Mailing List Archive

I think the log of CheckUser usage must be public; there is no otherwise no
check on abuse.

Jack Lutz (jack-lutz@comcast.net) [050412 14:10]:

> I think the log of CheckUser usage must be public; there is no otherwise no
> check on abuse.


Unfortunately, that will give everyone a damn good idea of what people's
IPs are. At present, all access show on the page, so Tim and I can see what
each other have accessed. (He's used it precisely twice, to test it ;-)


- d.

David Gerard wrote:
> Jack Lutz (jack-lutz@comcast.net) [050412 14:10]:
>
>
>>I think the log of CheckUser usage must be public; there is no otherwise no
>>check on abuse.
>
>
>
> Unfortunately, that will give everyone a damn good idea of what people's
> IPs are. At present, all access show on the page, so Tim and I can see what
> each other have accessed. (He's used it precisely twice, to test it ;-)

I put the log in a flat file on NFS
(/home/wikipedia/logs/checkuser.log), partly to make it easy for
suspicious developers to check up on what the users have been doing with
it. So it's not just two people overseeing each other. I'd prefer it if
more people could view the log, but for privacy reasons we can't make it
public at this stage. If there's sufficient demand, we could probably
make partial logs available -- say, just the usernames but not the IP
addresses.

-- Tim Starling

Tim Starling (t.starling@physics.unimelb.edu.au) [050412 22:40]:
> David Gerard wrote:
> > Jack Lutz (jack-lutz@comcast.net) [050412 14:10]:

> >>I think the log of CheckUser usage must be public; there is no otherwise no
> >>check on abuse.

> > Unfortunately, that will give everyone a damn good idea of what people's
> > IPs are. At present, all access show on the page, so Tim and I can see what
> > each other have accessed. (He's used it precisely twice, to test it ;-)

> I put the log in a flat file on NFS
> (/home/wikipedia/logs/checkuser.log), partly to make it easy for
> suspicious developers to check up on what the users have been doing with
> it. So it's not just two people overseeing each other. I'd prefer it if
> more people could view the log, but for privacy reasons we can't make it
> public at this stage. If there's sufficient demand, we could probably
> make partial logs available -- say, just the usernames but not the IP
> addresses.


I can see the creatively antisocial trying to use that as a point against
other editors they are in combat with.


- d.

Simply from a technical point of view, the wide use of this tool as it
is currently implemented would probably involve synchronization issues
resulting in the corruption of the log (I had a similar experience
with the paypal donations script I've worked on).

On Apr 12, 2005 8:39 AM, Tim Starling <t.starling@physics.unimelb.edu.au> wrote:
*SNIP*
> I put the log in a flat file on NFS
> (/home/wikipedia/logs/checkuser.log)
*SNIP*
>
> -- Tim Starling
*SNIP*

--
Michael Becker

David Gerard a écrit:
> Tim Starling
(t.starling@physics.unimelb.edu.au) [050412
22:40]:

>>>Unfortunately, that will give everyone a damn good idea of what people's
>>>IPs are. At present, all access show on the page, so Tim and I can
see what
>>>each other have accessed. (He's used it precisely twice, to test it ;-)
>>
>
>
>>I put the log in a flat file on NFS
>>(/home/wikipedia/logs/checkuser.log), partly to make it easy for
>>suspicious developers to check up on what the users have been doing with
>>it. So it's not just two people overseeing each other. I'd prefer it if
>>more people could view the log, but for privacy reasons we can't make it
>>public at this stage. If there's sufficient demand, we could probably
>>make partial logs available -- say, just the usernames but not the IP
>>addresses.
>
>
>
> I can see the creatively antisocial trying to use that as a point against
> other editors they are in combat with.
>
>
> - d.

I would not support any such list to be public. It seems to me that
bringing public suspicion over someone is already a bit condemning him.
This is not wikilove at all, and prone to further heat conflicts.

