuser, I do not have access to checkuser-l, the CU wiki, or any other private information. This goes far beyond the one case, I was just using it as a recent example
On Wed, Jun 13, 2012 at 7:34 PM, Risker risker.wp@gmail.com wrote:
On 13 June 2012 19:18, John phoenixoverride@gmail.com wrote:
This is something that has been bugging me for a while. When a user has been checkusered they should at least be notified of who preformed it
and
why it was preformed. I know this is not viable for every single CU
action
as many are for anons. But for those users who have been around for a period, (say autoconfirmed) they should be notified when they are CU'ed
and
any user should be able to request the CU logs pertaining to themselves (who CU'ed them, when, and why) at will. I have seen CU's refuse to
provide
information to the accused.
See the Rich Farmbrough ArbCom case where I suspect obvious fishing,
where
the CU'ed user was requesting information and the CU claimed it would
be
a
violation of the privacy policy to release the time/reason/performer of
the
checkuser.
This screams of obfuscation and the hiding of information. I know the ombudsman committee exists as a check and balance, however before
something
can be passed to them evidence of inappropriate action is needed. Ergo Catch-22
I know checkusers keep a private wiki https://checkuser.wikimedia.org/wiki/Main_Page and I know according to
our
privacy policy we are supposed to purge our information regularly (on
wiki
CU logs exist for 90 days) however who oversees the regular removal of private information on the wiki?
My proposal would be for all users who are at least auto confirmed to
be
notified and be able to request all CU logs regarding themselves at any point, and any mentions of themselves on the CU wiki should be
retrievable.
Perhaps some full disclosure should be made here John. You are a
checkuser
yourself, have access to the checkuser-L mailing list and the checkuser wiki, helped to set up the Audit Subcommittee on the English Wikipedia (which carries out reviews of checkuser/oversighter actions on request); you are also a member of the English Wikipedia functionaries mailing list because you are a former arbitrator, a checkuser and an oversighter on enwp. (so have access there to express your concerns or suggest changes
in
standards), It seems you are complaining about a specific case, and instead of talking things out about this specific case, you've decided to propose an entirely different checkusering standard. I'll point out in passing that half of the spambots blocked in recent weeks by checkusers were autoconfirmed on one or more projects, and even obvious vandals can hit the autoconfirmed threshold easily on most projects.
Full disclosure on my part: I am also an Enwp checkuser and a member of
the
Arbitration Committee.
Risker _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
PS I am not a former arb, do not have access to functionaries mailing list, I do not have access nor have ever had access to any of the above including Oversight. I was just throwing out autoconfirmed as a line in the sand, we can adjust the line so that normal users can be notified while excluding spambots. One point could be say 50 edits and at least a month old account? The nature and required secrecy for such a open project is scary in this regards.
John
On Wed, Jun 13, 2012 at 7:37 PM, John phoenixoverride@gmail.com wrote:
I am not a checkuser, I do not have access to checkuser-l, the CU wiki, or any other private information. This goes far beyond the one case, I was just using it as a recent example
On Wed, Jun 13, 2012 at 7:34 PM, Risker risker.wp@gmail.com wrote:
On 13 June 2012 19:18, John phoenixoverride@gmail.com wrote:
This is something that has been bugging me for a while. When a user has been checkusered they should at least be notified of who preformed it
and
why it was preformed. I know this is not viable for every single CU
action
as many are for anons. But for those users who have been around for a period, (say autoconfirmed) they should be notified when they are CU'ed
and
any user should be able to request the CU logs pertaining to themselves (who CU'ed them, when, and why) at will. I have seen CU's refuse to
provide
information to the accused.
See the Rich Farmbrough ArbCom case where I suspect obvious fishing,
where
the CU'ed user was requesting information and the CU claimed it would
be a
violation of the privacy policy to release the time/reason/performer of
the
checkuser.
This screams of obfuscation and the hiding of information. I know the ombudsman committee exists as a check and balance, however before
something
can be passed to them evidence of inappropriate action is needed. Ergo Catch-22
I know checkusers keep a private wiki https://checkuser.wikimedia.org/wiki/Main_Page and I know according to
our
privacy policy we are supposed to purge our information regularly (on
wiki
CU logs exist for 90 days) however who oversees the regular removal of private information on the wiki?
My proposal would be for all users who are at least auto confirmed to be notified and be able to request all CU logs regarding themselves at any point, and any mentions of themselves on the CU wiki should be
retrievable.
Perhaps some full disclosure should be made here John. You are a checkuser yourself, have access to the checkuser-L mailing list and the checkuser wiki, helped to set up the Audit Subcommittee on the English Wikipedia (which carries out reviews of checkuser/oversighter actions on request); you are also a member of the English Wikipedia functionaries mailing list because you are a former arbitrator, a checkuser and an oversighter on enwp. (so have access there to express your concerns or suggest changes in standards), It seems you are complaining about a specific case, and instead of talking things out about this specific case, you've decided to propose an entirely different checkusering standard. I'll point out in passing that half of the spambots blocked in recent weeks by checkusers were autoconfirmed on one or more projects, and even obvious vandals can hit the autoconfirmed threshold easily on most projects.
Full disclosure on my part: I am also an Enwp checkuser and a member of the Arbitration Committee.
Risker _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
On Wed, Jun 13, 2012 at 7:42 PM, John phoenixoverride@gmail.com wrote:
PS I am not a former arb, do not have access to functionaries mailing list, I do not have access nor have ever had access to any of the above including Oversight. I was just throwing out autoconfirmed as a line in the sand, we can adjust the line so that normal users can be notified while excluding spambots. One point could be say 50 edits and at least a month old account?
Using a similarly arbitrary high threshhold: how often are checks - order of magnitude - made on users who are eligible to vote in arbcom elections?
SJ
On Wed, Jun 13, 2012 at 8:34 PM, Samuel Klein meta.sj@gmail.com wrote:
On Wed, Jun 13, 2012 at 7:42 PM, John phoenixoverride@gmail.com wrote:
PS I am not a former arb, do not have access to functionaries mailing
list,
I do not have access nor have ever had access to any of the above
including
Oversight. I was just throwing out autoconfirmed as a line in the sand,
we
can adjust the line so that normal users can be notified while excluding spambots. One point could be say 50 edits and at least a month old
account?
Using a similarly arbitrary high threshhold: how often are checks - order of magnitude - made on users who are eligible to vote in arbcom elections?
SJ
At least every day, there are 5 or 6 who qualify by edit count waiting for CU on SPI right now.
~Nathan
Why shouldn't spambots and vandals be notified? Just have the software automatically email anyone that is CUed. Then the threshold is simply whether you have an email address attached to your account or not.
This seems like a good idea. People have a right to know what is being done with their data. On Jun 14, 2012 12:35 AM, "Risker" risker.wp@gmail.com wrote:
On 13 June 2012 19:18, John phoenixoverride@gmail.com wrote:
This is something that has been bugging me for a while. When a user has been checkusered they should at least be notified of who preformed it and why it was preformed. I know this is not viable for every single CU
action
as many are for anons. But for those users who have been around for a period, (say autoconfirmed) they should be notified when they are CU'ed
and
any user should be able to request the CU logs pertaining to themselves (who CU'ed them, when, and why) at will. I have seen CU's refuse to
provide
information to the accused.
See the Rich Farmbrough ArbCom case where I suspect obvious fishing,
where
the CU'ed user was requesting information and the CU claimed it would be
a
violation of the privacy policy to release the time/reason/performer of
the
checkuser.
