[Wikimedia-l] CheckUser openness

[Stephanie Daugherty]

On Fri, Jun 15, 2012 at 4:52 AM, Martijn Hoekstra <martijnhoekstra at gmail.com
> wrote:

> Two points that might help bring people on different sides of the
> issue closer together.
>
> 1. How about notifying people that they have been check-usered 2
> months after the fact? By that time I hope all investigations are
> complete, and is the risk of tipping off the nefarious should be over.
>
> That's an interesting concept, and I'd think this would be the only way to
notify users without compromising the effectiveness of the tool, but I
still have serious reservations about disclosure here for reasons
previously cited and below. Also, there are conceivably complex abuse cases
where an investigation would take longer than 2 months, particularly in the
sort of cases that eventually end up before en.wiki's arbcom.



> 2. Though the strategies of when to checkuser and how to interpret the
> results are private, the workings of CheckUser are not. It is free
> software, and its useage described at
> http://www.mediawiki.org/wiki/Extension:CheckUser I would imagine any
> tech-savy user with malicioius intent will check how CheckUser can be
> used to detect their malicious editing, and what means they have to
> avoid detection. Notifying someone they have been checkusered does not
> give them any information they didn't have already, apart from being
> under investigation.


The privacy rules surrounding it are very much public as well. That makes
the effectiveness of checkuser as a tool very much dependent on
carelessness or ignorance of person targeted, things we want to preserve as
much as possible lest checkuser stop being effective or massive relaxation
of privacy policies become necessary to preserve its effectiveness.