Mailing List Archive

It's interesting that you mention 15 days, Jon - as I think the trend has
been in the other direction - towards retaining information for a longer
period - perhaps to better combat vandal accounts?

It was at one point communicated to me that IP data was retained for approx
one month - recently it has been confirmed to me that IP data is now stored
for at least three months - I'm not really sure quite what I think the time
period should be, but I would prefer it to be disclosed openly - I don't
really find arguments supporting security through obscurity wholly
compelling.

Also - I'd like to confirm that general discussion of checkuser form and
function appropriate to this mailing list? - I'm not sure of the norms
around here, and it seems a bit... well... heated, and I don't want to poke
anyone into further rudeness.

best,

Peter,
PM.
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

Hoi,
Security through obscurity is when the way the security is implemented is
undocumented, it is not peer reviewed. If anything this does not apply to
the WMF, the MediaWiki software and the policies as implemented by our
communities. When precise details like how long are results from check user
activity retained are public knowledge, the only persons who benefit from
this knowledge are the persons who aim to game the system. When they
consider that this information stays available, it will hinder their ability
to make mischief.
Thanks,
GerardM

On Sun, Aug 10, 2008 at 8:56 AM, private musings <thepmaccount@gmail.com>wrote:

> It's interesting that you mention 15 days, Jon - as I think the trend has
> been in the other direction - towards retaining information for a longer
> period - perhaps to better combat vandal accounts?
>
> It was at one point communicated to me that IP data was retained for approx
> one month - recently it has been confirmed to me that IP data is now stored
> for at least three months - I'm not really sure quite what I think the time
> period should be, but I would prefer it to be disclosed openly - I don't
> really find arguments supporting security through obscurity wholly
> compelling.
>
> Also - I'd like to confirm that general discussion of checkuser form and
> function appropriate to this mailing list? - I'm not sure of the norms
> around here, and it seems a bit... well... heated, and I don't want to poke
> anyone into further rudeness.
>
> best,
>
> Peter,
> PM.
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

...I think we probably could work out way towards agreeing to disagree on
this one - but I also suspect there's some common ground hiding there
somewhere!

Yes - full openness surrounding the length of time IP data is stored for may
increase 'gamability' in some areas - it may also cause other unspoken, or
un-thought of problems.

The benefits to doing so are in my view a bit fuzzier and related to big
picture community health issues and an abstract concept of what's 'right' -
perhaps it'll suffice to say for now that I currently believe it would be a
net gain to be open, honest, and clear about this sort of stuff.

best,

Peter
PM.


On Sun, Aug 10, 2008 at 5:07 PM, Gerard Meijssen
<gerard.meijssen@gmail.com>wrote:

> Hoi,
> Security through obscurity is when the way the security is implemented is
> undocumented, it is not peer reviewed. If anything this does not apply to
> the WMF, the MediaWiki software and the policies as implemented by our
> communities. When precise details like how long are results from check user
> activity retained are public knowledge, the only persons who benefit from
> this knowledge are the persons who aim to game the system. When they
> consider that this information stays available, it will hinder their
> ability
> to make mischief.
> Thanks,
> GerardM
>
> On Sun, Aug 10, 2008 at 8:56 AM, private musings <thepmaccount@gmail.com
> >wrote:
>
> > It's interesting that you mention 15 days, Jon - as I think the trend has
> > been in the other direction - towards retaining information for a longer
> > period - perhaps to better combat vandal accounts?
> >
> > It was at one point communicated to me that IP data was retained for
> approx
> > one month - recently it has been confirmed to me that IP data is now
> stored
> > for at least three months - I'm not really sure quite what I think the
> time
> > period should be, but I would prefer it to be disclosed openly - I don't
> > really find arguments supporting security through obscurity wholly
> > compelling.
> >
> > Also - I'd like to confirm that general discussion of checkuser form and
> > function appropriate to this mailing list? - I'm not sure of the norms
> > around here, and it seems a bit... well... heated, and I don't want to
> poke
> > anyone into further rudeness.
> >
> > best,
> >
> > Peter,
> > PM.
> > _______________________________________________
> > foundation-l mailing list
> > foundation-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
> >
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

2008/8/10 private musings <thepmaccount@gmail.com>:

> ...I think we probably could work out way towards agreeing to disagree on
> this one - but I also suspect there's some common ground hiding there
> somewhere!
> Yes - full openness surrounding the length of time IP data is stored for may
> increase 'gamability' in some areas - it may also cause other unspoken, or
> un-thought of problems.
> The benefits to doing so are in my view a bit fuzzier and related to big
> picture community health issues and an abstract concept of what's 'right' -
> perhaps it'll suffice to say for now that I currently believe it would be a
> net gain to be open, honest, and clear about this sort of stuff.