This screams of obfuscation and the hiding of information. I know the ombudsman committee exists as a check and balance, however before
something
can be passed to them evidence of inappropriate action is needed. Ergo Catch-22
I know checkusers keep a private wiki https://checkuser.wikimedia.org/wiki/Main_Page and I know according to
our
privacy policy we are supposed to purge our information regularly (on
wiki
CU logs exist for 90 days) however who oversees the regular removal of private information on the wiki?
My proposal would be for all users who are at least auto confirmed to be notified and be able to request all CU logs regarding themselves at any point, and any mentions of themselves on the CU wiki should be
retrievable.
Perhaps some full disclosure should be made here John. You are a checkuser yourself, have access to the checkuser-L mailing list and the checkuser wiki, helped to set up the Audit Subcommittee on the English Wikipedia (which carries out reviews of checkuser/oversighter actions on request); you are also a member of the English Wikipedia functionaries mailing list because you are a former arbitrator, a checkuser and an oversighter on enwp. (so have access there to express your concerns or suggest changes in standards), It seems you are complaining about a specific case, and instead of talking things out about this specific case, you've decided to propose an entirely different checkusering standard. I'll point out in passing that half of the spambots blocked in recent weeks by checkusers were autoconfirmed on one or more projects, and even obvious vandals can hit the autoconfirmed threshold easily on most projects.
Full disclosure on my part: I am also an Enwp checkuser and a member of the Arbitration Committee.
Risker _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Each project has its own standards and thresholds for when checkusers may be done, provided that they are within the limits of the privacy policy. These standards vary widely. So, the correct place to discuss this is on each project.
Risker
On 13 June 2012 21:02, Thomas Dalton thomas.dalton@gmail.com wrote:
Why shouldn't spambots and vandals be notified? Just have the software automatically email anyone that is CUed. Then the threshold is simply whether you have an email address attached to your account or not.
This seems like a good idea. People have a right to know what is being done with their data. On Jun 14, 2012 12:35 AM, "Risker" risker.wp@gmail.com wrote:
On 13 June 2012 19:18, John phoenixoverride@gmail.com wrote:
This is something that has been bugging me for a while. When a user has been checkusered they should at least be notified of who preformed it
and
why it was preformed. I know this is not viable for every single CU
action
as many are for anons. But for those users who have been around for a period, (say autoconfirmed) they should be notified when they are CU'ed
and
any user should be able to request the CU logs pertaining to themselves (who CU'ed them, when, and why) at will. I have seen CU's refuse to
provide
information to the accused.
See the Rich Farmbrough ArbCom case where I suspect obvious fishing,
where
the CU'ed user was requesting information and the CU claimed it would
be
a
violation of the privacy policy to release the time/reason/performer of
the
checkuser.
This screams of obfuscation and the hiding of information. I know the ombudsman committee exists as a check and balance, however before
something
can be passed to them evidence of inappropriate action is needed. Ergo Catch-22
I know checkusers keep a private wiki https://checkuser.wikimedia.org/wiki/Main_Page and I know according to
our
privacy policy we are supposed to purge our information regularly (on
wiki
CU logs exist for 90 days) however who oversees the regular removal of private information on the wiki?
My proposal would be for all users who are at least auto confirmed to
be
notified and be able to request all CU logs regarding themselves at any point, and any mentions of themselves on the CU wiki should be
retrievable.
Perhaps some full disclosure should be made here John. You are a
checkuser
yourself, have access to the checkuser-L mailing list and the checkuser wiki, helped to set up the Audit Subcommittee on the English Wikipedia (which carries out reviews of checkuser/oversighter actions on request); you are also a member of the English Wikipedia functionaries mailing list because you are a former arbitrator, a checkuser and an oversighter on enwp. (so have access there to express your concerns or suggest changes
in
standards), It seems you are complaining about a specific case, and instead of talking things out about this specific case, you've decided to propose an entirely different checkusering standard. I'll point out in passing that half of the spambots blocked in recent weeks by checkusers were autoconfirmed on one or more projects, and even obvious vandals can hit the autoconfirmed threshold easily on most projects.
Full disclosure on my part: I am also an Enwp checkuser and a member of
the
Arbitration Committee.
Risker _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Yet another attempt from a checkuser to make monitoring their actions and ensuring our privacy more difficult.
On Wed, Jun 13, 2012 at 9:10 PM, Risker risker.wp@gmail.com wrote:
Each project has its own standards and thresholds for when checkusers may be done, provided that they are within the limits of the privacy policy. These standards vary widely. So, the correct place to discuss this is on each project.
Risker
On 13 June 2012 21:02, Thomas Dalton thomas.dalton@gmail.com wrote:
Why shouldn't spambots and vandals be notified? Just have the software automatically email anyone that is CUed. Then the threshold is simply whether you have an email address attached to your account or not.
This seems like a good idea. People have a right to know what is being
done
with their data. On Jun 14, 2012 12:35 AM, "Risker" risker.wp@gmail.com wrote:
On 13 June 2012 19:18, John phoenixoverride@gmail.com wrote:
This is something that has been bugging me for a while. When a user
has
been checkusered they should at least be notified of who preformed it
and
why it was preformed. I know this is not viable for every single CU
action
as many are for anons. But for those users who have been around for a period, (say autoconfirmed) they should be notified when they are
CU'ed
and
any user should be able to request the CU logs pertaining to
themselves
(who CU'ed them, when, and why) at will. I have seen CU's refuse to
provide
information to the accused.
See the Rich Farmbrough ArbCom case where I suspect obvious fishing,
where
the CU'ed user was requesting information and the CU claimed it would
be
a
violation of the privacy policy to release the time/reason/performer
of
the
checkuser.
This screams of obfuscation and the hiding of information. I know the ombudsman committee exists as a check and balance, however before
something
can be passed to them evidence of inappropriate action is needed.
Ergo
Catch-22
I know checkusers keep a private wiki https://checkuser.wikimedia.org/wiki/Main_Page and I know according
to
our
privacy policy we are supposed to purge our information regularly (on
wiki
CU logs exist for 90 days) however who oversees the regular removal
of
private information on the wiki?
My proposal would be for all users who are at least auto confirmed to
be
notified and be able to request all CU logs regarding themselves at
any
point, and any mentions of themselves on the CU wiki should be
retrievable.
Perhaps some full disclosure should be made here John. You are a
checkuser
yourself, have access to the checkuser-L mailing list and the checkuser wiki, helped to set up the Audit Subcommittee on the English Wikipedia (which carries out reviews of checkuser/oversighter actions on
request);
you are also a member of the English Wikipedia functionaries mailing
list
because you are a former arbitrator, a checkuser and an oversighter on enwp. (so have access there to express your concerns or suggest changes
in
standards), It seems you are complaining about a specific case, and instead of talking things out about this specific case, you've decided
to
propose an entirely different checkusering standard. I'll point out
in
passing that half of the spambots blocked in recent weeks by checkusers were autoconfirmed on one or more projects, and even obvious vandals
can
hit the autoconfirmed threshold easily on most projects.
Full disclosure on my part: I am also an Enwp checkuser and a member of
the
Arbitration Committee.
Risker _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
I dunno, John, you almost had me convinced until that email. I saw in that mail a reasonable comment from Risker based on long time precedent.
As you may know, there are a number of checks and balances in place. First, the CUs watch each other. With a broad group, you can be assured they don't all always agree and there is healthy debate and dialogue. Second, enwp has an audit subcommittee that routinely audits the logs with a fine toothed comb. They are NOT all previous checkusers, to avoid the sort of groupthink that appears to concern you. Then, the WMF has an ombudsman commission, which also may audit with commission from the Board. Those people take their role very seriously. And last, anyone with genuine privacy concerns can contact the WMF: me, Maggie, anyone in the legal or community advocacy department.
