[Wikimedia-l] CheckUser openness

Birgitte_sb at yahoo.com Birgitte_sb at yahoo.com
Thu Jun 14 23:45:40 UTC 2012


Here is the log, from my home wiki, as you requested:

http://en.wikisource.org/wiki/Ws:an#Checkuser_notification

As others have said this is a community dependent issue.  The wikis are self-governing and some govern with (largely) publicly transparent logs available (I am not a CU and honestly can't recall what the exception to logging might be at en.WS, but I think there is some provision for CU to make a judgement call) and some govern themselves by not making any logs available in public.  I believe there are probably even communities that are 100% transparent. I can't remember who it was that wouldn't allow their CUs to join the interchange CU private list, maybe one of the French wikis?

This, like most things, is an issue were you would need to develop community consensus to change how we are governing ourselves.  Since you do not say which wiki you are concerned with, it is safe to assume you mean to accuse en.WP of poor standards of practice wrt CU transparency.  You can only resolve this on en.WP, not here. However much you might or might not find agreement here on best practices, the mailing list doesn't govern en.WP.

BirgitteSB


On Jun 13, 2012, at 8:58 PM, John <phoenixoverride at gmail.com> wrote:

> I am not asking for checkuser results, rather the basic logs about
> when/why/who may have checkusered the account. I am not asking CUs to
> release IP/user-agent/other info, but to let users know that they are being
> CUed, by whom and why. and to be able to request that historical
> information from the CU logs
> 
> On Wed, Jun 13, 2012 at 9:54 PM, James Alexander <jamesofur at gmail.com>wrote:
> 
>> To be honest the biggest problem is that releasing this information can
>> hurt quite a lot. It can give away the techniques the checkuser (or
>> checkusers, more then one working together is very common to make sure
>> they're right) used to draw the connections. This is especially true for
>> technical information where it can easily give away 'tell-tale' signs used
>> as part of the determination.
>> 
>> Almost every time I've ever seen the information demanded it was quite
>> clear (usually even with out any type of technical information) that the
>> user was guilty as charged and now they just wanted one of those two
>> things: A target (the CU) or the information (to find out where they went
>> wrong).
>> 
>> Yes, if a horrible checkuser was checking you you wouldn't know instantly
>> but that's why we have so many checks and balances. Giving all of this
>> information to everyone, especially automatically, would make it almost
>> infinitely harder for checkusers to do their job.
>> 
>> James
>> 
>> On Wed, Jun 13, 2012 at 6:30 PM, John <phoenixoverride at gmail.com> wrote:
>> 
>>> Risker comment was basically "lets not set a global accountability and
>>> ability to get CU related logs of our self on a global level, instead
>> take
>>> it to each project and fight it out there" to me that reeks of
>> obfuscation.
>>> Realistically this should be a global policy, just like our privacy
>> policy
>>> is. Why shouldnt users know when they have been checkusered and why?
>>> 
>>> On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia
>> Foundation <
>>> pbeaudette at wikimedia.org> wrote:
>>> 
>>>> I dunno, John, you almost had me convinced until that email. I saw in
>>> that
>>>> mail a reasonable comment from Risker based on long time precedent.
>>>> 
>>>> As you may know, there are a number of checks and balances in place.
>>>> First, the CUs watch each other. With a broad group, you can be assured
>>>> they don't all always agree and there is healthy debate and dialogue.
