[Wikimedia-l] CheckUser openness

Sydney Poore sydney.poore at gmail.com
Thu Jun 14 20:52:26 UTC 2012 

On Thu, Jun 14, 2012 at 4:07 PM, John <phoenixoverride at gmail.com> wrote:

> I am not asking for full disclosure, what I am asking is that established
> user have the right to be notified when and why they are being checkusered.
> The evidence checkusers get do not need to be disclosed, Its as simple as:
>
>  X performed a checkuser on you because Y at Z UTC
>
> that provides clarity and openness while keeping the information checkusers
> use confidential. A note like that would provide vandals with very little
> information. And the second step of defining a threshold would eliminate
> most of the vandal checks.
>
> To me this screams of lets keep oversight of checkuser to a minimum. Right
> now there is the ombudsman committee globally (to ask for review from them
> we need evidence, realistically only other checkusers can provide that)
> and on enwp there is the Audit Subcommittee, which 75% of are either arbcom
> members (be defacto are granted CU ), former arbcom, or former CU. To me
> that really reeks of lack of independent oversight. Notifying an
> established user that they are subject to a CU doesnt harm the CU's ability
> to do their job unless they themselves have something to hide. Its not like
> I am asking for CU's to release IP addresses/user-agents or anything else
> that could assist me in avoiding scrutiny.
>

John, I strongly disagree with your comment.

"Notifying an
established user that they are subject to a CU doesn't harm the CU's ability
to do their job unless they themselves have something to hide. Its not like
I am asking for CU's to release IP addresses/user-agents or anything else
that could assist me in avoiding scrutiny."

The requirement that the checkuser inform community members that their
private data has been viewed would be a large task that could only be done
effectively by using a bot. But the questions would need to be responded to
by checkusers and would needlessly tie up volunteer time for no real
reason. People who share a range with vandals or prolific sockmasters could
get inundated with notifications because they show up on those ranges.

Additionally, it is common for checkusers to watch an account's editing
pattern in addition to looking at checkuser data in order to determine if
the user is a sock. Telling the user that they have been subject to a
checkuser would take away this very useful practice, unnecessarily alarm
members of the community when they show up in checks while alerting
problematic users that we are focusing on them or their ip range.

When users edit WMF sites they must agree that their data will be captured
and used in limited ways. See the Terms of use and the privacy policy.

http://meta.wikimedia.org/wiki/Terms_of_use#2._Privacy_Policy

http://wikimediafoundation.org/wiki/Privacy_Policy#Purpose_of_the_collection_of_private_information

I don't see any reason to alter a system that seems to be working well now.

Sydney Poore
User:FloNight
Member Ombudsmen Commission but speaking only for myself.



> On Thu, Jun 14, 2012 at 3:48 AM, Stephanie Daugherty
> <sdaugherty at gmail.com>wrote:
>
> > On Thu, Jun 14, 2012 at 3:36 AM, David Richfield
> > <davidrichfield at gmail.com>wrote:
> >
> > > So User:mfgaowener should get an automated mail saying "because you
> > > did a pagemove with edit summary "Haggggers!" you were checkusered.
> > > Please be more subtle in your vandalism next time."
> > >
> > > I trust the current checks and balances, and I don't think the system
> > > is getting significant levels of abuse.
> > >
> > > +1 on this. The methods that checkusers have are heavily constrained as
> > it
> > is by privacy concerns, and they are very fragile. They only work
> > effectively within the tight privacy restrictions with a certain amount
> of
> > security through obscurity. For one, a checkuser needs to be able to
> > monitor a situation sometimes to be sure that they are casting a wide
> > enough net for a block to be effective. For another, the standard of
> > reasonable suspicion placed on the checkuser tool is high enough that
> with
> > enough practice, vandals would learn to be careful to never justify a
> > checkuser request within the privacy guidelines.
> >
> > We're between a rock and a hard place, because to give the transparency
> > being asked for, we'd enter an arms race where we'd quickly have to relax
> > the checkuser standards to the point where it becomes "anything goes so
> > long as you don't disclose it".
> >
> > -Stephanie
> > _______________________________________________
> > Wikimedia-l mailing list
> > Wikimedia-l at lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> >
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>

More information about the Wikimedia-l mailing list