Is it an iron clad assurance of no misbehavior? Probably not, and we will continue to get better at it: but I will say that in 3 years of being pretty closely involved with that team, I'm impressed with how much they err on the side of protection of privacy. I have a window into their world, and they have my respect.
Best, PB ----------------------- Philippe Beaudette Director, Community Advocacy Wikimedia Foundation, Inc
Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: John phoenixoverride@gmail.com Sender: wikimedia-l-bounces@lists.wikimedia.org Date: Wed, 13 Jun 2012 21:17:09 To: Wikimedia Mailing Listwikimedia-l@lists.wikimedia.org Reply-To: Wikimedia Mailing List wikimedia-l@lists.wikimedia.org Subject: Re: [Wikimedia-l] CheckUser openness
Yet another attempt from a checkuser to make monitoring their actions and ensuring our privacy more difficult.
On Wed, Jun 13, 2012 at 9:10 PM, Risker risker.wp@gmail.com wrote:
Each project has its own standards and thresholds for when checkusers may be done, provided that they are within the limits of the privacy policy. These standards vary widely. So, the correct place to discuss this is on each project.
Risker
On 13 June 2012 21:02, Thomas Dalton thomas.dalton@gmail.com wrote:
Why shouldn't spambots and vandals be notified? Just have the software automatically email anyone that is CUed. Then the threshold is simply whether you have an email address attached to your account or not.
This seems like a good idea. People have a right to know what is being
done
with their data. On Jun 14, 2012 12:35 AM, "Risker" risker.wp@gmail.com wrote:
On 13 June 2012 19:18, John phoenixoverride@gmail.com wrote:
This is something that has been bugging me for a while. When a user
has
been checkusered they should at least be notified of who preformed it
and
why it was preformed. I know this is not viable for every single CU
action
as many are for anons. But for those users who have been around for a period, (say autoconfirmed) they should be notified when they are
CU'ed
and
any user should be able to request the CU logs pertaining to
themselves
(who CU'ed them, when, and why) at will. I have seen CU's refuse to
provide
information to the accused.
See the Rich Farmbrough ArbCom case where I suspect obvious fishing,
where
the CU'ed user was requesting information and the CU claimed it would
be
a
violation of the privacy policy to release the time/reason/performer
of
the
checkuser.
This screams of obfuscation and the hiding of information. I know the ombudsman committee exists as a check and balance, however before
something
can be passed to them evidence of inappropriate action is needed.
Ergo
Catch-22
I know checkusers keep a private wiki https://checkuser.wikimedia.org/wiki/Main_Page and I know according
to
our
privacy policy we are supposed to purge our information regularly (on
wiki
CU logs exist for 90 days) however who oversees the regular removal
of
private information on the wiki?
My proposal would be for all users who are at least auto confirmed to
be
notified and be able to request all CU logs regarding themselves at
any
point, and any mentions of themselves on the CU wiki should be
retrievable.
Perhaps some full disclosure should be made here John. You are a
checkuser
yourself, have access to the checkuser-L mailing list and the checkuser wiki, helped to set up the Audit Subcommittee on the English Wikipedia (which carries out reviews of checkuser/oversighter actions on
request);
you are also a member of the English Wikipedia functionaries mailing
list
because you are a former arbitrator, a checkuser and an oversighter on enwp. (so have access there to express your concerns or suggest changes
in
standards), It seems you are complaining about a specific case, and instead of talking things out about this specific case, you've decided
to
propose an entirely different checkusering standard. I'll point out
in
passing that half of the spambots blocked in recent weeks by checkusers were autoconfirmed on one or more projects, and even obvious vandals
can
hit the autoconfirmed threshold easily on most projects.
Full disclosure on my part: I am also an Enwp checkuser and a member of
the
Arbitration Committee.
Risker _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
_______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Risker comment was basically "lets not set a global accountability and ability to get CU related logs of our self on a global level, instead take it to each project and fight it out there" to me that reeks of obfuscation. Realistically this should be a global policy, just like our privacy policy is. Why shouldnt users know when they have been checkusered and why?
On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia Foundation < pbeaudette@wikimedia.org> wrote:
I dunno, John, you almost had me convinced until that email. I saw in that mail a reasonable comment from Risker based on long time precedent.
As you may know, there are a number of checks and balances in place. First, the CUs watch each other. With a broad group, you can be assured they don't all always agree and there is healthy debate and dialogue. Second, enwp has an audit subcommittee that routinely audits the logs with a fine toothed comb. They are NOT all previous checkusers, to avoid the sort of groupthink that appears to concern you. Then, the WMF has an ombudsman commission, which also may audit with commission from the Board. Those people take their role very seriously. And last, anyone with genuine privacy concerns can contact the WMF: me, Maggie, anyone in the legal or community advocacy department.
Is it an iron clad assurance of no misbehavior? Probably not, and we will continue to get better at it: but I will say that in 3 years of being pretty closely involved with that team, I'm impressed with how much they err on the side of protection of privacy. I have a window into their world, and they have my respect.
Best, PB
Philippe Beaudette Director, Community Advocacy Wikimedia Foundation, Inc
Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: John phoenixoverride@gmail.com Sender: wikimedia-l-bounces@lists.wikimedia.org Date: Wed, 13 Jun 2012 21:17:09 To: Wikimedia Mailing Listwikimedia-l@lists.wikimedia.org Reply-To: Wikimedia Mailing List wikimedia-l@lists.wikimedia.org Subject: Re: [Wikimedia-l] CheckUser openness
Yet another attempt from a checkuser to make monitoring their actions and ensuring our privacy more difficult.
On Wed, Jun 13, 2012 at 9:10 PM, Risker risker.wp@gmail.com wrote:
Each project has its own standards and thresholds for when checkusers may be done, provided that they are within the limits of the privacy policy. These standards vary widely. So, the correct place to discuss this is on each project.
Risker
On 13 June 2012 21:02, Thomas Dalton thomas.dalton@gmail.com wrote:
Why shouldn't spambots and vandals be notified? Just have the software automatically email anyone that is CUed. Then the threshold is simply whether you have an email address attached to your account or not.
This seems like a good idea. People have a right to know what is being
done
with their data. On Jun 14, 2012 12:35 AM, "Risker" risker.wp@gmail.com wrote:
On 13 June 2012 19:18, John phoenixoverride@gmail.com wrote:
This is something that has been bugging me for a while. When a user
has
been checkusered they should at least be notified of who preformed
it
and
why it was preformed. I know this is not viable for every single CU
action
as many are for anons. But for those users who have been around
for a
period, (say autoconfirmed) they should be notified when they are
CU'ed
and
any user should be able to request the CU logs pertaining to
themselves
(who CU'ed them, when, and why) at will. I have seen CU's refuse to
provide
information to the accused.
See the Rich Farmbrough ArbCom case where I suspect obvious
fishing,
where
the CU'ed user was requesting information and the CU claimed it
would
be
a
violation of the privacy policy to release the
time/reason/performer
of
the
checkuser.
This screams of obfuscation and the hiding of information. I know
the
ombudsman committee exists as a check and balance, however before
something
can be passed to them evidence of inappropriate action is needed.
Ergo
Catch-22
I know checkusers keep a private wiki https://checkuser.wikimedia.org/wiki/Main_Page and I know
according
to
our
privacy policy we are supposed to purge our information regularly
(on
wiki
CU logs exist for 90 days) however who oversees the regular removal
of
private information on the wiki?
