Hi all,
On 27 April 2013, one of our then-Commons checkusers ran a check on my account on that project. I only found out this information in May of this year, after twelve months of asking the simple question -- was a checkuser run on my account? For twelve months this question went unanswered by checkusers on Commons. I always made it clear when I asked that I only wanted the opportunity to discuss the issue privately with the CU concerned.
On 14 May 2014, I had a discussion with a steward on the issue of editors finding out whether CUs have been run on oneself and what information, if any, should be given. It was their opinion that if they were asked they would confirm:
1) whether a CU was done, 2) who ran the checkuser, 3) the date it was run, and 4) depending on circumstances, the reason for the CU (in some instances divulging the reason may breach the privacy of another editor, and it is fair enough)
I relayed this information to a Commons checkuser on the same day, and mentioned that for 12 months neither 1, 2, 3 or 4 was ever divulged to me. They confirmed for me that a checkuser was indeed done on me on Commons in April 2013 and the reason for it being done was (along the lines of) "contact me for more info". They said they would check with other CU's whether they should divulge who ran the CU, and I re-iterated what I was told by a steward, but agreed to wait for an answer.
The following day (15 May 2014) I asked another CU privately on IRC about the outstanding issue, and I was told that it was decided that they would not tell me who ran the CU, because:
"(w)e see no advantages in telling you, only disadvantages."
On 16 May 2014 I sent in a written complaint to the CU Ombusdman. In my complaint I outlined what it was that required:
"With that said, I kindly request that the Commission investigate: * (1) on what grounds a CheckUser action was performed on my account on Wikimedia Commons, * (2) who requested that it be performed on Commons, and * (3) who fulfilled the request.
Given the apparently very serious breach of the CheckUser policy, I ask that the user who performed that action be immediately removed from their position as a Wikimedia Commons CheckUser."
On 27 May 2014 I received an email back from the OC which basically said that because no personal information was divulged, there was no breach of the WMF Privacy Policy. It also said that they would inform the WMF about the case, and if I had any further information on who "released such information" then I should contact them.
On 28 May 2014 I wrote back to the OC and informed that I was not complaining about the fact I was given any of my CU information, but rather I was complaining about the very fact that a CU was done. I again asked them to investigate the case.
On 6 June 2014 I heard back from the OC and they stated that my complaint was being forwarded to the Wikimedia Foundation and that they had been informed about the possible running of an unnecessary CU, in addition to the possible release of CU logs. Additionally, I was told that the OC would relay to me once they had it from the Board.
It should at this time be noted, that on 16 May 2014, I was forwarded by a friendly steward the entire log of the #wikimedia-stewards-internal channel on IRC. As part of this log, one steward told the channel that I was complaining about a CU leak (I wasn't) and that they had lodged a complaint with the OC. Aside from accidentally the pertinent part of the log into the stewards private chat window, I also informed them that there was no leak. I should mention the fact that the stewards private channel logs had been leaked to me also created a shitstorm in that channel (for which I was also provided logs).
However, in private discussions with someone in the know, I was informed about two pieces of information pertaining as to why the OC was not able to investigate and had instead forwarded it to the WMF Board to investigate.
1) There was indeed a leak of my CU data. An unknown Commons CU had indeed leaked my CU data to another person who was NOT a CU on Commons. The information given to this non-CU person included the very name of the person who ran the CU on me; information which was so sensitive to keep from me, but not sensitive enough that it was able to be shared with every Tom, Dick and Harry that wasn't me. 2) The CU who ran the check is no longer participating on WMF projects and hence the OC was not able to get answers from them. Only 5 Commons checkusers used the tool in April 2013,[1] and only one of these is no longer on our projects. One CU did indeed leave all projects not long after I started asking questions in May/June 2013.
On 15 June 2014, I contacted Legal and the WMF Board and asked for information on where the investigation was at, and noted that given the timeframe that this has been an ongoing issue I would appreciate a speedy resolution.
On 2 July 2014 I was contacted by someone within Legal informing me that it was their understanding that "the Ombudsman Commission has finished its investigation into this matter and has already communicated its decision to you."