Another solution could simply be to name two people ombudsmen over this
topic. We should choose two people trusted by the community, BUT
generally out of usual cabalistic discussions. Rather quiet and discreet
people, not involved in current internal politics. These are most likely
to be independant from those with the right to check the ips.

Ant

Milos Rancic a écrit:
> Even small community, Serbian Wikipedia has potentail for such need.
> However, I don't think that we need to have person with such
> privileges, but I would like to have possibility to ask some steward
> for that, not some busy developer. Also, I suppose that larger
> communities need persons with such privlieges.

Stewards are also very busy ;-)

Ant

Anthere (anthere9@yahoo.com) [050418 03:24]:
> David Gerard a écrit:
> > Tim Starling

> >>it. So it's not just two people overseeing each other. I'd prefer it if
> >>more people could view the log, but for privacy reasons we can't make it
> >>public at this stage. If there's sufficient demand, we could probably
> >>make partial logs available -- say, just the usernames but not the IP
> >>addresses.

> > I can see the creatively antisocial trying to use that as a point against
> > other editors they are in combat with.

> I would not support any such list to be public. It seems to me that
> bringing public suspicion over someone is already a bit condemning him.
> This is not wikilove at all, and prone to further heat conflicts.


Precisely.


> Another solution could simply be to name two people ombudsmen over this
> topic. We should choose two people trusted by the community, BUT
> generally out of usual cabalistic discussions. Rather quiet and discreet
> people, not involved in current internal politics. These are most likely
> to be independant from those with the right to check the ips.


That's a good idea! Add it to [[m:CheckUser]] ;-)

Since the community hasn't added much that's solid or elegant in the way of
guidelines for my non-dev use of the function, I plan to add outlines for
my future use of the function to m:CheckUser and see who screams. Something
along the lines of "any strong suspicion of sockpuppetry to violate ArbCom
ban or restriction" as well as the current criterion I use, which is
"well-founded suspicion of sockpuppetry in current ArbCom case" or similar.
And see who screams and how loud.


- d.

>
> I would not support any such list to be public. It seems to me that
> bringing public suspicion over someone is already a bit condemning him.
> This is not wikilove at all, and prone to further heat conflicts.
>
> Another solution could simply be to name two people ombudsmen over this
> topic. We should choose two people trusted by the community, BUT
> generally out of usual cabalistic discussions. Rather quiet and discreet
> people, not involved in current internal politics. These are most likely
> to be independant from those with the right to check the ips.
>
> Ant
>
Secrecy checked by more secrecy. This is going in the wrong direction.
A user should be notified some way when they are targeted for
investigated.

>
>That's a good idea! Add it to [[m:CheckUser]] ;-)
>
>Since the community hasn't added much that's solid or elegant in the way of
>guidelines for my non-dev use of the function, I plan to add outlines for
>my future use of the function to m:CheckUser and see who screams. Something
>along the lines of "any strong suspicion of sockpuppetry to violate ArbCom
>ban or restriction" as well as the current criterion I use, which is
>"well-founded suspicion of sockpuppetry in current ArbCom case" or similar.
>And see who screams and how loud.
>
>
>
This is difficult. It could only be implemented for the english pedia.
As it would be impossible for say someone from the Japanese pedia to run
for this as he/she would be unknown outside their own projects. This is
also the reason why the vote for boardmembers will result most probably
in two people from en.wikipedia being choosen.

Waerth/Walter

Puddl Duk a écrit:
>>I would not support any such list to be public. It seems to me that
>>bringing public suspicion over someone is already a bit condemning him.
>>This is not wikilove at all, and prone to further heat conflicts.
>>
>>Another solution could simply be to name two people ombudsmen over this
>>topic. We should choose two people trusted by the community, BUT
>>generally out of usual cabalistic discussions. Rather quiet and discreet
>>people, not involved in current internal politics. These are most likely
>>to be independant from those with the right to check the ips.
>>
>>Ant
>>
>
> Secrecy checked by more secrecy. This is going in the wrong direction.
> A user should be notified some way when they are targeted for
> investigated.