My proposal would be for all users who are at least auto confirmed
to
be
notified and be able to request all CU logs regarding themselves at
any
point, and any mentions of themselves on the CU wiki should be
retrievable.
Perhaps some full disclosure should be made here John. You are a
checkuser
yourself, have access to the checkuser-L mailing list and the
checkuser
wiki, helped to set up the Audit Subcommittee on the English
Wikipedia
(which carries out reviews of checkuser/oversighter actions on
request);
you are also a member of the English Wikipedia functionaries mailing
list
because you are a former arbitrator, a checkuser and an oversighter
on
enwp. (so have access there to express your concerns or suggest
changes
in
standards), It seems you are complaining about a specific case, and instead of talking things out about this specific case, you've
decided
to
propose an entirely different checkusering standard. I'll point out
in
passing that half of the spambots blocked in recent weeks by
checkusers
were autoconfirmed on one or more projects, and even obvious vandals
can
hit the autoconfirmed threshold easily on most projects.
Full disclosure on my part: I am also an Enwp checkuser and a member
of
the
Arbitration Committee.
Risker _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
To be honest the biggest problem is that releasing this information can hurt quite a lot. It can give away the techniques the checkuser (or checkusers, more then one working together is very common to make sure they're right) used to draw the connections. This is especially true for technical information where it can easily give away 'tell-tale' signs used as part of the determination.
Almost every time I've ever seen the information demanded it was quite clear (usually even with out any type of technical information) that the user was guilty as charged and now they just wanted one of those two things: A target (the CU) or the information (to find out where they went wrong).
Yes, if a horrible checkuser was checking you you wouldn't know instantly but that's why we have so many checks and balances. Giving all of this information to everyone, especially automatically, would make it almost infinitely harder for checkusers to do their job.
James
On Wed, Jun 13, 2012 at 6:30 PM, John phoenixoverride@gmail.com wrote:
Risker comment was basically "lets not set a global accountability and ability to get CU related logs of our self on a global level, instead take it to each project and fight it out there" to me that reeks of obfuscation. Realistically this should be a global policy, just like our privacy policy is. Why shouldnt users know when they have been checkusered and why?
On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia Foundation < pbeaudette@wikimedia.org> wrote:
I dunno, John, you almost had me convinced until that email. I saw in
that
mail a reasonable comment from Risker based on long time precedent.
As you may know, there are a number of checks and balances in place. First, the CUs watch each other. With a broad group, you can be assured they don't all always agree and there is healthy debate and dialogue. Second, enwp has an audit subcommittee that routinely audits the logs
with
a fine toothed comb. They are NOT all previous checkusers, to avoid the sort of groupthink that appears to concern you. Then, the WMF has an ombudsman commission, which also may audit with commission from the
Board.
Those people take their role very seriously. And last, anyone with
genuine
privacy concerns can contact the WMF: me, Maggie, anyone in the legal or community advocacy department.
Is it an iron clad assurance of no misbehavior? Probably not, and we
will
continue to get better at it: but I will say that in 3 years of being pretty closely involved with that team, I'm impressed with how much they err on the side of protection of privacy. I have a window into their
world,
and they have my respect.
Best, PB
Philippe Beaudette Director, Community Advocacy Wikimedia Foundation, Inc
Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: John phoenixoverride@gmail.com Sender: wikimedia-l-bounces@lists.wikimedia.org Date: Wed, 13 Jun 2012 21:17:09 To: Wikimedia Mailing Listwikimedia-l@lists.wikimedia.org Reply-To: Wikimedia Mailing List wikimedia-l@lists.wikimedia.org Subject: Re: [Wikimedia-l] CheckUser openness
Yet another attempt from a checkuser to make monitoring their actions and ensuring our privacy more difficult.
On Wed, Jun 13, 2012 at 9:10 PM, Risker risker.wp@gmail.com wrote:
Each project has its own standards and thresholds for when checkusers
may
be done, provided that they are within the limits of the privacy
policy.
These standards vary widely. So, the correct place to discuss this is
on
each project.
Risker
On 13 June 2012 21:02, Thomas Dalton thomas.dalton@gmail.com wrote:
Why shouldn't spambots and vandals be notified? Just have the
software
automatically email anyone that is CUed. Then the threshold is simply whether you have an email address attached to your account or not.
This seems like a good idea. People have a right to know what is
being
done
with their data. On Jun 14, 2012 12:35 AM, "Risker" risker.wp@gmail.com wrote:
On 13 June 2012 19:18, John phoenixoverride@gmail.com wrote:
This is something that has been bugging me for a while. When a
user
has
been checkusered they should at least be notified of who
preformed
it
and
why it was preformed. I know this is not viable for every single
CU
action
as many are for anons. But for those users who have been around
for a
period, (say autoconfirmed) they should be notified when they are
CU'ed
and
any user should be able to request the CU logs pertaining to
themselves
(who CU'ed them, when, and why) at will. I have seen CU's refuse
to
provide
information to the accused.
See the Rich Farmbrough ArbCom case where I suspect obvious
fishing,
where
the CU'ed user was requesting information and the CU claimed it
would
be
a
violation of the privacy policy to release the
time/reason/performer
of
the
checkuser.
This screams of obfuscation and the hiding of information. I know
the
ombudsman committee exists as a check and balance, however before
something
can be passed to them evidence of inappropriate action is needed.
Ergo
Catch-22
I know checkusers keep a private wiki https://checkuser.wikimedia.org/wiki/Main_Page and I know
according
to
our
privacy policy we are supposed to purge our information regularly
(on
wiki
CU logs exist for 90 days) however who oversees the regular
removal
of
private information on the wiki?
My proposal would be for all users who are at least auto
confirmed
to
be
notified and be able to request all CU logs regarding themselves
at
any
point, and any mentions of themselves on the CU wiki should be
retrievable.
Perhaps some full disclosure should be made here John. You are a
checkuser
yourself, have access to the checkuser-L mailing list and the
checkuser
wiki, helped to set up the Audit Subcommittee on the English
Wikipedia
(which carries out reviews of checkuser/oversighter actions on
request);
you are also a member of the English Wikipedia functionaries
mailing
list
because you are a former arbitrator, a checkuser and an oversighter
on
enwp. (so have access there to express your concerns or suggest
changes
in
standards), It seems you are complaining about a specific case,
and
instead of talking things out about this specific case, you've
decided
to
propose an entirely different checkusering standard. I'll point
out
in
passing that half of the spambots blocked in recent weeks by
checkusers
were autoconfirmed on one or more projects, and even obvious
vandals
can
hit the autoconfirmed threshold easily on most projects.
Full disclosure on my part: I am also an Enwp checkuser and a
member
of
the
Arbitration Committee.
Risker _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
I am not asking for checkuser results, rather the basic logs about when/why/who may have checkusered the account. I am not asking CUs to release IP/user-agent/other info, but to let users know that they are being CUed, by whom and why. and to be able to request that historical information from the CU logs
On Wed, Jun 13, 2012 at 9:54 PM, James Alexander jamesofur@gmail.comwrote:
To be honest the biggest problem is that releasing this information can hurt quite a lot. It can give away the techniques the checkuser (or checkusers, more then one working together is very common to make sure they're right) used to draw the connections. This is especially true for technical information where it can easily give away 'tell-tale' signs used as part of the determination.
Almost every time I've ever seen the information demanded it was quite clear (usually even with out any type of technical information) that the user was guilty as charged and now they just wanted one of those two things: A target (the CU) or the information (to find out where they went wrong).