On 5 July 2014, I wrote back informing the person within Legal that they were mistaken in their belief and that the issue is not resolved at all. I also asked them to give this issue some priority given the length of time that it has dragged out for.
To date, I have yet to hear another word from Legal, the Ombudsman Commission, nor the WMF Board.
Given this, I am asking very publicly the following questions:
* (1) on what grounds a CheckUser action was performed on my account on Wikimedia Commons? * (2) who requested that it be performed on Commons? * (3) who fulfilled the request? * (4) why is it acceptable for CUs to share actions related to my account with non-CUs whilst at the same time actively keeping this information from me? * (5) why are complaints such as this actively ignored by the WMF Board?
Thanks for your attention and reply.
Russavia
[1] https://commons.wikimedia.org/w/index.php?title=Commons:Checkusers/Statistic...
On Fri, Aug 1, 2014 at 4:19 PM, Russavia russavia.wikipedia@gmail.com wrote:
Commission, nor the WMF Board.
Given this, I am asking very publicly the following questions:
- (1) on what grounds a CheckUser action was performed on my account
on Wikimedia Commons?
- (2) who requested that it be performed on Commons?
- (3) who fulfilled the request?
- (4) why is it acceptable for CUs to share actions related to my
account with non-CUs whilst at the same time actively keeping this information from me?
- (5) why are complaints such as this actively ignored by the WMF Board?
Thanks for your attention and reply.
Russavia
Are you able to specify which policy or statement entitles you to the information you request? I can find no basis for it in the privacy policy, the Meta checkuser policy or the checkuser page on Commons. Can you also outline for your audience what harm you believe you have suffered?
Here's why I ask the second question: Following your breadcrumbs led me to only one CU, but I was puzzled to discover this comment from you on this users talk page "let me say thank you from myself and the rest of the community for all the great work you've done on this project over the years." Puzzled because it was left several weeks after you say you filed a formal complaint.
On Sat, Aug 2, 2014 at 7:25 AM, Nathan nawrich@gmail.com wrote:
Are you able to specify which policy or statement entitles you to the information you request? I can find no basis for it in the privacy policy, the Meta checkuser policy or the checkuser page on Commons. Can you also outline for your audience what harm you believe you have suffered?
Regarding policy, Russavia is claiming that the CU results were given to someone who wasnt a CU on Commons. In my experience sometimes that happens in cross-wiki investigations, but it should not be given to someone who isnt a CU anywhere, and it would be a very clear violation of CU policy for it to have been given to someone who wasnt WMF identified. It would be good if Russavia could clarify, and/or the OC could confirm, that the person who received the CU data was WMF identified at least.
I am guessing that Russavia has yet to hear how the CU on his account complies with the CU policy. There must be a valid reason to check a user. Was there a serious concern that Russavia was using alternative accounts in a prohibited manner? Was he vandalising? Hmm.
CU's performing unwarranted CU investigations on users harms the entire project. This is especially true of regular contributors, as their CU data often provides a lot of information about their daily lives, and may 'reveal' real life connections with other contributors, sometimes very explicitly and other times it is vaguely and unwarranted suspicions are formed and rumours spread.
Here's why I ask the second question: Following your breadcrumbs led me to only one CU, but I was puzzled to discover this comment from you on this users talk page "let me say thank you from myself and the rest of the community for all the great work you've done on this project over the years." Puzzled because it was left several weeks after you say you filed a formal complaint.
Russavia said something nice to someone in 2013 on their retirement, and raised a formal complaint about an unknown CU's action in 2014. How are these related??
That a well respected CU has retired isnt a good reason for the OC to not investigate a complaint, especially if that CU data was passed around. It may make the investigation less fruitful, and it is a good reason for the outcome to be measured against the good done by the volunteer when they were active. Mistakes happen. Usually apologies follow, and that is the end of it, or maybe some lessons learnt bring about improvements to the system.