>>>> Second, enwp has an audit subcommittee that routinely audits the logs
>>> with
>>>> a fine toothed comb.  They are NOT all previous checkusers, to avoid
>> the
>>>> sort of groupthink that appears to concern you. Then, the WMF has an
>>>> ombudsman commission, which also may audit with commission from the
>>> Board.
>>>> Those people take their role very seriously. And last, anyone with
>>> genuine
>>>> privacy concerns can contact the WMF:  me, Maggie, anyone in the legal
>> or
>>>> community advocacy department.
>>>> 
>>>> Is it an iron clad assurance of no misbehavior?  Probably not, and we
>>> will
>>>> continue to get better at it: but I will say that in 3 years of being
>>>> pretty closely involved with that team, I'm impressed with how much
>> they
>>>> err on the side of protection of privacy. I have a window into their
>>> world,
>>>> and they have my respect.
>>>> 
>>>> Best, PB
>>>> -----------------------
>>>> Philippe Beaudette
>>>> Director, Community Advocacy
>>>> Wikimedia Foundation, Inc
>>>> 
>>>> 
>>>> Sent from my Verizon Wireless BlackBerry
>>>> 
>>>> -----Original Message-----
>>>> From: John <phoenixoverride at gmail.com>
>>>> Sender: wikimedia-l-bounces at lists.wikimedia.org
>>>> Date: Wed, 13 Jun 2012 21:17:09
>>>> To: Wikimedia Mailing List<wikimedia-l at lists.wikimedia.org>
>>>> Reply-To: Wikimedia Mailing List <wikimedia-l at lists.wikimedia.org>
>>>> Subject: Re: [Wikimedia-l] CheckUser openness
>>>> 
>>>> Yet another attempt from a checkuser to make monitoring their actions
>> and
>>>> ensuring our privacy more difficult.
>>>> 
>>>> On Wed, Jun 13, 2012 at 9:10 PM, Risker <risker.wp at gmail.com> wrote:
>>>> 
>>>>> Each project has its own standards and thresholds for when checkusers
>>> may
>>>>> be done, provided that they are within the limits of the privacy
>>> policy.
>>>>> These standards vary widely.  So, the correct place to discuss this
>> is
>>> on
>>>>> each project.
>>>>> 
>>>>> Risker
>>>>> 
>>>>> On 13 June 2012 21:02, Thomas Dalton <thomas.dalton at gmail.com>
>> wrote:
>>>>> 
>>>>>> Why shouldn't spambots and vandals be notified? Just have the
>>> software
>>>>>> automatically email anyone that is CUed. Then the threshold is
>> simply
>>>>>> whether you have an email address attached to your account or not.
>>>>>> 
>>>>>> This seems like a good idea. People have a right to know what is
>>> being
>>>>> done
>>>>>> with their data.
>>>>>> On Jun 14, 2012 12:35 AM, "Risker" <risker.wp at gmail.com> wrote:
>>>>>> 
>>>>>>> On 13 June 2012 19:18, John <phoenixoverride at gmail.com> wrote:
>>>>>>> 
>>>>>>>> This is something that has been bugging me for a while. When a
>>> user
>>>>> has
>>>>>>>> been checkusered they should at least be notified of who
>>> preformed
>>>> it
>>>>>> and
>>>>>>>> why it was preformed. I know this is not viable for every
>> single
>>> CU
>>>>>>> action
>>>>>>>> as many are for anons. But for those users who have been around
>>>> for a
>>>>>>>> period, (say autoconfirmed) they should be notified when they
>> are
>>>>> CU'ed
>>>>>>> and
>>>>>>>> any user should be able to request the CU logs pertaining to
>>>>> themselves
>>>>>>>> (who CU'ed them, when, and why) at will. I have seen CU's
>> refuse
>>> to
>>>>>>> provide
>>>>>>>> information to the accused.
>>>>>>>> 
>>>>>>>> See the Rich Farmbrough ArbCom case where I suspect obvious
>>>> fishing,
>>>>>>> where
>>>>>>>> the CU'ed user was requesting information and the CU claimed it
>>>> would
>>>>>> be
>>>>>>> a
>>>>>>>> violation of the privacy policy to release the
>>>> time/reason/performer
>>>>> of
>>>>>>> the
>>>>>>>> checkuser.
>>>>>>>> 
>>>>>>>> This screams of obfuscation and the hiding of information. I
>> know
>>>> the
