[Wikimedia-l] CheckUser openness

James Alexander jamesofur at gmail.com
Thu Jun 14 01:54:28 UTC 2012


To be honest the biggest problem is that releasing this information can
hurt quite a lot. It can give away the techniques the checkuser (or
checkusers, more then one working together is very common to make sure
they're right) used to draw the connections. This is especially true for
technical information where it can easily give away 'tell-tale' signs used
as part of the determination.

Almost every time I've ever seen the information demanded it was quite
clear (usually even with out any type of technical information) that the
user was guilty as charged and now they just wanted one of those two
things: A target (the CU) or the information (to find out where they went
wrong).

Yes, if a horrible checkuser was checking you you wouldn't know instantly
but that's why we have so many checks and balances. Giving all of this
information to everyone, especially automatically, would make it almost
infinitely harder for checkusers to do their job.

James

On Wed, Jun 13, 2012 at 6:30 PM, John <phoenixoverride at gmail.com> wrote:

> Risker comment was basically "lets not set a global accountability and
> ability to get CU related logs of our self on a global level, instead take
> it to each project and fight it out there" to me that reeks of obfuscation.
> Realistically this should be a global policy, just like our privacy policy
> is. Why shouldnt users know when they have been checkusered and why?
>
> On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia Foundation <
> pbeaudette at wikimedia.org> wrote:
>
> > I dunno, John, you almost had me convinced until that email. I saw in
> that
> > mail a reasonable comment from Risker based on long time precedent.
> >
> > As you may know, there are a number of checks and balances in place.
> > First, the CUs watch each other. With a broad group, you can be assured
> > they don't all always agree and there is healthy debate and dialogue.
> > Second, enwp has an audit subcommittee that routinely audits the logs
> with
> > a fine toothed comb.  They are NOT all previous checkusers, to avoid the
> > sort of groupthink that appears to concern you. Then, the WMF has an
> > ombudsman commission, which also may audit with commission from the
> Board.
> > Those people take their role very seriously. And last, anyone with
> genuine
> > privacy concerns can contact the WMF:  me, Maggie, anyone in the legal or
> > community advocacy department.
> >
> > Is it an iron clad assurance of no misbehavior?  Probably not, and we
> will
> > continue to get better at it: but I will say that in 3 years of being
> > pretty closely involved with that team, I'm impressed with how much they
> > err on the side of protection of privacy. I have a window into their
> world,
> > and they have my respect.
> >
> > Best, PB
> > -----------------------
> > Philippe Beaudette
> > Director, Community Advocacy
> > Wikimedia Foundation, Inc
> >
> >
> > Sent from my Verizon Wireless BlackBerry
> >
> > -----Original Message-----
> > From: John <phoenixoverride at gmail.com>
> > Sender: wikimedia-l-bounces at lists.wikimedia.org
> > Date: Wed, 13 Jun 2012 21:17:09
> > To: Wikimedia Mailing List<wikimedia-l at lists.wikimedia.org>
> > Reply-To: Wikimedia Mailing List <wikimedia-l at lists.wikimedia.org>
> > Subject: Re: [Wikimedia-l] CheckUser openness
> >
> > Yet another attempt from a checkuser to make monitoring their actions and
> > ensuring our privacy more difficult.
> >
> > On Wed, Jun 13, 2012 at 9:10 PM, Risker <risker.wp at gmail.com> wrote:
> >
> > > Each project has its own standards and thresholds for when checkusers
> may
> > > be done, provided that they are within the limits of the privacy
> policy.
> > > These standards vary widely.  So, the correct place to discuss this is
> on
> > > each project.
> > >
> > > Risker
> > >
> > > On 13 June 2012 21:02, Thomas Dalton <thomas.dalton at gmail.com> wrote:
> > >
> > > > Why shouldn't spambots and vandals be notified? Just have the
> software
> > > > automatically email anyone that is CUed. Then the threshold is simply
> > > > whether you have an email address attached to your account or not.
> > > >
> > > > This seems like a good idea. People have a right to know what is
> being
> > > done
> > > > with their data.
> > > > On Jun 14, 2012 12:35 AM, "Risker" <risker.wp at gmail.com> wrote:
> > > >
> > > > > On 13 June 2012 19:18, John <phoenixoverride at gmail.com> wrote:
> > > > >