-- John Vandenberg
On Sat, Aug 2, 2014 at 7:25 AM, John Mark Vandenberg jayvdb@gmail.com wrote:
On Sat, Aug 2, 2014 at 7:25 AM, Nathan nawrich@gmail.com wrote:
Are you able to specify which policy or statement entitles you to the information you request? I can find no basis for it in the privacy policy, the Meta checkuser policy or the checkuser page on Commons. Can you also outline for your audience what harm you believe you have suffered?
Regarding policy, Russavia is claiming that the CU results were given to someone who wasnt a CU on Commons. In my experience sometimes that happens in cross-wiki investigations, but it should not be given to someone who isnt a CU anywhere, and it would be a very clear violation of CU policy for it to have been given to someone who wasnt WMF identified. It would be good if Russavia could clarify, and/or the OC could confirm, that the person who received the CU data was WMF identified at least.
this is the policy? http://meta.wikimedia.org/wiki/CheckUser_policy
i personally do not care about the russavia case in particular i must say. but i care about the (non-)care of persons having access to account data triggered by a bad policy. imo * checkuser usage must be requested traceable * checkuser usage must be done traceable * data retrieved via checkuser usage must not be given outside the persons authorized to have technical access right to this data anyway.
rupert
On 2 August 2014 17:18, rupert THURNER rupert.thurner@gmail.com wrote:
...
i personally do not care about the russavia case in particular i must say. but i care about the (non-)care of persons having access to account data triggered by a bad policy. imo
- checkuser usage must be requested traceable
- checkuser usage must be done traceable
- data retrieved via checkuser usage must not be given outside the
persons authorized to have technical access right to this data anyway.
CheckUser usage is logged internally, Although the logs are not maintained indefinitely due to possible privacy issues.
I believe from memory it's approximately three (3) months at the current stage.
On Sat, Aug 2, 2014 at 9:19 PM, K. Peachey p858snake@gmail.com wrote:
On 2 August 2014 17:18, rupert THURNER rupert.thurner@gmail.com wrote:
...
i personally do not care about the russavia case in particular i must say. but i care about the (non-)care of persons having access to account data triggered by a bad policy. imo
- checkuser usage must be requested traceable
- checkuser usage must be done traceable
- data retrieved via checkuser usage must not be given outside the
persons authorized to have technical access right to this data anyway.
CheckUser usage is logged internally, Although the logs are not maintained indefinitely due to possible privacy issues.
I believe from memory it's approximately three (3) months at the current stage. _______________________________________________
I could be wrong, but it was my understanding that the logs are maintained indefinitely but the data is retained for only 3 months (i.e. the results of the check that is recorded in the log).
On Sun, Aug 3, 2014 at 11:31 AM, Nathan nawrich@gmail.com wrote:
..
I could be wrong, but it was my understanding that the logs are maintained indefinitely but the data is retained for only 3 months (i.e. the results of the check that is recorded in the log).
The checkuser log are kept indefinitely, but it only records what usernames/IPs that were checked (i.e. the query), and the reason given by the checkuser for the check.
It does not record the results of the query.
That said, the sequence of checks run by a CU often creates a permanent record in the private CU log of an persons likely IP addresses. e.g. the log may contain a check on an account, with a reason given, followed by checks on IPs, with the same reason logged.
I have to say that there is an unnecessary lack of transparency which seems to get worse. In or around May 2012 I emailed the audit committee on EN:WP to ask about checkuser run on my account and got a polite and informative reply. In or around May 2014 an identically worded query got a polite refusal.
Note, incidentally that those who run checkuser are often working from the UK, and are quite likely under a legal obligation make this information available.
On 3 August 2014 03:15, John Mark Vandenberg jayvdb@gmail.com wrote:
On Sun, Aug 3, 2014 at 11:31 AM, Nathan nawrich@gmail.com wrote:
..
I could be wrong, but it was my understanding that the logs are
maintained
indefinitely but the data is retained for only 3 months (i.e. the results of the check that is recorded in the log).
The checkuser log are kept indefinitely, but it only records what usernames/IPs that were checked (i.e. the query), and the reason given by the checkuser for the check.
It does not record the results of the query.
That said, the sequence of checks run by a CU often creates a permanent record in the private CU log of an persons likely IP addresses. e.g. the log may contain a check on an account, with a reason given, followed by checks on IPs, with the same reason logged.