Yes, if a horrible checkuser was checking you you wouldn't know instantly but that's why we have so many checks and balances. Giving all of this information to everyone, especially automatically, would make it almost infinitely harder for checkusers to do their job.
James
On Wed, Jun 13, 2012 at 6:30 PM, John phoenixoverride@gmail.com wrote:
Risker comment was basically "lets not set a global accountability and ability to get CU related logs of our self on a global level, instead
take
it to each project and fight it out there" to me that reeks of
obfuscation.
Realistically this should be a global policy, just like our privacy
policy
is. Why shouldnt users know when they have been checkusered and why?
On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia
Foundation <
pbeaudette@wikimedia.org> wrote:
I dunno, John, you almost had me convinced until that email. I saw in
that
mail a reasonable comment from Risker based on long time precedent.
As you may know, there are a number of checks and balances in place. First, the CUs watch each other. With a broad group, you can be assured they don't all always agree and there is healthy debate and dialogue. Second, enwp has an audit subcommittee that routinely audits the logs
with
a fine toothed comb. They are NOT all previous checkusers, to avoid
the
sort of groupthink that appears to concern you. Then, the WMF has an ombudsman commission, which also may audit with commission from the
Board.
Those people take their role very seriously. And last, anyone with
genuine
privacy concerns can contact the WMF: me, Maggie, anyone in the legal
or
community advocacy department.
Is it an iron clad assurance of no misbehavior? Probably not, and we
will
continue to get better at it: but I will say that in 3 years of being pretty closely involved with that team, I'm impressed with how much
they
err on the side of protection of privacy. I have a window into their
world,
and they have my respect.
Best, PB
Philippe Beaudette Director, Community Advocacy Wikimedia Foundation, Inc
Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: John phoenixoverride@gmail.com Sender: wikimedia-l-bounces@lists.wikimedia.org Date: Wed, 13 Jun 2012 21:17:09 To: Wikimedia Mailing Listwikimedia-l@lists.wikimedia.org Reply-To: Wikimedia Mailing List wikimedia-l@lists.wikimedia.org Subject: Re: [Wikimedia-l] CheckUser openness
Yet another attempt from a checkuser to make monitoring their actions
and
ensuring our privacy more difficult.
On Wed, Jun 13, 2012 at 9:10 PM, Risker risker.wp@gmail.com wrote:
Each project has its own standards and thresholds for when checkusers
may
be done, provided that they are within the limits of the privacy
policy.
These standards vary widely. So, the correct place to discuss this
is
on
each project.
Risker
On 13 June 2012 21:02, Thomas Dalton thomas.dalton@gmail.com
wrote:
Why shouldn't spambots and vandals be notified? Just have the
software
automatically email anyone that is CUed. Then the threshold is
simply
whether you have an email address attached to your account or not.
This seems like a good idea. People have a right to know what is
being
done
with their data. On Jun 14, 2012 12:35 AM, "Risker" risker.wp@gmail.com wrote:
On 13 June 2012 19:18, John phoenixoverride@gmail.com wrote:
> This is something that has been bugging me for a while. When a
user
has
> been checkusered they should at least be notified of who
preformed
it
and
> why it was preformed. I know this is not viable for every
single
CU
action > as many are for anons. But for those users who have been around
for a
> period, (say autoconfirmed) they should be notified when they
are
CU'ed
and > any user should be able to request the CU logs pertaining to
themselves
> (who CU'ed them, when, and why) at will. I have seen CU's
refuse
to
provide > information to the accused. > > See the Rich Farmbrough ArbCom case where I suspect obvious
fishing,
where > the CU'ed user was requesting information and the CU claimed it
would
be
a > violation of the privacy policy to release the
time/reason/performer
of
the > checkuser. > > This screams of obfuscation and the hiding of information. I
know
the
> ombudsman committee exists as a check and balance, however
before
something > can be passed to them evidence of inappropriate action is
needed.
Ergo
> Catch-22 > > I know checkusers keep a private wiki > https://checkuser.wikimedia.org/wiki/Main_Page and I know
according
to
our > privacy policy we are supposed to purge our information
regularly
(on
wiki > CU logs exist for 90 days) however who oversees the regular
removal
of
> private information on the wiki? > > My proposal would be for all users who are at least auto
confirmed
to
be
> notified and be able to request all CU logs regarding
themselves
at
any
> point, and any mentions of themselves on the CU wiki should be retrievable. > > > Perhaps some full disclosure should be made here John. You are a
checkuser
yourself, have access to the checkuser-L mailing list and the
checkuser
wiki, helped to set up the Audit Subcommittee on the English
Wikipedia
(which carries out reviews of checkuser/oversighter actions on
request);
you are also a member of the English Wikipedia functionaries
mailing
list
because you are a former arbitrator, a checkuser and an
oversighter
on
enwp. (so have access there to express your concerns or suggest
changes
in
standards), It seems you are complaining about a specific case,
and
instead of talking things out about this specific case, you've
decided
to
propose an entirely different checkusering standard. I'll point
out
in
passing that half of the spambots blocked in recent weeks by
checkusers
were autoconfirmed on one or more projects, and even obvious
vandals
can
hit the autoconfirmed threshold easily on most projects.
Full disclosure on my part: I am also an Enwp checkuser and a
member
of
the
Arbitration Committee.
Risker _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
-- James Alexander jamesofur@gmail.com _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
So User:mfgaowener should get an automated mail saying "because you did a pagemove with edit summary "Haggggers!" you were checkusered. Please be more subtle in your vandalism next time."
I trust the current checks and balances, and I don't think the system is getting significant levels of abuse.
On Thu, Jun 14, 2012 at 3:36 AM, David Richfield davidrichfield@gmail.comwrote:
So User:mfgaowener should get an automated mail saying "because you did a pagemove with edit summary "Haggggers!" you were checkusered. Please be more subtle in your vandalism next time."
I trust the current checks and balances, and I don't think the system is getting significant levels of abuse.
+1 on this. The methods that checkusers have are heavily constrained as it
is by privacy concerns, and they are very fragile. They only work effectively within the tight privacy restrictions with a certain amount of security through obscurity. For one, a checkuser needs to be able to monitor a situation sometimes to be sure that they are casting a wide enough net for a block to be effective. For another, the standard of reasonable suspicion placed on the checkuser tool is high enough that with enough practice, vandals would learn to be careful to never justify a checkuser request within the privacy guidelines.
We're between a rock and a hard place, because to give the transparency being asked for, we'd enter an arms race where we'd quickly have to relax the checkuser standards to the point where it becomes "anything goes so long as you don't disclose it".
-Stephanie
I am not asking for full disclosure, what I am asking is that established user have the right to be notified when and why they are being checkusered. The evidence checkusers get do not need to be disclosed, Its as simple as:
X performed a checkuser on you because Y at Z UTC
that provides clarity and openness while keeping the information checkusers use confidential. A note like that would provide vandals with very little information. And the second step of defining a threshold would eliminate most of the vandal checks.
To me this screams of lets keep oversight of checkuser to a minimum. Right now there is the ombudsman committee globally (to ask for review from them we need evidence, realistically only other checkusers can provide that) and on enwp there is the Audit Subcommittee, which 75% of are either arbcom members (be defacto are granted CU ), former arbcom, or former CU. To me that really reeks of lack of independent oversight. Notifying an established user that they are subject to a CU doesnt harm the CU's ability to do their job unless they themselves have something to hide. Its not like I am asking for CU's to release IP addresses/user-agents or anything else that could assist me in avoiding scrutiny.
