[Foundation-l] Stewards are ignoring requests for CheckUser information?
Essjay
essjaywiki at gmail.com
Sat Apr 15 20:13:36 UTC 2006
I don't know that the issue that concerns me is the same that concerns
the Foundation, but I know what scares the hell out of me about
Checkuser is this:
We have users from all over the world. Not all of them live in countries
where their safety is guaranteed; there are, most assuredly, editors
from regimes where if their personal information was discovered, they
could be imprisoned and perhaps even killed. That terrifies me, because
I don't want anybody dying over Wikipedia, nor do I want them to end up
in prison. If checkuser falls into the wrong hands (I'm no conspiracy
theorist, but I don't think it's too hard to imagine foreign governments
wanting to hunt down our contributors; after all, at least two have
blocked us flat out already), the result could literally be a matter of
life and death. *Life and death.*
Some people have advocated granting checkuser liberally, and I disagree
strongly with that; I'm not even particularly comfortable with the idea
of it being election-based at all, although I trust the Board, and I
don't believe they would have allowed for local elections if they
weren't convinced it was safe. I do think, however, that it should be
kept to as few users as possible, whether that means having guest
checkusers as Kelly & I have advocated, or whether it means some other
system. I for one am certainly willing to perform checks for other
projects (indeed, I offered to do so for Wikisource), and I am sure that
some of the others would as well (Kelly has already stated her
willingness to do so).
As I said, I can't say that the dire scenario I laid out above is what
the Board has in the back of their minds when thinking about checkuser,
but I certainly know it is what is in mine. I really don't want to turn
on CNN some morning and see "[Insert country here] dissident
assassinated after link to Wikipedia discovered."
Essjay
http://en.wikipedia.org/wiki/User:Essjay
Wikipedia:The Free Encyclopedia
http://www.wikipedia.org/
Robert Scott Horning wrote:
> Anthere wrote:
>
>
>> Hi
>>
>> Let me try to address your various points the best I can.
>>
>> Robert Scott Horning wrote:
>>
>>
>>
>>> Anthere wrote:
>>>
>>>
>>>
>>>
>>>
>>>> The reason for the 25 votes limit comes from two reasons
>>>> * A community with less than 25 users is unlikely to really need
>>>> frequent checkusers, because it is a project with reduced activity. So,
>>>> it can not be a heavy load for stewards.
>>>> * A community with less than 25 users has a rather serious risk to have
>>>> a rather little known editor become a checkuser, rather than a trusted
>>>> oldbie. If we start handing out status just as we do for sysop status on
>>>> small projects, I think there will be abuse. I say this from my
>>>> experience, as I had to unsysop several sysops on small projects (the
>>>> guys did not know our basic rules, behaved like dictators with the
>>>> handful of editors, put advertisements on the main page, controlled povs
>>>> etc...).
>>>>
>>>> I am perplex that the en.wikibooks does not have a big enough base of
>>>> editors to vote on a check user...
>>>> I am quite lazy, so I will not go to the stats page to check. But can
>>>> you roughly say how many active editors per month the project currently
>>>> has ? How many very active editors per month ?
>>>>
>>>> ant
>>>>
>>>>
>>>>
>>>>
>>>>
>>> Since the stats page hasn't been updated since November of last year, it
>>> is completely useless to even gague what the current activity is on any
>>> Wikimedia project. I can only use the current activity on the Wikibooks
>>> staff lounge to even remotely gague what the current user activity level
>>> is, but I would guess it is pretty close to about 20 user at the
>>> absolute top. Really stretching it perhaps we can get to 25 total at
>>> the most.
>>>
>>> And as for advertising this, I guess we could put it in bold 40 point
>>> type on the project main page with a link to a special page only for
>>> this kind of request. I think that is way over the top and something
>>> that is not needed in this situation. The advertising was more than
>>> adequate, it is just that this is a very unreasonable request.
>>>
>>> As for a "community with less than 25 users unlikely needing frequent
>>> checkuser scans", I think this is mistaken totally what is going on.
>>> en.wikibooks has numerous links from within Wikipedia, and is being
>>> hammered by vandals that have moved on from Wikipedia, indeed with
>>> excellent training on how to be a vandal on Wikipedia, and taking on
>>> other projects as well that don't have quite the same pool of
>>> administrators.
>>>
>>>
>>>
>> I see.
>> Perhaps the number 25 was too high then. That would tend to suggest this.
>> But again, let me explain why we put a minimum limit. We have some small
>> projects with a number of editors of less than 5. What usually happens
>> is that the most active one simply ask sysop status (and even sometimes
>> bureaucrat status) on meta because their project *need* a sysop. Which
>> means the status is given without any community voting whatsoever.
>> Sometimes, when it is a new language in particular, the editor has been
>> on our projects only for a couple of days and have no idea of our basic
>> rules of operating whatsoever (npov in particular).
>> More than once, we had problems later on. And it was not always easy for
>> the very small growing community to have a black sheep unsysoped.
>>
>> What I think should NOT be allowed to happen, ever, is that the new
>> wikiquote project in maori be created, and a total stranger be given
>> sysop, bureaucrat and checkuser status so that he can start the
>> community. In short, I think that only editors known by a significant
>> number of other editors should ever be given checkuser access. Hence the
>> 25 votes. Which may be too high a value.
>>
>>
>> So, option 1 : decreasing the number of votes requirements.
>>
>> Now, there are other options we could follow.