I did not imply that the user should not know. I think he should probably.

However, I do not think the other editors should know.

In many countries, a person is considered not guilty until convinced of
a crime. Now, we know better than that. Practically, when the police
starts looking suspiciously to someone, the neighbours get suspicious as
well.

On 4/17/05, Anthere <anthere9@yahoo.com> wrote:
>
>
> Puddl Duk a écrit:
> >>I would not support any such list to be public. It seems to me that
> >>bringing public suspicion over someone is already a bit condemning him.
> >>This is not wikilove at all, and prone to further heat conflicts.
> >>
> >>Another solution could simply be to name two people ombudsmen over this
> >>topic. We should choose two people trusted by the community, BUT
> >>generally out of usual cabalistic discussions. Rather quiet and discreet
> >>people, not involved in current internal politics. These are most likely
> >>to be independant from those with the right to check the ips.
> >>
> >>Ant
> >>
> >
> > Secrecy checked by more secrecy. This is going in the wrong direction.
> > A user should be notified some way when they are targeted for
> > investigated.
>
> I did not imply that the user should not know. I think he should probably.
>

Yes, I agree. My suggestion on
http://meta.wikimedia.org/wiki/CheckUser accounts for this.

> However, I do not think the other editors should know.
>
> In many countries, a person is considered not guilty until convinced of
> a crime. Now, we know better than that. Practically, when the police
> starts looking suspiciously to someone, the neighbours get suspicious as
> well.
>

Also, with regards to Wikipedia, if editors don't know for sure that
their account information is private then they are less likely to
write honestly about government, politics, the company they work at,
etc.

Whereas if an editor knows they will receive notification when someone
looks into their ip address, then they can have confidence in the
transparency and accountability of our privacy policy.

As I mentioned on this list a couple of weeks ago,
[[Special:CheckUser]] allows a user with "checkuser" permissions to
check the IP address of a logged in user in order to investigate abuse
or check for "sockpuppetting".

Thanks to everyone who gave feedback on this at
<http://meta.wikimedia.org/wiki/CheckUser> or on the mailing list. The
majority of people commenting there thought the feature should be made
more widely available. However, there was little agreement on who
should be given access to the feature or to the logs.

Currently, only David Gerard and Tim Starling have access to this
feature. David pointed out that he barely uses it, and that its
availability to the English Arbitration Committee has been
controversial. He felt the issue is less "who should have access" than
"what circumstances justify checking?". See [[meta:CheckUser]] for
details on how David is currently using it. Tim starling suggested two
guidelines on the mailing list; only research bad people and do not
give away IP addresses unless it's necessary.

There was general agreement on making CheckUser more widely available,
but many thought this should only be done with restrictions, limits
and/or penalties. There were mixed views on who should be given access
to it, with suggestions including sysops, bureaucrats, bureaucrats of
the larger wikis, stewards, or something between one and three elected
users per project. Some felt people should use it only on their own
project. There was no general agreement on whether it should be
limited to stewards.

The most contentious question was whether the user being checked
should be notified about the check. Some people felt very strongly
that they should, but there were also many arguments against doing
this. See [[meta:CheckUser]] for full details. Some felt that, not
only should the checked user be told, but that the logs should be
public. Anthere suggested ombudsmen should be appointed to oversee the
use of it.

David Gerard added a question about which circumstances merit
checking. Two people said that there must be reasonable cause for it.
Guidelines such as requiring another user request it so it can't be
used for personal reasons, and using it only as a last resort, were
also suggested. One person felt the user that is checked has to
approve.

If anyone else would like to add to these comments, please do so at
<http://meta.wikimedia.org/wiki/CheckUser> so that decisions can be
made about how this feature should be used, and who should be able to
use it.

Thanks.

Angela.