[Foundation-l] Stewards are ignoring requests for CheckUser information?
Robert Scott Horning
robert_horning at netzero.net
Sat Apr 15 11:33:10 UTC 2006
Anthere wrote:
>Hi
>
>Let me try to address your various points the best I can.
>
>Robert Scott Horning wrote:
>
>
>>Anthere wrote:
>>
>>
>>
>>
>>>The reason for the 25 votes limit comes from two reasons
>>>* A community with less than 25 users is unlikely to really need
>>>frequent checkusers, because it is a project with reduced activity. So,
>>>it can not be a heavy load for stewards.
>>>* A community with less than 25 users has a rather serious risk to have
>>>a rather little known editor become a checkuser, rather than a trusted
>>>oldbie. If we start handing out status just as we do for sysop status on
>>>small projects, I think there will be abuse. I say this from my
>>>experience, as I had to unsysop several sysops on small projects (the
>>>guys did not know our basic rules, behaved like dictators with the
>>>handful of editors, put advertisements on the main page, controlled povs
>>>etc...).
>>>
>>>I am perplex that the en.wikibooks does not have a big enough base of
>>>editors to vote on a check user...
>>>I am quite lazy, so I will not go to the stats page to check. But can
>>>you roughly say how many active editors per month the project currently
>>>has ? How many very active editors per month ?
>>>
>>>ant
>>>
>>>
>>>
>>>
>>Since the stats page hasn't been updated since November of last year, it
>>is completely useless to even gague what the current activity is on any
>>Wikimedia project. I can only use the current activity on the Wikibooks
>>staff lounge to even remotely gague what the current user activity level
>>is, but I would guess it is pretty close to about 20 user at the
>>absolute top. Really stretching it perhaps we can get to 25 total at
>>the most.
>>
>>And as for advertising this, I guess we could put it in bold 40 point
>>type on the project main page with a link to a special page only for
>>this kind of request. I think that is way over the top and something
>>that is not needed in this situation. The advertising was more than
>>adequate, it is just that this is a very unreasonable request.
>>
>>As for a "community with less than 25 users unlikely needing frequent
>>checkuser scans", I think this is mistaken totally what is going on.
>> en.wikibooks has numerous links from within Wikipedia, and is being
>>hammered by vandals that have moved on from Wikipedia, indeed with
>>excellent training on how to be a vandal on Wikipedia, and taking on
>>other projects as well that don't have quite the same pool of
>>administrators.
>>
>>
>
>I see.
>Perhaps the number 25 was too high then. That would tend to suggest this.
>But again, let me explain why we put a minimum limit. We have some small
>projects with a number of editors of less than 5. What usually happens
>is that the most active one simply ask sysop status (and even sometimes
>bureaucrat status) on meta because their project *need* a sysop. Which
>means the status is given without any community voting whatsoever.
>Sometimes, when it is a new language in particular, the editor has been
>on our projects only for a couple of days and have no idea of our basic
>rules of operating whatsoever (npov in particular).
>More than once, we had problems later on. And it was not always easy for
>the very small growing community to have a black sheep unsysoped.
>
>What I think should NOT be allowed to happen, ever, is that the new
>wikiquote project in maori be created, and a total stranger be given
>sysop, bureaucrat and checkuser status so that he can start the
>community. In short, I think that only editors known by a significant
>number of other editors should ever be given checkuser access. Hence the
>25 votes. Which may be too high a value.
>
>
>So, option 1 : decreasing the number of votes requirements.
>
>Now, there are other options we could follow.
>
I would suggest that the standards for becoming a bureaucrat should be
much higher for brand new projects in this case, and this is perhaps
something that needs to be established on a Wikimedia-wide policy as
well and not just on a project by project basis. The point about
becoming a bureaucrat is that they have the ability to create other
administrators and are presumed to be users trusted enough that they not
only have full editorial control over a project to do all of the
administrator functions, but they also have the ability to create more
administrators. The charges of a cabal in some cases are justified when
you grant bureaucratship to somebody when there is no other means of
oversight about what they are doing, and they in turn grant adminship to
others with their same point of view but refuse to grant it to others
that have a different point of view, and for that reason alone. This
has happened on some of the smaller projects, especially in languages
that Foundation board members don't speak fluently and can't monitor
directly.
>>As for handing out checkuser status to people who are not trusted
>>oldies, that is totally rediculous as well. There are admins and
>>bureaucrats on en.wikibooks who are also admins on other projects,
>>including meta, wikinews, and even en.wikipedia. Active ones at that.
>> I see absolutely no reason why the standards for giving somebody
>>bureaucrat status when you can't also give them checkuser status.