On Thu, Jun 14, 2012 at 3:48 AM, Stephanie Daugherty sdaugherty@gmail.comwrote:
On Thu, Jun 14, 2012 at 3:36 AM, David Richfield davidrichfield@gmail.comwrote:
So User:mfgaowener should get an automated mail saying "because you did a pagemove with edit summary "Haggggers!" you were checkusered. Please be more subtle in your vandalism next time."
I trust the current checks and balances, and I don't think the system is getting significant levels of abuse.
+1 on this. The methods that checkusers have are heavily constrained as
it is by privacy concerns, and they are very fragile. They only work effectively within the tight privacy restrictions with a certain amount of security through obscurity. For one, a checkuser needs to be able to monitor a situation sometimes to be sure that they are casting a wide enough net for a block to be effective. For another, the standard of reasonable suspicion placed on the checkuser tool is high enough that with enough practice, vandals would learn to be careful to never justify a checkuser request within the privacy guidelines.
We're between a rock and a hard place, because to give the transparency being asked for, we'd enter an arms race where we'd quickly have to relax the checkuser standards to the point where it becomes "anything goes so long as you don't disclose it".
-Stephanie _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
On Thu, Jun 14, 2012 at 4:07 PM, John phoenixoverride@gmail.com wrote:
I am not asking for full disclosure, what I am asking is that established user have the right to be notified when and why they are being checkusered. The evidence checkusers get do not need to be disclosed, Its as simple as:
X performed a checkuser on you because Y at Z UTC
that provides clarity and openness while keeping the information checkusers use confidential. A note like that would provide vandals with very little information. And the second step of defining a threshold would eliminate most of the vandal checks.
To me this screams of lets keep oversight of checkuser to a minimum. Right now there is the ombudsman committee globally (to ask for review from them we need evidence, realistically only other checkusers can provide that) and on enwp there is the Audit Subcommittee, which 75% of are either arbcom members (be defacto are granted CU ), former arbcom, or former CU. To me that really reeks of lack of independent oversight. Notifying an established user that they are subject to a CU doesnt harm the CU's ability to do their job unless they themselves have something to hide. Its not like I am asking for CU's to release IP addresses/user-agents or anything else that could assist me in avoiding scrutiny.
Don't even need to go that far - just say "A checkuser viewed the information stored by the web server about you, this information may include [[xyz list if informations]]."
On 14 June 2012 16:36, Nathan nawrich@gmail.com wrote:
On Thu, Jun 14, 2012 at 4:07 PM, John phoenixoverride@gmail.com wrote:
I am not asking for full disclosure, what I am asking is that established user have the right to be notified when and why they are being
checkusered.
The evidence checkusers get do not need to be disclosed, Its as simple
as:
X performed a checkuser on you because Y at Z UTC
that provides clarity and openness while keeping the information
checkusers
use confidential. A note like that would provide vandals with very little information. And the second step of defining a threshold would eliminate most of the vandal checks.
To me this screams of lets keep oversight of checkuser to a minimum.
Right
now there is the ombudsman committee globally (to ask for review from
them
we need evidence, realistically only other checkusers can provide that) and on enwp there is the Audit Subcommittee, which 75% of are either
arbcom
members (be defacto are granted CU ), former arbcom, or former CU. To me that really reeks of lack of independent oversight. Notifying an established user that they are subject to a CU doesnt harm the CU's
ability
to do their job unless they themselves have something to hide. Its not
like
I am asking for CU's to release IP addresses/user-agents or anything else that could assist me in avoiding scrutiny.
Don't even need to go that far - just say "A checkuser viewed the information stored by the web server about you, this information may include [[xyz list if informations]]."
I do see where folks are coming from. To the best of my knowledge, for the past few years on English Wikipedia anyone who has asked the Audit Subcommittee if they have been checked has been told the correct response, and I think this is a good thing.
On the other hand, what's being proposed here is essentially providing sockpuppeters or otherwise disruptive users (such as those under certain types of sanctions) a how-to guide so they can avoid detection in the future.
Risker
On Thu, Jun 14, 2012 at 4:52 PM, Risker risker.wp@gmail.com wrote:
I do see where folks are coming from. To the best of my knowledge, for the past few years on English Wikipedia anyone who has asked the Audit Subcommittee if they have been checked has been told the correct response, and I think this is a good thing.
On the other hand, what's being proposed here is essentially providing sockpuppeters or otherwise disruptive users (such as those under certain types of sanctions) a how-to guide so they can avoid detection in the future.
Risker
Can you explain how this is so? I did a fair amount of work at SPI as a clerk, and I'm not sure I understand how the mere fact that a check was performed is giving sockpuppeters a roadmap for how to avoid detection. If you mean they could test the CU net by running a bunch of socks on different strategies to see which get checked and which don't, that seems like a lot of work that a vanishingly small number of abusers would attempt... and also basically the same information as they would receive when those sock accounts are ultimately blocked or not blocked per CU.
~Nathan
On Thu, Jun 14, 2012 at 4:07 PM, John phoenixoverride@gmail.com wrote:
I am not asking for full disclosure, what I am asking is that established user have the right to be notified when and why they are being checkusered. The evidence checkusers get do not need to be disclosed, Its as simple as:
X performed a checkuser on you because Y at Z UTC
that provides clarity and openness while keeping the information checkusers use confidential. A note like that would provide vandals with very little information. And the second step of defining a threshold would eliminate most of the vandal checks.
To me this screams of lets keep oversight of checkuser to a minimum. Right now there is the ombudsman committee globally (to ask for review from them we need evidence, realistically only other checkusers can provide that) and on enwp there is the Audit Subcommittee, which 75% of are either arbcom members (be defacto are granted CU ), former arbcom, or former CU. To me that really reeks of lack of independent oversight. Notifying an established user that they are subject to a CU doesnt harm the CU's ability to do their job unless they themselves have something to hide. Its not like I am asking for CU's to release IP addresses/user-agents or anything else that could assist me in avoiding scrutiny.
John, I strongly disagree with your comment.
"Notifying an established user that they are subject to a CU doesn't harm the CU's ability to do their job unless they themselves have something to hide. Its not like I am asking for CU's to release IP addresses/user-agents or anything else that could assist me in avoiding scrutiny."
The requirement that the checkuser inform community members that their private data has been viewed would be a large task that could only be done effectively by using a bot. But the questions would need to be responded to by checkusers and would needlessly tie up volunteer time for no real reason. People who share a range with vandals or prolific sockmasters could get inundated with notifications because they show up on those ranges.
Additionally, it is common for checkusers to watch an account's editing pattern in addition to looking at checkuser data in order to determine if the user is a sock. Telling the user that they have been subject to a checkuser would take away this very useful practice, unnecessarily alarm members of the community when they show up in checks while alerting problematic users that we are focusing on them or their ip range.
When users edit WMF sites they must agree that their data will be captured and used in limited ways. See the Terms of use and the privacy policy.
http://meta.wikimedia.org/wiki/Terms_of_use#2._Privacy_Policy
http://wikimediafoundation.org/wiki/Privacy_Policy#Purpose_of_the_collection...
I don't see any reason to alter a system that seems to be working well now.
Sydney Poore User:FloNight Member Ombudsmen Commission but speaking only for myself.
On Thu, Jun 14, 2012 at 3:48 AM, Stephanie Daugherty sdaugherty@gmail.comwrote:
On Thu, Jun 14, 2012 at 3:36 AM, David Richfield davidrichfield@gmail.comwrote:
So User:mfgaowener should get an automated mail saying "because you did a pagemove with edit summary "Haggggers!" you were checkusered. Please be more subtle in your vandalism next time."
I trust the current checks and balances, and I don't think the system is getting significant levels of abuse.