>>
>>
>
> I would suggest that the standards for becoming a bureaucrat should be
> much higher for brand new projects in this case, and this is perhaps
> something that needs to be established on a Wikimedia-wide policy as
> well and not just on a project by project basis. The point about
> becoming a bureaucrat is that they have the ability to create other
> administrators and are presumed to be users trusted enough that they not
> only have full editorial control over a project to do all of the
> administrator functions, but they also have the ability to create more
> administrators. The charges of a cabal in some cases are justified when
> you grant bureaucratship to somebody when there is no other means of
> oversight about what they are doing, and they in turn grant adminship to
> others with their same point of view but refuse to grant it to others
> that have a different point of view, and for that reason alone. This
> has happened on some of the smaller projects, especially in languages
> that Foundation board members don't speak fluently and can't monitor
> directly.
>
>
>>> As for handing out checkuser status to people who are not trusted
>>> oldies, that is totally rediculous as well. There are admins and
>>> bureaucrats on en.wikibooks who are also admins on other projects,
>>> including meta, wikinews, and even en.wikipedia. Active ones at that.
>>> I see absolutely no reason why the standards for giving somebody
>>> bureaucrat status when you can't also give them checkuser status.
>>>
>>>
>>>
>> I do not know what are the standards for giving bureaucrat status.
>> I think they are not the same at all depending on projects.
>>
>> I see a **major** reason for the standards for giving bureaucrat status
>> to be different from the standards for giving checkuser status.
>>
>> The standards for giving bureaucrat status are different in each project
>> and each language. On one project, it will be a vote by all editors of a
>> project. On another project, it will be a vote by administrators only.
>> On another project, it might even be a vote by other bureaucrats. Or it
>> might be no vote at all (just ask on meta). It may be 80% support. It
>> may be 66%. There are no standards.
>>
>> But if the bureaucrat makes a mess, it is a technical/community issue.
>> Only the projects can be damaged (which is bad enough). So, it is the
>> community business to define its own rules.
>>
>> If a checkuser makes a mess, the Foundation itself may be concerned. We
>> might have problems with an editor for release of private data. So, the
>> Foundation has a right to have a say in WHO is granted this access.
>> Hence the policy being *more* standard.
>>
>>
>>
> I'm not really understanding this point of view here. Under what area
> is the Foundation directly threatened when this release of private data
> occurs? It is still a technical/community issue with the checkuser
> data, and people with checkuser rights can still only do the scan only
> on registered users for their individual project. This might be a much
> bigger concern if they had access to the general Wikimedia user
> database, such as is being proposed with the common login project. In
> this situation where somebody with checkuser rights could access the
> data on not just the users for their individual project but for anybody
> on any Wikimedia project, you are correct that the standards should be
> much higher.... indeed IMHO higher than perhaps even becoming a steward.
> That is not the situation right now, from my understanding.
>
> If I take the presumption that the current process of becoming a
> registered user is still going to continue for some time, and somebody
> with local checkuser status can only do a checkuser scan on that much
> smaller group of users, I fail to see where the Foundation is really
> going to be hurt if they get out of control. The privacy policy is that
> reasonable steps are going to happen to protect private data, but you
> should be aware that if you log onto any website, including Amazon.com,
> Google, CNN, Microsoft, BBC, or whatever including hackerz.com, that
> your IP address is going to be logged together with whatever activity
> that you do on that website. And that information may be released to
> interested government agencies. All the Foundation is promising is that
> some sort of due process is going to happen before that information is
> released, like a supeona, and that the information may also be used
> internally for the protection of the project, such as performing
> checkuser scans.
>
> Indeed the current privacy policy doesn't even do that. It is really
> just a disclaimer that the data is going to be logged, and that if you
> don't like it, you shouldn't be logging into any Wikimedia server.
> There are some "policies" that go into more depth about how some of
> this data is protected, but this is more for how the Foundation is going
> to respond to outside groups that insist on obtaining this information,
> including not only legal proceedings but also marketing consultants and
> outside businesses who want to do data mining on the access logs. I
> think it is a prudent policy in this regard.
>
> One thing to keep in mind is that the "personally identifying data"
> isn't protected that well for editors. Every editor has all of their
> edit information logged, and not only is it logged but the information
> is actually published in a very public area for all people to see.
> Indeed for most editors, the information is not only logged, but logged
> according to IP address as well. Only for those who have bothered to
> become a registered user is the information partially protected, and it
> is only on this very limited set of circumstances that the checkuser
> policy even starts to apply. And for many others (including myself),
> not only by handle but it is logged by their actual legal name. BTW,
> this is a conscious decision I made when I created my account, knowing
> the legal implications.
>
> Furthermore, somebody with checkuser privileges still don't have access
> to the the full access logs. Having checkuser status, I can't see what
> pages another user has been looking at or reading. All I can do is just
> see what pages they have been editing, which doesn't require checkuser
> status... or even any kind of special status on Wikimedia projects, and
> if they happen to be a registered user, and if they happened to have
> done something that looks suspicious, all I get to find out with the
> increased privilege of the checkuser policy is just a list of IP
> addresses that they have logged in the local project under. Or just the
> last IP address depending on the technical side and how far this should
> go. No other identifying information is given. I can't get the e-mail
> address of the person, nor can I get any of the information on
> [[Special:Preferences]], including perhaps even mundane but identifying
> information like what time zone they live in or what their language
> preference is.
>
> In short, I fail to see where the liability is to the Foundation is
> under even the most egregious of abuses, and even that can be dealt with
> mostly by technical limitation, including perhaps a system that limits
> somebody with checkuser privileges to only a limited number of checkuser
> scans per day or some other limiting factor to keep major abuses from
> happening. I'm also pointing out that smaller projects are going to
> have proportionally much smaller numbers of users and their ability to
> damage all of the Wikimedia projects is going to also be proportionally
> less. Using your example of the Maori Wikibooks user request to become
> admin, bureaucrat, and checkuser... all they are going to do is find the
> IP addresses of the five or six people who even bothered to register on
> that local project. Is that really a problem?
>
>
More information about the foundation-l
mailing list