>>>>>>>> ombudsman committee exists as a check and balance, however
>> before
>>>>>>> something
>>>>>>>> can be passed to them evidence of inappropriate action is
>> needed.
>>>>> Ergo
>>>>>>>> Catch-22
>>>>>>>> 
>>>>>>>> I know checkusers  keep a private wiki
>>>>>>>> https://checkuser.wikimedia.org/wiki/Main_Page and I know
>>>> according
>>>>> to
>>>>>>> our
>>>>>>>> privacy policy we are supposed to purge our information
>> regularly
>>>> (on
>>>>>>> wiki
>>>>>>>> CU logs exist for 90 days) however who oversees the regular
>>> removal
>>>>> of
>>>>>>>> private information on the wiki?
>>>>>>>> 
>>>>>>>> My proposal would be for all users who are at least auto
>>> confirmed
>>>> to
>>>>>> be
>>>>>>>> notified and be able to request all CU logs regarding
>> themselves
>>> at
>>>>> any
>>>>>>>> point, and any mentions of themselves on the CU wiki should be
>>>>>>> retrievable.
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>> Perhaps some full disclosure should be made here John.  You are a
>>>>>> checkuser
>>>>>>> yourself, have access to the checkuser-L mailing list and the
>>>> checkuser
>>>>>>> wiki, helped to set up the Audit Subcommittee on the English
>>>> Wikipedia
>>>>>>> (which carries out reviews of checkuser/oversighter actions on
>>>>> request);
>>>>>>> you are also a member of the English Wikipedia functionaries
>>> mailing
>>>>> list
>>>>>>> because you are a former arbitrator, a checkuser and an
>> oversighter
>>>> on
>>>>>>> enwp. (so have access there to express your concerns or suggest
>>>> changes
>>>>>> in
>>>>>>> standards),   It seems you are complaining about a specific case,
>>> and
>>>>>>> instead of talking things out about this specific case, you've
>>>> decided
>>>>> to
>>>>>>> propose an entirely different checkusering standard.  I'll point
>>> out
>>>>> in
>>>>>>> passing that half of the spambots blocked in recent weeks by
>>>> checkusers
>>>>>>> were autoconfirmed on one or more projects, and even obvious
>>> vandals
>>>>> can
>>>>>>> hit the autoconfirmed threshold easily on most projects.
>>>>>>> 
>>>>>>> Full disclosure on my part: I am also an Enwp checkuser and a
>>> member
>>>> of
>>>>>> the
>>>>>>> Arbitration Committee.
>>>>>>> 
>>>>>>> Risker
>>>>>>> _______________________________________________
>>>>>>> Wikimedia-l mailing list
>>>>>>> Wikimedia-l at lists.wikimedia.org
>>>>>>> Unsubscribe:
>>>> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>>>>>>> 
>>>>>> _______________________________________________
>>>>>> Wikimedia-l mailing list
>>>>>> Wikimedia-l at lists.wikimedia.org
>>>>>> Unsubscribe:
>>> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>>>>>> 
>>>>> _______________________________________________
>>>>> Wikimedia-l mailing list
>>>>> Wikimedia-l at lists.wikimedia.org
>>>>> Unsubscribe:
>> https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>>>>> 
>>>> _______________________________________________
>>>> Wikimedia-l mailing list
>>>> Wikimedia-l at lists.wikimedia.org
>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>>>> _______________________________________________
>>>> Wikimedia-l mailing list
>>>> Wikimedia-l at lists.wikimedia.org
>>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>>>> 
>>> _______________________________________________
>>> Wikimedia-l mailing list
>>> Wikimedia-l at lists.wikimedia.org
>>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>>> 
>> 
>> 
>> 
>> --
>> James Alexander
>> jamesofur at gmail.com
>> _______________________________________________
>> Wikimedia-l mailing list
>> Wikimedia-l at lists.wikimedia.org
>> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>> 
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l


More information about the Wikimedia-l mailing list