[Foundation-l] new checkuser policy

Essjay essjaywiki at gmail.com
Fri Apr 21 19:22:21 UTC 2006 

<snip>
Robert Scott Horning wrote:
I fail to see how comparing two different IP addresses from two users is really all that much more difficult of a technical task.
</snip>

You've quite obviously never used checkuser; there is much more to it than simply comparing IP addresses. You need to be able to recognize dynamic and/or shared IPs, be able to detect and scan open proxies, determine if and how IP ranges shift, identify and interpret the registration attached to the IP address, and quite a bit more. If detecting sockpuppets only required comparing two lists together, it could be done by a script or a trained monkey. Karynn and I are far more than trained monkeys, thank you.

Essjay

http://en.wikipedia.org/wiki/User:Essjay
Wikipedia:The Free Encyclopedia
http://www.wikipedia.org/



Robert Scott Horning wrote:
> Kelly Martin wrote:
>
>   
>> On 4/20/06, Robert Scott Horning <robert_horning at netzero.net> wrote:
>>  
>>
>>     
>>> I am not all that pleased with having to deal with "outsiders" in order
>>> to obtain this critical information, although having it is better than
>>> not having it.  I am really curious as to the reasons why Essjay and
>>> Karynn are any better candidates for checkuser status on en.wikibooks
>>> than the current two candidates on the request for checkuser status, and
>>> all I can say is that they enjoy somewhat better relationships with the
>>> Foundation board.  That seems hardly a reasonable policy.
>>>    
>>>
>>>       
>> I don't know the current candidates on en.wikibooks that well, and
>> while I don't have any reason to believe that there's anything wrong
>> with them, I also don't have any reason to believe that they can be
>> trusted at the level that should be expected and required of those
>> with CheckUser privileges. CheckUser is a position that carries very
>> hefty responsibilities; the Foundation has good cause to restrict the
>> number of people with this privilege.  Frankly I think *all*
>> CheckUsers need to be approved by the Foundation because it's the
>> Foundation that will be on the hook for a misuse of the information
>> that CheckUsers have access to.  So the fact that Essjay and I are
>> well known to the Foundation makes us more appealing to the
>> Foundation, not specifically because we have done most of our work on
>> Wikipedia (although this is true for me and to a lesser extent for
>> Essjay, who has more meta experience than I do) but because we have
>> become known to the Foundation as reliable, trustworthy individuals.
>>  
>>
>>     
> So why doesn't the existing policy simply say this?  If the individuals 
> have to be so trusted that they need formal approval of not only the 
> project, but also the Foundation board itself, then it should be stated 
> as such.  This is not currently the policy.  As far as you not trusting 
> these users, that is because you have not interacted with them and had a 
> chance to see their editing and administrative styles, and more of a 
> matter that they are not as active on en.wikipedia to your tastes.  From 
> my perspective, the Wikibooks candidates are as trustworthy as any 
> Wikimedia user can possibly be without getting into cabal accusations or 
> political arguments, and would very likely have recieved the checkuser 
> status a long time ago if they had instead been working on Wikipedia 
> instead of Wikibooks.  They are solid and very active Wikimedia users.
>
>   
>>> Perhaps because this was buried under all of the previous comments, but
>>> it really hasn't been answered at least to my satisfaction.  Under what
>>> reasonable criteria is being applied that would allow somebody to become
>>> a bureaucrat on a project that would not also mean they are trusted
>>> enough to have checkuser status as well?
>>>    
>>>
>>>       
>> There's a big difference between bureaucrat and checkuser.  CheckUsers
>> have access to personal, private information about other editors,
>> information which is protected by law in some nations (e.g. the
>> European Union) and the inappropriate disclosure of which could easily
>> cause grave harm to someone.  Bureaucrats just get to decide who has
>> access to the special buttons on a given project.  The worst damage a
>> bureaucrat can do is mistakenly promote someone who ought not have
>> been promoted, resulting in annoying damage to a particular project
>> and some degree of frustration for its editors and readers.  The worst