-- John Vandenberg
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Contrary to an individual request for information (who did ABC) I guess that such a process question would be perfect for the ombuds committee (was this process correctly followed) or by extension the board.
Lodewijk
2014-08-03 21:45 GMT+02:00 Richard Farmbrough richard@farmbrough.co.uk:
I have to say that there is an unnecessary lack of transparency which seems to get worse. In or around May 2012 I emailed the audit committee on EN:WP to ask about checkuser run on my account and got a polite and informative reply. In or around May 2014 an identically worded query got a polite refusal.
Note, incidentally that those who run checkuser are often working from the UK, and are quite likely under a legal obligation make this information available.
On 3 August 2014 03:15, John Mark Vandenberg jayvdb@gmail.com wrote:
On Sun, Aug 3, 2014 at 11:31 AM, Nathan nawrich@gmail.com wrote:
..
I could be wrong, but it was my understanding that the logs are
maintained
indefinitely but the data is retained for only 3 months (i.e. the
results
of the check that is recorded in the log).
The checkuser log are kept indefinitely, but it only records what usernames/IPs that were checked (i.e. the query), and the reason given by the checkuser for the check.
It does not record the results of the query.
That said, the sequence of checks run by a CU often creates a permanent record in the private CU log of an persons likely IP addresses. e.g. the log may contain a check on an account, with a reason given, followed by checks on IPs, with the same reason logged.
-- John Vandenberg
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- Landline (UK) 01780 757 250 Mobile (UK) 0798 1995 792 _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Actually, Ombudsman Commission is not a secret police or Interpol. We have no any instrumentation of investigation, except access to checkuser logs and asking plaintiff and the checkuser for some details and then compare all this information. This is all we can do regarding investigation of cases of potential checkuser's abuses. We cannot force anybody to reveal information if he/she don't want to reveal. We can only ask.
This is also not our duty to answer the questions such as who performed a check on whom and why. This is also not our duty to punish checkusers who might abused their privileges, although this is our duty to report it to WMF if we find that it indeed happened.
As it is clearly defined:
https://meta.wikimedia.org/wiki/Ombudsman_commission
our duty is to investigate the cases of privacy policy violation and report it to the WMF if we find that it really happened or even if it might happened. So we did in this case, and the plaintiff was already informed about it. This is the end of the story from our POV.
You may argue that there is a kind of hole in the system - I mean we investigate and report to WMF - than WMF should decide what to do - but there is no clear mechanism what MWF can do without hurting the local communities which elect their checkusers. Maybe the Ombudsman Commision should be somehow empowered to not only investigate and report, but also be able to perform some actions - such as Stewards can do - but it could change the Commission into some sort of super-ArbCom which I am not sure if it is good idea... Anyway - if the Commision had such power - it should rather be elected on meta (just like Stewards) and not appointed by WMF as it is now...
2014-08-03 22:31 GMT+02:00 Lodewijk lodewijk@effeietsanders.org:
Contrary to an individual request for information (who did ABC) I guess that such a process question would be perfect for the ombuds committee (was this process correctly followed) or by extension the board.
Lodewijk
2014-08-03 21:45 GMT+02:00 Richard Farmbrough richard@farmbrough.co.uk:
I have to say that there is an unnecessary lack of transparency which seems to get worse. In or around May 2012 I emailed the audit committee on EN:WP to ask about checkuser run on my account and got a polite and informative reply. In or around May 2014 an identically worded query got a polite refusal.
Note, incidentally that those who run checkuser are often working from the UK, and are quite likely under a legal obligation make this information available.
On 3 August 2014 03:15, John Mark Vandenberg jayvdb@gmail.com wrote:
On Sun, Aug 3, 2014 at 11:31 AM, Nathan nawrich@gmail.com wrote:
..
I could be wrong, but it was my understanding that the logs are
maintained
indefinitely but the data is retained for only 3 months (i.e. the
results
of the check that is recorded in the log).
The checkuser log are kept indefinitely, but it only records what usernames/IPs that were checked (i.e. the query), and the reason given by the checkuser for the check.
