[WikiEN-l] SlimVirgin and CheckUser leaks

FT2 ft2.wiki at gmail.com
Mon Jul 21 12:53:50 UTC 2008 

On Mon, Jul 21, 2008 at 2:02 AM, Fayssal F. wrote:

> I may be totally wrong as many details are missing here.
>
> (Snip)



> b) SlimVirgin, you are wrong when you think that there should be a
> *good*valid reason for a CU; a valid reason is sufficient. And of
> course, though
> it is not binding, a CU can have some courtesy of informing the subject of
> the check. But i do believe that the question of *"[people] who are checked
> are told whether and by whom, if they ask*"  is less relevant than
> answering
> the question about the reason of the check itself. And we all know that
> sophisticated sockpuppetry comes more often from established accounts --
> hope this is not defending the CU *team *but more a sign of emphasizing on
> the fact that there should be no exemptions for established accounts. Of
> course, fishing and general trawling aside.
>
> I won't care about who is check usering me if I am not doing something
> wrong. So... c) what do parties want?
>
> Fayssal F.




Fayssal's said it fairly accurately. Put bluntly, there are cases I have
carried out a valid checkuser request, where I am not going to tell the
subject, whether they ask or not. Why? Because with a number of
sophisticated sockmasters, it would defeat the purpose of the check, if they
could ask whether their account X was ever under investigation. There have
been a number of cases where having to tell anyone on demand whether they
have been checked, would defeat the purpose of detecting abuse of multiple
accounts. It can also have a significant and almost always unwarranted
disruptive impact to do so every bit as much as if admins had to tell every
user, every time they looked at their deleted contributions (which are also
non-public). The approach of privacy and CU policy is fairly clear -

1/ checkusers are expected to use their access responsibly, and to only use
it when there is a reasonable concern that abuse may be taking place by an
account, that the checkuser tool may help to investigate.

"Reasonable concern" I would take to mean that the behavior of an account,
or something about it (eg time of creation, area of focus etc), suggests
there might be abuse, and that a responsible administrator would reasonably
wish to check the matter to reassure themselves there isn't (or identify it
if there is).

2/ checkusers are expected to keep the information they obtain from this
private, not to use the tool other than for its intended purpose of
detecting, preventing and reducing abuse, having been given access to the
tool, to use it fully for that purpose, /and/ (having used the tool in a
case) they are expected to keep any results safely, and not use any findings
other than for that intended purpose.

SlimVirgin and Lar (and others) may argue whether the Checkuser tool was or
was not used with good cause, or whether or not the findings were improperly
disclosed, or whether they were then used properly or not. That would be a
genuine issue if there was a concern (SlimVirin says there is, Lar says
there isn't). I am not involved in that discussion, I'm addressing the CU
usage criteria only. In terms of Checkuser and Privacy policy, Fayssal is
correct - a valid reason is sufficient. The enwiki norm is, I would expect
to be able to go to anyone and ask for evidence or explanation that
checkuser was being used for those intended purposes, and the results were
not then misused in breach of those policies. Beyond that, checkuser is a
tool, as much as access to deleted contributions is a tool. A checkuser with
reasonable concerns over abuse, disruption, and breach of community norms,
will refer to checkuser as much as any admin will refer to deleted
contributions.

To sum up, the aim of this project is to write an encyclopedia. Checkuser is
a tool that is used by a limited number of users to detect and prevent abuse
of editorial process by a minority of "bad faith" users, whilst editors are
writing content. If anyone looks at my checkuser logs, they will find each
case has a full and thorough explanation, and is carried out solely to
further that job, and the same is true for most checkusers.

My current thinking is this. Rather than going round in circles, may I
tactfully suggest that Privacy policy, Checkuser policy, and the norms of
the wiki on which these actions took place, are now taken as read. And
suggest that the thread now moves forward from there into the areas where
there could be policy breaches, if any.


FT2

More information about the WikiEN-l mailing list