>>
>>
>
>I do not know what are the standards for giving bureaucrat status.
>I think they are not the same at all depending on projects.
>
>I see a **major** reason for the standards for giving bureaucrat status
>to be different from the standards for giving checkuser status.
>
>The standards for giving bureaucrat status are different in each project
>and each language. On one project, it will be a vote by all editors of a
>project. On another project, it will be a vote by administrators only.
>On another project, it might even be a vote by other bureaucrats. Or it
>might be no vote at all (just ask on meta). It may be 80% support. It
>may be 66%. There are no standards.
>
>But if the bureaucrat makes a mess, it is a technical/community issue.
>Only the projects can be damaged (which is bad enough). So, it is the
>community business to define its own rules.
>
>If a checkuser makes a mess, the Foundation itself may be concerned. We
>might have problems with an editor for release of private data. So, the
>Foundation has a right to have a say in WHO is granted this access.
>Hence the policy being *more* standard.
>
>
I'm not really understanding this point of view here. Under what area
is the Foundation directly threatened when this release of private data
occurs? It is still a technical/community issue with the checkuser
data, and people with checkuser rights can still only do the scan only
on registered users for their individual project. This might be a much
bigger concern if they had access to the general Wikimedia user
database, such as is being proposed with the common login project. In
this situation where somebody with checkuser rights could access the
data on not just the users for their individual project but for anybody
on any Wikimedia project, you are correct that the standards should be
much higher.... indeed IMHO higher than perhaps even becoming a steward.
That is not the situation right now, from my understanding.
If I take the presumption that the current process of becoming a
registered user is still going to continue for some time, and somebody
with local checkuser status can only do a checkuser scan on that much
smaller group of users, I fail to see where the Foundation is really
going to be hurt if they get out of control. The privacy policy is that
reasonable steps are going to happen to protect private data, but you
should be aware that if you log onto any website, including Amazon.com,
Google, CNN, Microsoft, BBC, or whatever including hackerz.com, that
your IP address is going to be logged together with whatever activity
that you do on that website. And that information may be released to
interested government agencies. All the Foundation is promising is that
some sort of due process is going to happen before that information is
released, like a supeona, and that the information may also be used
internally for the protection of the project, such as performing
checkuser scans.
Indeed the current privacy policy doesn't even do that. It is really
just a disclaimer that the data is going to be logged, and that if you
don't like it, you shouldn't be logging into any Wikimedia server.
There are some "policies" that go into more depth about how some of
this data is protected, but this is more for how the Foundation is going
to respond to outside groups that insist on obtaining this information,
including not only legal proceedings but also marketing consultants and
outside businesses who want to do data mining on the access logs. I
think it is a prudent policy in this regard.
One thing to keep in mind is that the "personally identifying data"
isn't protected that well for editors. Every editor has all of their
edit information logged, and not only is it logged but the information
is actually published in a very public area for all people to see.
Indeed for most editors, the information is not only logged, but logged
according to IP address as well. Only for those who have bothered to
become a registered user is the information partially protected, and it
is only on this very limited set of circumstances that the checkuser
policy even starts to apply. And for many others (including myself),
not only by handle but it is logged by their actual legal name. BTW,
this is a conscious decision I made when I created my account, knowing
the legal implications.
Furthermore, somebody with checkuser privileges still don't have access
to the the full access logs. Having checkuser status, I can't see what
pages another user has been looking at or reading. All I can do is just
see what pages they have been editing, which doesn't require checkuser
status... or even any kind of special status on Wikimedia projects, and
if they happen to be a registered user, and if they happened to have
done something that looks suspicious, all I get to find out with the
increased privilege of the checkuser policy is just a list of IP
addresses that they have logged in the local project under. Or just the
last IP address depending on the technical side and how far this should
go. No other identifying information is given. I can't get the e-mail
address of the person, nor can I get any of the information on
[[Special:Preferences]], including perhaps even mundane but identifying
information like what time zone they live in or what their language
preference is.
In short, I fail to see where the liability is to the Foundation is
under even the most egregious of abuses, and even that can be dealt with
mostly by technical limitation, including perhaps a system that limits
somebody with checkuser privileges to only a limited number of checkuser
scans per day or some other limiting factor to keep major abuses from
happening. I'm also pointing out that smaller projects are going to
have proportionally much smaller numbers of users and their ability to
damage all of the Wikimedia projects is going to also be proportionally
less. Using your example of the Maori Wikibooks user request to become
admin, bureaucrat, and checkuser... all they are going to do is find the
IP addresses of the five or six people who even bothered to register on
that local project. Is that really a problem?
--
Robert Scott Horning
More information about the foundation-l
mailing list