It does not record the results of the query.
That said, the sequence of checks run by a CU often creates a permanent record in the private CU log of an persons likely IP addresses. e.g. the log may contain a check on an account, with a reason given, followed by checks on IPs, with the same reason logged.
-- John Vandenberg
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- Landline (UK) 01780 757 250 Mobile (UK) 0798 1995 792 _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
On 03/08/2014, Richard Farmbrough richard@farmbrough.co.uk wrote:
I have to say that there is an unnecessary lack of transparency which seems to get worse. In or around May 2012 I emailed the audit committee on EN:WP to ask about checkuser run on my account and got a polite and informative reply. In or around May 2014 an identically worded query got a polite refusal.
...
Thanks for sharing this Richard. This compares with my experience only ten days ago on Commons asking for basic transparency for CUs that may have been run against me https://commons.wikimedia.org/wiki/Commons_talk:Requests_for_checkuser#Transparency - I have yet to receive any information.
As mentioned there, Wikimania will justifiably be absorbing many active volunteers' positive energies in the coming week, including mine, as I'll be wearing a red shirt too; so I will be taking this up again for the benefit of Commons contributors only after the conference. Perhaps we should compare notes at that time so that we take similar actions to help capture a wider community consensus for what is required in terms of transparency when CU rights are exercised on our main projects.
PS Wikipedians may not have noticed my question to all AUSC candidates about this, there were pretty positive noises in favour of improved transparency. See http://en.wikipedia.org/wiki/Wikipedia:Arbitration_Committee/Audit_Subcommit...
Fae
On 2 August 2014 06:25, John Mark Vandenberg jayvdb@gmail.com wrote:
On Sat, Aug 2, 2014 at 7:25 AM, Nathan nawrich@gmail.com wrote:
Are you able to specify which policy or statement entitles you to the information you request? I can find no basis for it in the privacy
policy,
the Meta checkuser policy or the checkuser page on Commons. Can you also outline for your audience what harm you believe you have suffered?
Regarding policy, Russavia is claiming that the CU results were given to someone who wasnt a CU on Commons. In my experience sometimes that happens in cross-wiki investigations, but it should not be given to someone who isnt a CU anywhere, and it would be a very clear violation of CU policy for it to have been given to someone who wasnt WMF identified. It would be good if Russavia could clarify, and/or the OC could confirm, that the person who received the CU data was WMF identified at least.
I am guessing that Russavia has yet to hear how the CU on his account complies with the CU policy. There must be a valid reason to check a user. Was there a serious concern that Russavia was using alternative accounts in a prohibited manner? Was he vandalising? Hmm.
https://en.wikipedia.org/wiki/Wikipedia:Sockpuppet_investigations/Russavia/A...
By May 2014 there were certainly suspicions on en.wikipedia that Russavia was socking. It would be fairly understandable if the relevant authorities on en tried to gather further information. If Russavia has a problem with this he is free not to use sockpupets on the English Wikipedia.
On Sat, Aug 2, 2014 at 5:41 PM, geni geniice@gmail.com wrote:
On 2 August 2014 06:25, John Mark Vandenberg jayvdb@gmail.com wrote:
On Sat, Aug 2, 2014 at 7:25 AM, Nathan nawrich@gmail.com wrote:
Are you able to specify which policy or statement entitles you to the information you request? I can find no basis for it in the privacy
policy,
the Meta checkuser policy or the checkuser page on Commons. Can you also outline for your audience what harm you believe you have suffered?
Regarding policy, Russavia is claiming that the CU results were given to someone who wasnt a CU on Commons. In my experience sometimes that happens in cross-wiki investigations, but it should not be given to someone who isnt a CU anywhere, and it would be a very clear violation of CU policy for it to have been given to someone who wasnt WMF identified. It would be good if Russavia could clarify, and/or the OC could confirm, that the person who received the CU data was WMF identified at least.
I am guessing that Russavia has yet to hear how the CU on his account complies with the CU policy. There must be a valid reason to check a user. Was there a serious concern that Russavia was using alternative accounts in a prohibited manner? Was he vandalising? Hmm.
https://en.wikipedia.org/wiki/Wikipedia:Sockpuppet_investigations/Russavia/A...
