[WikiEN-l] SlimVirgin and CheckUser leaks

[Thomas Dalton]

> I'm thinking of a policy that says anyone who asks whether they've
> been checkusered must be told whether, why, and by whom, if they make
> the request within six months of the check. The request must come from
> the e-mail address the editor has added to their Wikipedia
> preferences. They may only ask whether that particular account has
> been checked. They need not be told the results of the check, in case
> that inadvertently implicates someone else, though they may be told it
> if no one else is involved.

Sounds good to me. I'm not 100% it's necessary to be told who did,
since that could cause checkusers to become targets. If you find out
you've been checkusered and don't think the reason was good enough,
you can file an ArbCom case (the checkuser in question can make an
anonymous statement) and if it's decided the check wasn't warranted,
then the checkuser is revealed (and de-checkusered). I don't know if
that's really necessary, though, we don't allow anonymity for other
privileged actions. I'm not sure if the reason is currently logged -
if this policy is implemented, a reason should be required when the
checkuser is performed. Giving a reason afterwards lends itself to
abuse.

> We could build in a grandfather clause so that this doesn't apply
> retroactively. That would protect current checkusers who had performed
> checks without knowing the information might become public.

The policy on when you can and can't run a checkuser hasn't changed,
so I'm not sure a grandfather clause is necessary, but it could be
included if it's necessary to get the policy accepted.