[Foundation-l] Fwd: Jimbo's response re:Rampant CheckuserPrivacy Abuse

White Cat wikipedia.kawaii.neko at gmail.com
Wed Dec 12 20:31:23 UTC 2007

I think there needs to be a balance without going to either extreme. All
checkuser actions are logged to my knowledge.

Idiots (I can call them that) who edit wikipedia only and only to cause
disruption and mayhem are a problem. Even such people deserve the protection
of the 'privacy policy' but they do not deserve having the 'edit' tool. It
is possible to 'remove' the edit tool without compromising from the 'privacy

It is very easy to avoid detection if people just stay away from a wiki for
a month and return later on just to cause clever disruption that will
eventually pile up to an arbcom case. We had such people on various wikis
and such people will always exist. Entire disruption from such people could
be easily avoided if checkusers were more free in checking. So checkusers
should not be banned from 'checking users' over suspicion. Disruptive people
know how the limits of our radars' short range. We need checkusers'
long-range radar to detect and remove them. A successful RFCu is often a
license for block as a lot of evidence is necessary, and that's a good thing
generally. Sometimes trolls, vandals and other pests edit in such a manner
that an RFCu can't be compiled yet the sockpuppetary would be flashing
obvious in a checkuser. I wouldn't *like* to be randomly checked. I would
more than support such regular checks on RfAs and AfDs and etc. Lack of this
is a problem and a serious one. If I am voting on an RfA, I would not mind
and in fact encourage a routine check that would authenticate legitimacy of
every vote.

We do need a more centralized system in storing checkuser data that's only
available to checkusers. This isn't the first time this has been said. For
example something like the OTRS where checkuser case numbers can be noted as
the block reason and follow ups can be added to the case number. Unlike RFCu
information that wont be given to the general public over rightful privacy
concerns would be stored like IP data and etc.

Obviously checkusers *must not* release private info randomly. It is
possible to say users A, B and C have been blocked for sockpuppetary without
violating the Privacy policy.

In a nutshell privacy is an important thing but so is sanity. I do want to
note that I am probably among the most paranoid people out there for my
privacy and even I see the necessity of such checkuser checks.

If you are concerned of strangers such as checkusers seeing your 'IP' you
ought to know that devs can see more than your 'IP'. Please do not tie or
try to tie the hands of checkusers who are doing something meaningful and
helpful. Any community ruled by paranoia is a dangerous one. Lets not be a
paranoia driven crowd.

          - White Cat

On Dec 12, 2007 9:49 PM, Brian McNeil <brian.mcneil at wikinewsie.org> wrote:

> Anthony wrote:
> >So are other communities immune from this problem, or has it just not
> >hit them yet?  Either way, I think input from those outside en.wp
> >would be valuable.  If you're immune from the problem, tell us how you
> >got there.  If it just hasn't hit you yet, let's work together to
> >solve it before it does.
> I have CheckUser on the English Wikinews, and I am glad to say I have
> never
> been pressured to carry out a check in secret. My opinion is that no
> undocumented CheckUser should be performed.
> A recent case we had to deal with on Wikinews was a repeat page move
> vandal.
> I had previously blocked the appropriate IP for a month. When similar
> vandalism recurred after the block was up my interest was in performing a
> CheckUser.
> I could not quickly and adequately explain the situation to other people
> in
> IRC such that they made the request and I fulfilled it. Instead I -
> someone
> with the ability to perform the check - had to request either another
> Checkuser person carry out the check or state that they agreed there were
> grounds for checking and I should do so. The other Brian performed the
> check, and it turned out I was correct. Had this been done in secret then
> all the average user would have seen in RC was a months long block on an
> IP
> without knowing it had been verified to be a source of vandalism.
> I am strongly against CheckUser being performed in secret, sunlight is the
> best disinfectant and open and honest procedures will - in the long term -
> garner the various projects more respect.
> Brian McNeil
> _______________________________________________
> foundation-l mailing list
> foundation-l at lists.wikimedia.org
> Unsubscribe: http://lists.wikimedia.org/mailman/listinfo/foundation-l

More information about the foundation-l mailing list