>> damage a checkuser can do is publicly announce the IP address of a
>> political dissident editing from a country where political dissidence
>> is punishable by death.  Misuse of CheckUser power can easily lead to
>> the loss of jobs and potentially even of freedom or of lives.  I hope
>> you now understand how the gravity of the responsibility of a
>> CheckUser is that much greater than that of a bureaucrat, and why the
>> screening process for bureaucrats is inadequate for determining who
>> should be trusted with checkuser rights.
>>  
>>
>>     
> On this I guess we have to agree to disagree on this point.  I 
> completely disagree that checkuser disclosure of IP addresses is going 
> to cause any real problem at all, and is making a mountain out of a 
> molehill to prevent some very minor and difficult to accomplish abuse at 
> the risk of denying a very powerful tool to local projects... powerful 
> in the sense of identifying blatant abuse and stoping vandals from 
> destroying a project.  And pointing out that IP addresses are also used 
> anyway and even publicly disclosed for most Wikimedia users as well (the 
> unregistered users).  I won't rehash any of my previous arguments to 
> respond further, but any attempt to not disclose this information if 
> futile anyway for somebody who might lose their job or recieve capital 
> punishment for something they write on a Wikimedia project, and the 
> Foundation would be compelled to disclose that IP address anyway, by the 
> standards of the checkuser policy as written.  This policy will never 
> save even a single life, just at most give them a few more months of 
> life at best due to legal manuvering with the Wikimedia Foundation 
> instead being sent through the mud as harboring political dissidants or 
> even people plotting to overthrow governments, such as perhaps some 
> al-Queida operatives planning on blowing up the Empire State Building in 
> New York City.  Is that the kind of press that the Foundation wants in 
> terms of who is being protected by this policy?
>
>   
>>> And getting back to the original point of this thread, the Stewards who
>>> supposedly have at least the option of having checkuser status, and are
>>> allowed to act in the capacity of performing administrative actions
>>> where existing policies on individual projects are lacking these
>>> policies due to their size, are ignoring checkuser requests.  If Essjay
>>> and Karynn have the trust and support for this widespread and cross
>>> project assistance, perhaps they should simply be made stewards as well.
>>> And to the point at hand, en.wikibooks is in English, which from what
>>> I've seen of the list of stewards is one of the languages of every
>>> current steward.  That these checkuser scans aren't being performed is
>>> more of a condemnation of all of the stewards, or a very serious
>>> misunderstanding of what their role is as backup administrators to
>>> smaller projects.
>>>    
>>>
>>>       
>> Relatively few stewards are in a position to perform checkusers; the
>> position requires both technical competency and a high degree of trust
>> and responsibility.  That most stewards (who presumably have the trust
>> and responsibility, even if not the technical competency) are
>> unwilling to perform them is likely because they don't know how to or
>> even that they can as much as that they aren't bothering.
>>
>> Kelly
>>  
>>
>>     
> I guess I'm confused at the duties of stewards then.  Most of what they 
> do is "promote" users to become admins or sysops, and now grant 
> checkuser status as well based on a whole variety of standards, many of 
> which even contradict currently the checkuser policy on Meta.  This by 
> itself does require a certain level of technical competency, and I fail 
> to see how comparing two different IP addresses from two users is really 
> all that much more difficult of a technical task.  This is not operating 
> system assembly-level driver writing we are talking about, just looking 
> up an IP address or two and comparing numbers.  As far as letting 
> stewards know they can do this, I hope this is a wake-up call to let 
> them know that this is something that is needed, in terms of being able 
> to help smaller projects on a task they simply can't do for themselves. 
>  If the level of trust is so high but the amount of work so great, 
> perhaps a recruiting drive to get more stewards should occur.
>
>

More information about the foundation-l mailing list