[Foundation-l] Re: [Wikipedia-l] Expanding CheckUser permissions

Tue Apr 12 18:43:36 UTC 2005

Puddl Duk (puddlduk at gmail.com) [050413 02:36]:
> On Apr 12, 2005 8:35 AM, David Gerard <fun at thingy.apana.org.au> wrote:

> > > ...invasion of privacy by potentially removing anonymity from the use of
> > > Wikipedia. Please let this tool be a last resort in serious cases.

> > Precisely. That's why anyone using it needs to have an awareness of these
> > issues and proceed with extreme caution.

> Guarantees of restraint from the current users of this feature are
> fine, I'm sure that Tim and David are trustworthy, but that's the here
> and now. The feature needs some built in oversight.

Those with access to it see all uses, ever. Tim has also made this list
available to others.

> Users should be notified when CheckUser is run on them (something like
> a message notice, that only they can see).   Waerth noted that this
> will cause some controversy with users when they see they have been
> investigated, which is true. But this makes a good deterrent of abuse.
>  Anyone who runs it will have a damn good reason, knowing that they
> may have to explain themselves.  Also, many requests for sockpuppet
> checks are public, so informing the users who were checked isn't any
> different in these cases.

You're writing the code to do this, then?

> Waerth also notes on, meta, that 90% of the checks will be on innocent
> users. If this is the case, then I have to question how solid the
> reasoning is for checking those 90%.

One thing I've just asked on [[m:CheckUser]] is for ideas on what the
criteria should be. As I noted, spurious allegations of sockpuppetry are de
rigeur on en: arbitration cases. One thing that frustrates me at present is
there are quite a few I think I should *maybe* look into but don't feel
certain enough to because there isn't a clear case to hand.

> Finally, notifying a registered user when their identity is checked is
> just a decent thing to do.

There is that. OTOH, when I was investigating the socks of the 'Baku Ibne'
troll, I came across use of the same IPs by good users and checked their
IPs as well. Now, should we be revealing too much information to them about
an ongoing investigation?

And also: any website will look through the logs in detail if they suspect
abuse. The devs do this *all the time already*. And they *do not* notify
anyone in particular. The key to this feature is not doing anything that
isn't done already, it's giving access to a small subset of it to people
who aren't actually Wikimedia system administrators, mostly so the system
administrators can get on with running the site.

- d.