[Foundation-l] (volunteer) job position : Ombudsperson checkuser (or checkuser Ombudsperson or whatever)
Robert Scott Horning
robert_horning at netzero.net
Thu Jun 22 00:18:38 UTC 2006
Daniel Arnold wrote:
>Am Mittwoch, 21. Juni 2006 16:07 schrieb Robert Scott Horning:
>
>
>>I've heard a lot of fear mongering and what I percieve to be unwarrented
>>fears about abuses to checkuser actions. Can you give some clear
>>examples of what have been percieved as abuses of those with checkuser
>>privileges, at least types of problems that have happened as a matter or
>>practice?
>>
>>
>
>I did never take the time investigating the background of any checkuser of
>others. I just noticed some statistics:
>
>en.wikipedia (and some other smaller projects as well) have overproportional
>heavy use of CheckUser. de.wikipedia (the second largest one, which has like
>en.wikipedia many trolls but probably has different approaches keeping them
>down, which naturally also have their specific positive and negative side
>effects) has no checkuser trace in the logfiles (a developer can make a
>Checkuser directly at the servers without Checkuser logfile traces but
>nonetheless it were only a few in case of de.wikipedia).
>
The point I was trying to make here is that there have been enough
checkuser scans and enough people with checkuser privileges that there
must be, just through statistical analysis, some abuse that has taken
place, or at least something that should have been investigated to see
if a person with checkuser privileges has gone too far. Or if that has
not happened that perhaps the whole worry is way overrated. Take for
example somebody with sysop privileges and having deleted about 1000
pages from a given project. Don't tell me that 100% of those deletions
are going to occur without *somebody* complaining that the admin went
too far, even for the very best admin that is completely on top of
policies and one of the most trusted Wikimedians. I was trying to ask
if there are some specific examples here for checkuser abuse rather than
some vague "it will happen in the future". Even investigations that
later were proven to be legitimate uses of checkuser scans.
>>I know I am speaking from an apparent minority opinion on this mailing
>>list, but I fail to see what real damage is happening from simply
>>looking up the IP address of a user.
>>
>>
>
>My concerns are as follows: A Checkuser of an IP from let us say China or
>Saudi Arabia can have *serious* impact if these informations come into the
>wrong hands although the probability of a worst case scenario is quite low.
>
Who is this information going to be protected from? The governments of
those countries, aka Chinese and Saudi governments? According to
Wikimedia Foundation policy, this information can be, indeed must be,
turned over to authorized government officials of any government that
makes an official request for this information. The check user policy
is not going to be any kind of protection in this situation. In
addition, as I've pointed out earlier, both of these governments are
more than capable technologically to be able to obtain the IP addresses
of Wikimedia users without even having to ask for it from the
Foundation. The Chinese have an entire battalion of their army that
does nothing but electronic surveilance and warfare. This is a trivial
task for people with that kind of training. They don't call it the
Great Firewall of China for a trivial reason, as all IP traffic into and
out of China is monitored.
As for the Saudis, I was offered a job with a Saudi company for
$150,000/year (turned it down BTW). They certainly have the financial
means to get whatever technological talent they need, especially if it
is perceived as a threat to the royal family in any form, or even
religious zealots within their government. If I were a Saudi citizen, I
would not count on the Wikimedia checkuser policy as offering even a
shred of protection. At best a speed bump to slow down the government
by a few days. And a nightmare of negative publicity for the WMF if
board members tried to drag their heels intentionally with an overtly
political act to stop any government from obtaining this information.
>So if en.wp makes heavy regular use of checkuser why shouldn't zh.wp and ar.wp
>do the same as well (and logfile data of a palestinian on he.wp is also a
>potentially serious matter for example)? It is a question of caution and role
>model function of en.wp.
>
>So I don't suggest to en.wp stop checkuser but use it more seriously. Just
>block an IP or recently created vandal account unilaterally if you think it's
>a sock puppet without investigating deeper (hey you're admin you have to *be
>bold* sometimes) and only perform a checkuser afterwards in case there was a
>real demand from several third persons.
>
>That way you also avoid creating a large bueraucracy on blocking of small
>fishes like IPs and short lived accounts and have more time for far more
>important matters.
>
>Checkuser should mainly be a weapon against sock puppets of people that are
>involved deeper in the project (let's say several accounts of a single person
>that abuses them for quite some time in a sophisticated way with a mixture
>out of valid and POV edits).
>
>Just my 2 cents...
>
>Arnomane
>
I agree that sockpuppets and persistant vandals (a variation of sock
puppet abuse) would be the main reasons for even using checkuser scans.
While I can dream up some scenerios of abuse, what I'm asking is what
actual abuse has happened based on experience. Apparently there is none
at all.
It is too bad that non-Wikipedia projects can't use checkuser scans,
however. That is another fight for another thread.
--
Robert Scott Horning
More information about the wikimedia-l
mailing list