[WikiEN-l] RFCU security (was Ryulong blocked ALL accounts)

Conrad Dunkerson conrad.dunkerson at att.net
Sat Apr 21 11:46:44 UTC 2007 

* Info Control wrote:
> Just for the ediifcation of those who do not know, why is it there is no
> public record of who ran what RFCU IP check? Shouldn't people be entitled to
> know if their privacy was for possible undocumented searches exposed?

I agree. The checkuser policy has always said that access will be removed 
"if checks are done routinely on editors without a serious motive to do so 
(links and proofs of bad behavior should be provided)"... yet given that 
people often don't know when they've been checked this seems meaningless. 
How would such a thing, which the foundation itself describes as abuse 
requiring removal of access, ever be uncovered? Is there someone going 
through the checkuser logs and reviewing each to verify that it was valid? 
I doubt it and would hope not as it would be a tremendous waste of time 
better spent elsewhere.

The USUAL way that we uncover problems is that someone says, 'hey, you 
should not have done that!'... and if a dozen other people say, 'hey 
yeah... he did the same thing to me' then we look into it.

We should not be espousing the high ideal that we will remove access from 
anyone who abuses it by running checks without "serious motive" requiring 
"links and proofs of bad behaviour"... while then making it impossible 
(for all practical purposes) to ever detect such abuse.

There has been at least one past kerfluffle about an unjustified check 
amongst the very small circle of users who DO have access to the checkuser 
logs. If everyone had access to see they they, and ONLY they, had been 
checkusered we'd obviously get alot more complaints... but what if some of 
them are valid?

IMO, if you set up a system with no oversight it WILL be abused. Every 
time. If you somehow limit the access only to saints who will never do the 
least thing wrong... the fact that no one can check that will still 
inevitably lead people to BELIEVE it is being abused. The only way to 
prevent abuse and the perception of abuse is to allow people to see what 
is being done. Since this is private information we'd obviously not 
release it publicly, but the only reason not to release it to the people 
actually checked is to avoid complaints. And that's never a good excuse.

More information about the WikiEN-l mailing list