> > > > > > This is something that has been bugging me for a while. When a
> user
> > > has
> > > > > > been checkusered they should at least be notified of who
> preformed
> > it
> > > > and
> > > > > > why it was preformed. I know this is not viable for every single
> CU
> > > > > action
> > > > > > as many are for anons. But for those users who have been around
> > for a
> > > > > > period, (say autoconfirmed) they should be notified when they are
> > > CU'ed
> > > > > and
> > > > > > any user should be able to request the CU logs pertaining to
> > > themselves
> > > > > > (who CU'ed them, when, and why) at will. I have seen CU's refuse
> to
> > > > > provide
> > > > > > information to the accused.
> > > > > >
> > > > > > See the Rich Farmbrough ArbCom case where I suspect obvious
> > fishing,
> > > > > where
> > > > > > the CU'ed user was requesting information and the CU claimed it
> > would
> > > > be
> > > > > a
> > > > > > violation of the privacy policy to release the
> > time/reason/performer
> > > of
> > > > > the
> > > > > > checkuser.
> > > > > >
> > > > > > This screams of obfuscation and the hiding of information. I know
> > the
> > > > > > ombudsman committee exists as a check and balance, however before
> > > > > something
> > > > > > can be passed to them evidence of inappropriate action is needed.
> > > Ergo
> > > > > > Catch-22
> > > > > >
> > > > > > I know checkusers  keep a private wiki
> > > > > > https://checkuser.wikimedia.org/wiki/Main_Page and I know
> > according
> > > to
> > > > > our
> > > > > > privacy policy we are supposed to purge our information regularly
> > (on
> > > > > wiki
> > > > > > CU logs exist for 90 days) however who oversees the regular
> removal
> > > of
> > > > > > private information on the wiki?
> > > > > >
> > > > > > My proposal would be for all users who are at least auto
> confirmed
> > to
> > > > be
> > > > > > notified and be able to request all CU logs regarding themselves
> at
> > > any
> > > > > > point, and any mentions of themselves on the CU wiki should be
> > > > > retrievable.
> > > > > >
> > > > > >
> > > > > >
> > > > > Perhaps some full disclosure should be made here John.  You are a
> > > > checkuser
> > > > > yourself, have access to the checkuser-L mailing list and the
> > checkuser
> > > > > wiki, helped to set up the Audit Subcommittee on the English
> > Wikipedia
> > > > > (which carries out reviews of checkuser/oversighter actions on
> > > request);
> > > > > you are also a member of the English Wikipedia functionaries
> mailing
> > > list
> > > > > because you are a former arbitrator, a checkuser and an oversighter
> > on
> > > > > enwp. (so have access there to express your concerns or suggest
> > changes
> > > > in
> > > > > standards),   It seems you are complaining about a specific case,
> and
> > > > > instead of talking things out about this specific case, you've
> > decided
> > > to
> > > > > propose an entirely different checkusering standard.  I'll point
> out
> > >  in
> > > > > passing that half of the spambots blocked in recent weeks by
> > checkusers
> > > > > were autoconfirmed on one or more projects, and even obvious
> vandals
> > > can
> > > > > hit the autoconfirmed threshold easily on most projects.
> > > > >
> > > > > Full disclosure on my part: I am also an Enwp checkuser and a
> member
> > of
> > > > the
> > > > > Arbitration Committee.
> > > > >
> > > > > Risker
> > > > > _______________________________________________
> > > > > Wikimedia-l mailing list
> > > > > Wikimedia-l at lists.wikimedia.org
> > > > > Unsubscribe:
> > https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> > > > >
> > > > _______________________________________________
> > > > Wikimedia-l mailing list
> > > > Wikimedia-l at lists.wikimedia.org
> > > > Unsubscribe:
> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> > > >
> > > _______________________________________________
> > > Wikimedia-l mailing list
> > > Wikimedia-l at lists.wikimedia.org
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> > >
> > _______________________________________________
> > Wikimedia-l mailing list
> > Wikimedia-l at lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> > _______________________________________________
> > Wikimedia-l mailing list
> > Wikimedia-l at lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> >
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>



-- 
James Alexander
jamesofur at gmail.com


More information about the Wikimedia-l mailing list