[WikiEN-l] SlimVirgin and CheckUser leaks

Gregory Maxwell gmaxwell at gmail.com
Tue Jul 22 21:03:54 UTC 2008


On Tue, Jul 22, 2008 at 4:38 PM, SlimVirgin <slimvirgin at gmail.com> wrote:
[snip]
> Gery, very few of my edits have been oversighted, so I'm sure you can
> still find the post in question, if it ever existed.

I'm not sure that I'd call the number of your edits which have been
oversighted 'few' but even if the edits in question are not
oversighted, the I checked most of your talk page history had been at
least deleted... it's not at all as easy digging through deleted
contribs.

When you asked she might have told you that she didn't remember (...)
but the very day you begin making public complaints about it she was
saying that she believed it was the cause. There is an IRC discussion
between her, jwales, and others posted on WR (I'll avoid linking to it
here).

[snip]
> The important point is that, had the check been legitimate, someone
> else would have done it instead. We need to emphasize to checkusers
> that they must not check people they could be seen to be in direct
> conflict with, or people they've previously expressed strong negative
> feelings about. Kelly was in the habit of attacking me viciously on
> IRC, so it doesn't take much common sense to realize that using the
> tool against me would look bad.

I can't find any evidence to support that there was some major
conflict between you and her at *the time the check was made*.   Not
anything in email, not anything in your edit history of the time, not
in extensive IRC logs. Your complaints related to this were over a
month later and perhaps something happened in the meantime.

A check being valid is not an easy black and white thing.   A lot of
bad behaviour has been found as a result of unilateral checks driven
by the checker seeing something which failed the 'smell test'.
Kelly's explanation looked reasonable enough at the time.

> Wikipedia Review has made the claim that they have a checkuser in
> their pocket, a claim that was confirmed by one of the few posters
> there that I tend to trust. Therefore, in their own interests,
> checkusers who post there regularly should make it a point of
> principle never to use the tool against editors who are attacked
> there, or in whom Wikipedia Review expresses too much of an interest.

Furthermore, I just searched Wikipedia review and their public efforts
to uncover your identity did not appear to begin until long after that
check was performed. So even if we had adopted your "don't check if WR
is looking" criteria, it wouldn't have applied there.  (perhaps brandt
was hunting you then, but there is no evidence of that on WR... the
only discussion of you then was the random "zomg SV = rouge admin"
stuff that existed for a lot of other admins, including Kelly.)

If indeed WR has/has had a CU 'in their pocket' then simply avoiding
checks directly on particular target users is not likely to be
helpful:

For example,  WR user could use access logs from websites they control
to make educated guesses about what ranges a target might be using,
(i.e. list of all IPs that searched WR for 'username'.  An evil WR CU
could then find vandalism from those ranges or some other excuse (an
address in the ranges being listed in some open proxy list) and
perform CUs of  those ranges.  If they guessed a rangecorrectly they'd
see your exact IP in the results, but there would be *nothing* in the
CU log to indicate that they'd been looking for you as the results are
not logged (and shouldn't be, for retention and other reasons).  And
if someone else ran the same check and saw the target user there the
checking CU would have a very plausible explanation for the checking.



More information about the WikiEN-l mailing list