+1 on this. The methods that checkusers have are heavily constrained as
it is by privacy concerns, and they are very fragile. They only work effectively within the tight privacy restrictions with a certain amount
of
security through obscurity. For one, a checkuser needs to be able to monitor a situation sometimes to be sure that they are casting a wide enough net for a block to be effective. For another, the standard of reasonable suspicion placed on the checkuser tool is high enough that
with
enough practice, vandals would learn to be careful to never justify a checkuser request within the privacy guidelines.
We're between a rock and a hard place, because to give the transparency being asked for, we'd enter an arms race where we'd quickly have to relax the checkuser standards to the point where it becomes "anything goes so long as you don't disclose it".
-Stephanie _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Here is the log, from my home wiki, as you requested:
http://en.wikisource.org/wiki/Ws:an#Checkuser_notification
As others have said this is a community dependent issue. The wikis are self-governing and some govern with (largely) publicly transparent logs available (I am not a CU and honestly can't recall what the exception to logging might be at en.WS, but I think there is some provision for CU to make a judgement call) and some govern themselves by not making any logs available in public. I believe there are probably even communities that are 100% transparent. I can't remember who it was that wouldn't allow their CUs to join the interchange CU private list, maybe one of the French wikis?
This, like most things, is an issue were you would need to develop community consensus to change how we are governing ourselves. Since you do not say which wiki you are concerned with, it is safe to assume you mean to accuse en.WP of poor standards of practice wrt CU transparency. You can only resolve this on en.WP, not here. However much you might or might not find agreement here on best practices, the mailing list doesn't govern en.WP.
BirgitteSB
On Jun 13, 2012, at 8:58 PM, John phoenixoverride@gmail.com wrote:
I am not asking for checkuser results, rather the basic logs about when/why/who may have checkusered the account. I am not asking CUs to release IP/user-agent/other info, but to let users know that they are being CUed, by whom and why. and to be able to request that historical information from the CU logs
On Wed, Jun 13, 2012 at 9:54 PM, James Alexander jamesofur@gmail.comwrote:
To be honest the biggest problem is that releasing this information can hurt quite a lot. It can give away the techniques the checkuser (or checkusers, more then one working together is very common to make sure they're right) used to draw the connections. This is especially true for technical information where it can easily give away 'tell-tale' signs used as part of the determination.
Almost every time I've ever seen the information demanded it was quite clear (usually even with out any type of technical information) that the user was guilty as charged and now they just wanted one of those two things: A target (the CU) or the information (to find out where they went wrong).
Yes, if a horrible checkuser was checking you you wouldn't know instantly but that's why we have so many checks and balances. Giving all of this information to everyone, especially automatically, would make it almost infinitely harder for checkusers to do their job.
James
On Wed, Jun 13, 2012 at 6:30 PM, John phoenixoverride@gmail.com wrote:
Risker comment was basically "lets not set a global accountability and ability to get CU related logs of our self on a global level, instead
take
it to each project and fight it out there" to me that reeks of
obfuscation.
Realistically this should be a global policy, just like our privacy
policy
is. Why shouldnt users know when they have been checkusered and why?
On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia
Foundation <
pbeaudette@wikimedia.org> wrote:
I dunno, John, you almost had me convinced until that email. I saw in
that
mail a reasonable comment from Risker based on long time precedent.
As you may know, there are a number of checks and balances in place. First, the CUs watch each other. With a broad group, you can be assured they don't all always agree and there is healthy debate and dialogue. Second, enwp has an audit subcommittee that routinely audits the logs
with
a fine toothed comb. They are NOT all previous checkusers, to avoid
the
sort of groupthink that appears to concern you. Then, the WMF has an ombudsman commission, which also may audit with commission from the
Board.
Those people take their role very seriously. And last, anyone with
genuine
privacy concerns can contact the WMF: me, Maggie, anyone in the legal
or
community advocacy department.
Is it an iron clad assurance of no misbehavior? Probably not, and we
will
continue to get better at it: but I will say that in 3 years of being pretty closely involved with that team, I'm impressed with how much
they
err on the side of protection of privacy. I have a window into their
world,
and they have my respect.
Best, PB
Philippe Beaudette Director, Community Advocacy Wikimedia Foundation, Inc
Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: John phoenixoverride@gmail.com Sender: wikimedia-l-bounces@lists.wikimedia.org Date: Wed, 13 Jun 2012 21:17:09 To: Wikimedia Mailing Listwikimedia-l@lists.wikimedia.org Reply-To: Wikimedia Mailing List wikimedia-l@lists.wikimedia.org Subject: Re: [Wikimedia-l] CheckUser openness
Yet another attempt from a checkuser to make monitoring their actions
and
ensuring our privacy more difficult.
On Wed, Jun 13, 2012 at 9:10 PM, Risker risker.wp@gmail.com wrote:
Each project has its own standards and thresholds for when checkusers
may
be done, provided that they are within the limits of the privacy
policy.
These standards vary widely. So, the correct place to discuss this
is
on
each project.
Risker
On 13 June 2012 21:02, Thomas Dalton thomas.dalton@gmail.com
wrote:
Why shouldn't spambots and vandals be notified? Just have the
software
automatically email anyone that is CUed. Then the threshold is
simply
whether you have an email address attached to your account or not.
This seems like a good idea. People have a right to know what is
being
done
with their data. On Jun 14, 2012 12:35 AM, "Risker" risker.wp@gmail.com wrote:
> On 13 June 2012 19:18, John phoenixoverride@gmail.com wrote: > >> This is something that has been bugging me for a while. When a
user
has
>> been checkusered they should at least be notified of who
preformed
it
and >> why it was preformed. I know this is not viable for every
single
CU
> action >> as many are for anons. But for those users who have been around
for a
>> period, (say autoconfirmed) they should be notified when they
are
CU'ed
> and >> any user should be able to request the CU logs pertaining to
themselves
>> (who CU'ed them, when, and why) at will. I have seen CU's
refuse
to
> provide >> information to the accused. >> >> See the Rich Farmbrough ArbCom case where I suspect obvious
fishing,
> where >> the CU'ed user was requesting information and the CU claimed it
would
be > a >> violation of the privacy policy to release the
time/reason/performer
of
> the >> checkuser. >> >> This screams of obfuscation and the hiding of information. I
know
the
>> ombudsman committee exists as a check and balance, however
before
> something >> can be passed to them evidence of inappropriate action is
needed.
Ergo
>> Catch-22 >> >> I know checkusers keep a private wiki >> https://checkuser.wikimedia.org/wiki/Main_Page and I know
according
to
> our >> privacy policy we are supposed to purge our information
regularly
(on
> wiki >> CU logs exist for 90 days) however who oversees the regular
removal
of
>> private information on the wiki? >> >> My proposal would be for all users who are at least auto
confirmed
to
be >> notified and be able to request all CU logs regarding
themselves
at
any
>> point, and any mentions of themselves on the CU wiki should be > retrievable. >> >> >> > Perhaps some full disclosure should be made here John. You are a checkuser > yourself, have access to the checkuser-L mailing list and the
checkuser
> wiki, helped to set up the Audit Subcommittee on the English
Wikipedia
> (which carries out reviews of checkuser/oversighter actions on
request);
> you are also a member of the English Wikipedia functionaries
mailing
list
> because you are a former arbitrator, a checkuser and an
oversighter
on
> enwp. (so have access there to express your concerns or suggest
changes
in > standards), It seems you are complaining about a specific case,
and
> instead of talking things out about this specific case, you've
decided
to
> propose an entirely different checkusering standard. I'll point
out
in
> passing that half of the spambots blocked in recent weeks by
checkusers
> were autoconfirmed on one or more projects, and even obvious
vandals
can
> hit the autoconfirmed threshold easily on most projects. > > Full disclosure on my part: I am also an Enwp checkuser and a
member
of
the > Arbitration Committee. > > Risker > _______________________________________________ > Wikimedia-l mailing list > Wikimedia-l@lists.wikimedia.org > Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
-- James Alexander jamesofur@gmail.com _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
No that is not a fair characterization. Risker explained that these things are handled by each project, not hide her true intentions toward your campaign, but because it ii the way things are. And it is not at all particular to CU issues. What really "reeks of obfuscation" is using words and phrasing that requires native level English skills to campaign for a policy that you wish to impose on the Tosk Albanian, and all other, projects.