It should be noted here that PM's opinions on the matter should be
taken in the context of (a) having been thoroughly busted massively
sockpuppeting on en:wp (b) at no stage accepting that he did anything
wrong in doing so, and that there must be a problem with the checkuser
procedures for him to have been caught.


- d.

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

yup... I'm a bad little thing!

....this is an attempt at levity - David's comments could do with a bit of
context - but yeah, people should be aware of my situation. I'm more than
happy to chat about it if anyone wants to contact me - it's certainly what
led me to look further into the role of checkuser, and was the seed which
led to my belief that the oversight of checkuser processes currently doesn't
do enough to prevent wik-political misuse of the tool.

actually.. this gives me the welcome opportunity to reiterate where I see
the centre of this discussion;

Does it really matter if people are checkusered regularly, with a liberally
low bar, and the information garnered from such checks is shared between
friends and colleagues equally liberally?

I very much feel like I'm finding my feet at this list, so will lurk a bit
more now lest I run the risk of being placed on moderation for disruption...
this list is pretty heated, isn't it!

Peter,
PM.
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

On Sun, Aug 10, 2008 at 7:00 AM, David Gerard <dgerard@gmail.com> wrote:

> 2008/8/10 private musings <thepmaccount@gmail.com>:
>
> > ...I think we probably could work out way towards agreeing to disagree on
> > this one - but I also suspect there's some common ground hiding there
> > somewhere!
> > Yes - full openness surrounding the length of time IP data is stored for
> may
> > increase 'gamability' in some areas - it may also cause other unspoken,
> or
> > un-thought of problems.
> > The benefits to doing so are in my view a bit fuzzier and related to big
> > picture community health issues and an abstract concept of what's 'right'
> -
> > perhaps it'll suffice to say for now that I currently believe it would be
> a
> > net gain to be open, honest, and clear about this sort of stuff.
>
> It should be noted here that PM's opinions on the matter should be
> taken in the context of (a) having been thoroughly busted massively
> sockpuppeting on en:wp (b) at no stage accepting that he did anything
> wrong in doing so, and that there must be a problem with the checkuser
> procedures for him to have been caught.
>

Well, sure, he's experienced first hand the silliness of the whole system,
where people are secretly investigated for what are at worst minor rules
violations and then railroaded with the gathered up data all at once. It's
as though the police installed secret speed cameras, gathered up evidence of
your speeding over a period of several months, then suspended your license
and threw you in jail as a habitual traffic violator when you were convicted
of 7 counts of going 9 mph (14 kmph) over the speed limit.
_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l

private musings wrote:
> yup... I'm a bad little thing!
>
> ....this is an attempt at levity - David's comments could do with a bit of
> context - but yeah, people should be aware of my situation. I'm more than
> happy to chat about it if anyone wants to contact me - it's certainly what
> led me to look further into the role of checkuser, and was the seed which
> led to my belief that the oversight of checkuser processes currently doesn't
> do enough to prevent wik-political misuse of the tool.
>
> actually.. this gives me the welcome opportunity to reiterate where I see
> the centre of this discussion;
>
> Does it really matter if people are checkusered regularly, with a liberally
> low bar, and the information garnered from such checks is shared between
> friends and colleagues equally liberally?
>
> I very much feel like I'm finding my feet at this list, so will lurk a bit
> more now lest I run the risk of being placed on moderation for disruption...
> this list is pretty heated, isn't it!
>
> Peter,
> PM.
> _______________________________________________
> foundation-l mailing list
> foundation-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>
While I don't presume to speak for the list moderators (not being one
and all), I can't imagine you're anywhere close to moderation here at
this time. Moderation tends to be used here for off-topic conversations
that won't die, conversations that are "over" but someone isn't letting
them die, excessive flaming, or in rare cases (usually connected to the
second), to stifle a conversation that is not welcome.

This thread as it exists now is none of those (though given a few more
days it probably will be).

-Dan

_______________________________________________
foundation-l mailing list
foundation-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l