Puddl Duk (puddlduk@gmail.com) [050413 02:36]:
On Apr 12, 2005 8:35 AM, David Gerard fun@thingy.apana.org.au wrote:
...invasion of privacy by potentially removing anonymity from the use of Wikipedia. Please let this tool be a last resort in serious cases.
Precisely. That's why anyone using it needs to have an awareness of these issues and proceed with extreme caution.
Guarantees of restraint from the current users of this feature are fine, I'm sure that Tim and David are trustworthy, but that's the here and now. The feature needs some built in oversight.
Those with access to it see all uses, ever. Tim has also made this list available to others.
Users should be notified when CheckUser is run on them (something like a message notice, that only they can see). Waerth noted that this will cause some controversy with users when they see they have been investigated, which is true. But this makes a good deterrent of abuse. Anyone who runs it will have a damn good reason, knowing that they may have to explain themselves. Also, many requests for sockpuppet checks are public, so informing the users who were checked isn't any different in these cases.
You're writing the code to do this, then?
Waerth also notes on, meta, that 90% of the checks will be on innocent users. If this is the case, then I have to question how solid the reasoning is for checking those 90%.
One thing I've just asked on [[m:CheckUser]] is for ideas on what the criteria should be. As I noted, spurious allegations of sockpuppetry are de rigeur on en: arbitration cases. One thing that frustrates me at present is there are quite a few I think I should *maybe* look into but don't feel certain enough to because there isn't a clear case to hand.
Finally, notifying a registered user when their identity is checked is just a decent thing to do.
There is that. OTOH, when I was investigating the socks of the 'Baku Ibne' troll, I came across use of the same IPs by good users and checked their IPs as well. Now, should we be revealing too much information to them about an ongoing investigation?
And also: any website will look through the logs in detail if they suspect abuse. The devs do this *all the time already*. And they *do not* notify anyone in particular. The key to this feature is not doing anything that isn't done already, it's giving access to a small subset of it to people who aren't actually Wikimedia system administrators, mostly so the system administrators can get on with running the site.
- d.
On 4/12/05, David Gerard fun@thingy.apana.org.au wrote:
Puddl Duk (puddlduk@gmail.com) [050413 02:36]:
On Apr 12, 2005 8:35 AM, David Gerard fun@thingy.apana.org.au wrote:
...invasion of privacy by potentially removing anonymity from the use of Wikipedia. Please let this tool be a last resort in serious cases.
Precisely. That's why anyone using it needs to have an awareness of these issues and proceed with extreme caution.
Guarantees of restraint from the current users of this feature are fine, I'm sure that Tim and David are trustworthy, but that's the here and now. The feature needs some built in oversight.
Those with access to it see all uses, ever. Tim has also made this list available to others.
Users should be notified when CheckUser is run on them (something like a message notice, that only they can see). Waerth noted that this will cause some controversy with users when they see they have been investigated, which is true. But this makes a good deterrent of abuse. Anyone who runs it will have a damn good reason, knowing that they may have to explain themselves. Also, many requests for sockpuppet checks are public, so informing the users who were checked isn't any different in these cases.
You're writing the code to do this, then?
No, I'm not. You've a suggestion for user notification that doesn't require code?
Waerth also notes on, meta, that 90% of the checks will be on innocent users. If this is the case, then I have to question how solid the reasoning is for checking those 90%.
One thing I've just asked on [[m:CheckUser]] is for ideas on what the criteria should be. As I noted, spurious allegations of sockpuppetry are de rigeur on en: arbitration cases. One thing that frustrates me at present is there are quite a few I think I should *maybe* look into but don't feel certain enough to because there isn't a clear case to hand.
Finally, notifying a registered user when their identity is checked is just a decent thing to do.
There is that. OTOH, when I was investigating the socks of the 'Baku Ibne' troll, I came across use of the same IPs by good users and checked their IPs as well. Now, should we be revealing too much information to them about an ongoing investigation?
And also: any website will look through the logs in detail if they suspect abuse. The devs do this *all the time already*. And they *do not* notify anyone in particular. The key to this feature is not doing anything that isn't done already, it's giving access to a small subset of it to people who aren't actually Wikimedia system administrators, mostly so the system administrators can get on with running the site.
- d.
Sure, dev's do this *all the time already*, but were talking about expanding a new feature to non-devs. There should be transperency and accountability to check possible abuse.
Puddl Duk (puddlduk@gmail.com) [050414 03:18]:
On 4/12/05, David Gerard fun@thingy.apana.org.au wrote:
Users should be notified when CheckUser is run on them (something like a message notice, that only they can see). Waerth noted that this
You're writing the code to do this, then?
No, I'm not. You've a suggestion for user notification that doesn't require code?
Email isn't reliable, in that a lot of people don't have it set up. And the "Email this user" form doesn't tell you if the message was sent or silently vanished.
Finally, notifying a registered user when their identity is checked is just a decent thing to do.
There is that. OTOH, when I was investigating the socks of the 'Baku Ibne' troll, I came across use of the same IPs by good users and checked their IPs as well. Now, should we be revealing too much information to them about an ongoing investigation? And also: any website will look through the logs in detail if they suspect abuse. The devs do this *all the time already*. And they *do not* notify anyone in particular. The key to this feature is not doing anything that isn't done already, it's giving access to a small subset of it to people who aren't actually Wikimedia system administrators, mostly so the system administrators can get on with running the site.
Sure, dev's do this *all the time already*, but were talking about expanding a new feature to non-devs. There should be transperency and accountability to check possible abuse.
Something may well be a good idea. The ones I've looked at have been arbcom cases in progress or tracking lack of compliance; these get a note on the Arb Com 'dev assistance requested' page and/or an email to the arbcom mailing list, which Jimbo is on (and reads).
These notes need to go on [[m:CheckUser]]!
- d.
wikipedia-l@lists.wikimedia.org