Self-governing communities work for the most part. Which is more than can be said about the alternatives, and there are ghost wikis all over the Internet to prove the point.
BirgitteSB
On Jun 13, 2012, at 8:30 PM, John phoenixoverride@gmail.com wrote:
Risker comment was basically "lets not set a global accountability and ability to get CU related logs of our self on a global level, instead take it to each project and fight it out there" to me that reeks of obfuscation. Realistically this should be a global policy, just like our privacy policy is. Why shouldnt users know when they have been checkusered and why?
On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia Foundation < pbeaudette@wikimedia.org> wrote:
I dunno, John, you almost had me convinced until that email. I saw in that mail a reasonable comment from Risker based on long time precedent.
As you may know, there are a number of checks and balances in place. First, the CUs watch each other. With a broad group, you can be assured they don't all always agree and there is healthy debate and dialogue. Second, enwp has an audit subcommittee that routinely audits the logs with a fine toothed comb. They are NOT all previous checkusers, to avoid the sort of groupthink that appears to concern you. Then, the WMF has an ombudsman commission, which also may audit with commission from the Board. Those people take their role very seriously. And last, anyone with genuine privacy concerns can contact the WMF: me, Maggie, anyone in the legal or community advocacy department.
Is it an iron clad assurance of no misbehavior? Probably not, and we will continue to get better at it: but I will say that in 3 years of being pretty closely involved with that team, I'm impressed with how much they err on the side of protection of privacy. I have a window into their world, and they have my respect.
Best, PB
Philippe Beaudette Director, Community Advocacy Wikimedia Foundation, Inc
Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: John phoenixoverride@gmail.com Sender: wikimedia-l-bounces@lists.wikimedia.org Date: Wed, 13 Jun 2012 21:17:09 To: Wikimedia Mailing Listwikimedia-l@lists.wikimedia.org Reply-To: Wikimedia Mailing List wikimedia-l@lists.wikimedia.org Subject: Re: [Wikimedia-l] CheckUser openness
Yet another attempt from a checkuser to make monitoring their actions and ensuring our privacy more difficult.
On Wed, Jun 13, 2012 at 9:10 PM, Risker risker.wp@gmail.com wrote:
Each project has its own standards and thresholds for when checkusers may be done, provided that they are within the limits of the privacy policy. These standards vary widely. So, the correct place to discuss this is on each project.
Risker
On 13 June 2012 21:02, Thomas Dalton thomas.dalton@gmail.com wrote:
Why shouldn't spambots and vandals be notified? Just have the software automatically email anyone that is CUed. Then the threshold is simply whether you have an email address attached to your account or not.
This seems like a good idea. People have a right to know what is being
done
with their data. On Jun 14, 2012 12:35 AM, "Risker" risker.wp@gmail.com wrote:
On 13 June 2012 19:18, John phoenixoverride@gmail.com wrote:
This is something that has been bugging me for a while. When a user
has
been checkusered they should at least be notified of who preformed
it
and
why it was preformed. I know this is not viable for every single CU
action
as many are for anons. But for those users who have been around
for a
period, (say autoconfirmed) they should be notified when they are
CU'ed
and
any user should be able to request the CU logs pertaining to
themselves
(who CU'ed them, when, and why) at will. I have seen CU's refuse to
provide
information to the accused.
See the Rich Farmbrough ArbCom case where I suspect obvious
fishing,
where
the CU'ed user was requesting information and the CU claimed it
would
be
a
violation of the privacy policy to release the
time/reason/performer
of
the
checkuser.
This screams of obfuscation and the hiding of information. I know
the
ombudsman committee exists as a check and balance, however before
something
can be passed to them evidence of inappropriate action is needed.
Ergo
Catch-22
I know checkusers keep a private wiki https://checkuser.wikimedia.org/wiki/Main_Page and I know
according
to
our
privacy policy we are supposed to purge our information regularly
(on
wiki
CU logs exist for 90 days) however who oversees the regular removal
of
private information on the wiki?
My proposal would be for all users who are at least auto confirmed
to
be
notified and be able to request all CU logs regarding themselves at
any
point, and any mentions of themselves on the CU wiki should be
retrievable.
Perhaps some full disclosure should be made here John. You are a
checkuser
yourself, have access to the checkuser-L mailing list and the
checkuser
wiki, helped to set up the Audit Subcommittee on the English
Wikipedia
(which carries out reviews of checkuser/oversighter actions on
request);
you are also a member of the English Wikipedia functionaries mailing
list
because you are a former arbitrator, a checkuser and an oversighter
on
enwp. (so have access there to express your concerns or suggest
changes
in
standards), It seems you are complaining about a specific case, and instead of talking things out about this specific case, you've
decided
to
propose an entirely different checkusering standard. I'll point out
in
passing that half of the spambots blocked in recent weeks by
checkusers
were autoconfirmed on one or more projects, and even obvious vandals
can
hit the autoconfirmed threshold easily on most projects.
Full disclosure on my part: I am also an Enwp checkuser and a member
of
the
Arbitration Committee.
Risker _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia Foundation < pbeaudette@wikimedia.org> wrote:
I dunno, John, you almost had me convinced until that email. I saw in that mail a reasonable comment from Risker based on long time precedent.
As you may know, there are a number of checks and balances in place. First, the CUs watch each other. With a broad group, you can be assured they don't all always agree and there is healthy debate and dialogue. Second, enwp has an audit subcommittee that routinely audits the logs with a fine toothed comb. They are NOT all previous checkusers, to avoid the sort of groupthink that appears to concern you. Then, the WMF has an ombudsman commission, which also may audit with commission from the Board. Those people take their role very seriously. And last, anyone with genuine privacy concerns can contact the WMF: me, Maggie, anyone in the legal or community advocacy department.
Is it an iron clad assurance of no misbehavior? Probably not, and we will continue to get better at it: but I will say that in 3 years of being pretty closely involved with that team, I'm impressed with how much they err on the side of protection of privacy. I have a window into their world, and they have my respect.
Best, PB
Philippe Beaudette Director, Community Advocacy Wikimedia Foundation, Inc
There is also the Meta checkuser policy; not all policy guidance for checkusers is set locally, they all have to abide by the global policy on checkuser usage (which incorporates by reference the privacy policy).
To make an analogy to the health world... In the United States, the privacy and security of health information is governed by the Health Insurance Portability And Accountability Act (HIPAA). Part of the act is the requirement that access to health information be auditable, and that an accounting of access to protected information be provided to the person concerned upon request. It's not that far out to suggest that people should be notified when their personally identifying information is accessed on Wikimedia, if we invest that information with the significance that many wish to. To be honest, I'm surprised Risker doesn't agree, given the emphasis on personal privacy demonstrated in the IPv6 thread on this list.
Nathan
wikimedia-l@lists.wikimedia.org