By May 2014 there were certainly suspicions on en.wikipedia that Russavia was socking.
I'm guessing you mean June 2014, as the only earlier investigation was April 2013, which was a royal mess.
I havent reviewed all of the socks listed from June onwards, and havent compiled a timeline of Russavia's banned/unbanned/blocked/etc status on English Wikipedia to compare against the rulebook, but from a quick scan those accounts appear to have been doing good work, and not misusing multiple accounts.
It would be fairly understandable if the relevant authorities on en tried to gather further information. If Russavia has a problem with this he is free not to use sockpupets on the English Wikipedia.
But why is that relevant to a checkuser on Commons that is stated to have occurred 12 months earlier?
-- John Vandenberg
On 2 August 2014 09:17, John Mark Vandenberg jayvdb@gmail.com wrote:
I'm guessing you mean June 2014, as the only earlier investigation was April 2013, which was a royal mess.
No. The April 2013 check was extended beyond en. No reason not to extend it to commons.
On Sat, Aug 2, 2014 at 1:25 AM, John Mark Vandenberg jayvdb@gmail.com wrote:
On Sat, Aug 2, 2014 at 7:25 AM, Nathan nawrich@gmail.com wrote:
Russavia said something nice to someone in 2013 on their retirement, and raised a formal complaint about an unknown CU's action in 2014. How are these related??
That a well respected CU has retired isnt a good reason for the OC to not investigate a complaint, especially if that CU data was passed around. It may make the investigation less fruitful, and it is a good reason for the outcome to be measured against the good done by the volunteer when they were active. Mistakes happen. Usually apologies follow, and that is the end of it, or maybe some lessons learnt bring about improvements to the system.
-- John Vandenberg
You're right, I misunderstood the timeline and thought Russavia had been aware of the issue for much longer. The key aspect of the complaint is whether the CU disclosed the information to the non-CU. Russavia is also demanding disclosure about the circumstances of the use of the tool; this demand is not supported by any relevant policy.
Hello,
just a few remarks from the OC about this case.
2014-08-01 22:19 GMT+02:00 Russavia russavia.wikipedia@gmail.com:
Hi all,
On 27 May 2014 I received an email back from the OC which basically said that because no personal information was divulged, there was no breach of the WMF Privacy Policy. It also said that they would inform the WMF about the case, and if I had any further information on who "released such information" then I should contact them.
Confirmed.
On 6 June 2014 I heard back from the OC and they stated that my complaint was being forwarded to the Wikimedia Foundation and that they had been informed about the possible running of an unnecessary CU, in addition to the possible release of CU logs. Additionally, I was told that the OC would relay to me once they had it from the Board.
Also confirmed.
- There was indeed a leak of my CU data. An unknown Commons CU had
indeed leaked my CU data to another person who was NOT a CU on Commons. The information given to this non-CU person included the very name of the person who ran the CU on me; information which was so sensitive to keep from me, but not sensitive enough that it was able to be shared with every Tom, Dick and Harry that wasn't me.
I wonder why the OC never got any information about this from you. So would you please write us where that information comes from and what exactly happened? Thanks.
On 2 July 2014 I was contacted by someone within Legal informing me that it was their understanding that "the Ombudsman Commission has finished its investigation into this matter and has already communicated its decision to you."
It had, on the basis of the information we got from you. We can obviously not base our decision on information that is not relayed to us, like that mentioned one section above.
Given this, I am asking very publicly the following questions:
- (1) on what grounds a CheckUser action was performed on my account
on Wikimedia Commons?
- (2) who requested that it be performed on Commons?
- (3) who fulfilled the request?
- (4) why is it acceptable for CUs to share actions related to my
account with non-CUs whilst at the same time actively keeping this information from me?
- (5) why are complaints such as this actively ignored by the WMF Board?
(1) through (3) can only be answered by the Commons community. It is completely outside the OC's remit to answer this. @ (4): You might want to discuss this with the OC non-publicly. We are very interested in getting any available information about this. In general, you are right that it is not acceptable to share non-public information with non-CUs. However, it is acceptable to give CU information to stewards (who might not be CU on Commons), for example, under certain circumstances.
Best regards, Thogo. (current member of the OC)
Thogo, et al
On Sat, Aug 2, 2014 at 3:58 PM, Thomas Goldammer thogol@gmail.com wrote:
- There was indeed a leak of my CU data. An unknown Commons CU had
indeed leaked my CU data to another person who was NOT a CU on Commons. The information given to this non-CU person included the very name of the person who ran the CU on me; information which was so sensitive to keep from me, but not sensitive enough that it was able to be shared with every Tom, Dick and Harry that wasn't me.
I wonder why the OC never got any information about this from you. So
would
you please write us where that information comes from and what exactly happened? Thanks.
I'm not sure I understand you Thogo. A steward contacted the OC about the leaking of my CU data to a non-CU, not me. The nature of Points 1 and 2 from my initial email were relayed to me by a member of the OC in a private conversation and that individual shall forever remain nameless, of course. I'm not sure how the OC, or anyone, expects me to give any information on an issue that I am not totally aware of, and never would have been aware of if it weren't for me being provided with full #wikimedia-steward-internal logs. I am happy to publicly replicate these unaltered and unedited logs if actually required.
It had, on the basis of the information we got from you. We can obviously not base our decision on information that is not relayed to us, like that mentioned one section above.
This is not what was told to me on email by the member of the OC who was liaising with me on email as a result of the complaint. Perhaps permission to release that email from the individual concerned will show others that the investigation was not over, but had instead been referred for investigation to the WMF based upon the CU in question having left all Wikimedia projects. Not sure if permission will be forthcoming given the person is no longer on the OC.[1]
Given this, I am asking very publicly the following questions:
- (1) on what grounds a CheckUser action was performed on my account
on Wikimedia Commons?
- (2) who requested that it be performed on Commons?
- (3) who fulfilled the request?
- (4) why is it acceptable for CUs to share actions related to my
account with non-CUs whilst at the same time actively keeping this information from me?
- (5) why are complaints such as this actively ignored by the WMF Board?
(1) through (3) can only be answered by the Commons community. It is completely outside the OC's remit to answer this. @ (4): You might want to discuss this with the OC non-publicly. We are very interested in getting any available information about this. In general, you are right that it is not acceptable to share non-public information with non-CUs. However, it
is
acceptable to give CU information to stewards (who might not be CU on Commons), for example, under certain circumstances.
Sorry, but I beg to differ here. It is within the remit of the OC to investigate issues of the abuse of the CU tool.[2]
"The tool is to be used to fight vandalism, to check for sockpuppet abuse, and to limit disruption of the project. It must be used only to prevent damage to any of Wikimedia projects."
There is zero evidence that the check was done for any of these reasons, and hence it is a violation of the privacy policy and is absolutely within the remit of the OC.
Furthermore, at this time it might be pertinent to add that in May 2014 when the issue was being quite openly discussed on IRC in #wikimedia-commons, a Commons CU at that stage stated that they had no idea why the CU was run. In July 2014, when the issue was again being openly discussed in the same IRC channel, the same Commons CU publicly stated that they were in possession of the full story ("I know everything and I also know what's true and what's not, but I won't share with you" and "I know the whole story"). This CU, given they are in possession of the "whole story" should be able to tell us publicly what vandalism, sockpuppet abuse or disruption I was involved in on Commons in April 2013 which necessitated the uber-secretive use of the CU tool on my Commons account; but NOT on other accounts on other projects.
Given that at least one Commons CU has been able to get the full story in the short space of 2 months, I fail to see why the OC has been unable to get the same fully story and instead has publicly thrown its hands up in the air and claimed one thing, whilst privately I am being told something else completely different.
Russavia
[1] https://meta.wikimedia.org/w/index.php?title=Template:List_of_administrators... [2] https://meta.wikimedia.org/wiki/CheckUser_policy#Use_of_the_tool
wikimedia-l@lists.wikimedia.org