SlimVirgin and CheckUser leaks

classic Classic list List threaded Threaded
136 messages Options
1234 ... 7
Reply | Threaded
Open this post in threaded view
|

SlimVirgin and CheckUser leaks

David Katz-5
The thread at
http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard/Incidents/Tony_Sidaway#Break:_checkuseris
very disturbing. SlimVirgin seems to have inside knowledge from the
Checkuser Logs of which users Lar has been running checks on. The only way
she could have obtained this knowledge is if there is either a leak on the
Checkuser-L list or if someone with access to the Checkuser logs told her.

What is being done to plug this leak? If it came from a CheckUser or
developer that person should be sacked immediately.

SV should be required to say how she got this information and if she refuses
she should be blocked until she becomes co-operative.

This sort of security breach is completely unacceptable and intolerable.

Dave
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

Thomas Dalton
2008/7/19 David Katz <[hidden email]>:
> The thread at
> http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard/Incidents/Tony_Sidaway#Break:_checkuseris
> very disturbing. SlimVirgin seems to have inside knowledge from the
> Checkuser Logs of which users Lar has been running checks on. The only way
> she could have obtained this knowledge is if there is either a leak on the
> Checkuser-L list or if someone with access to the Checkuser logs told her.

I don't think who's been running checks on who is considered private
information - it's the results of those checks that are covered by the
privacy policy. If someone with access to the logs thought there was
good reason to share part of them with SlimVirgin, then I think they
would be allowed to do so.

_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

geni
In reply to this post by David Katz-5
2008/7/19 David Katz <[hidden email]>:

> The thread at
> http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard/Incidents/Tony_Sidaway#Break:_checkuseris
> very disturbing. SlimVirgin seems to have inside knowledge from the
> Checkuser Logs of which users Lar has been running checks on. The only way
> she could have obtained this knowledge is if there is either a leak on the
> Checkuser-L list or if someone with access to the Checkuser logs told her.
>
> What is being done to plug this leak? If it came from a CheckUser or
> developer that person should be sacked immediately.
>
> SV should be required to say how she got this information and if she refuses
> she should be blocked until she becomes co-operative.
>
> This sort of security breach is completely unacceptable and intolerable.
>

There are half a dozen ways SV could have got the info. Online
everything leaks the various less public discussions speed that up
fractionally but not to any great extent.

This being the case I would suggest that the community is unlikely to
benefit from escalating this particular bit of drama.


--
geni

_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

Jon-146
In reply to this post by David Katz-5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Katz wrote:

> The thread at
> http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard/Incidents/Tony_Sidaway#Break:_checkuseris
> very disturbing. SlimVirgin seems to have inside knowledge from the
> Checkuser Logs of which users Lar has been running checks on. The only way
> she could have obtained this knowledge is if there is either a leak on the
> Checkuser-L list or if someone with access to the Checkuser logs told her.
>
> What is being done to plug this leak? If it came from a CheckUser or
> developer that person should be sacked immediately.
>
> SV should be required to say how she got this information and if she refuses
> she should be blocked until she becomes co-operative.
>
> This sort of security breach is completely unacceptable and intolerable.
>
> Dave
> _______________________________________________
> WikiEN-l mailing list
> [hidden email]
> To unsubscribe from this mailing list, visit:
> https://lists.wikimedia.org/mailman/listinfo/wikien-l

Yeah...... no.


There is a process for this, it is not however, blocking an editor until
they give us the information we want.  Inquisition?  This is not our values.

Instead...

Suspicion of abuses of CheckUser should be discussed by each local wiki.
On wikis with an approved ArbCom, the ArbCom can decide on the removal
of access. On wikis without an approved ArbCom, the community can vote
removal of access. Removal can only be done by Stewards. A Steward may
not decide to remove access on their own, but can help provide
information necessary to prove the abuse (such as logs). If necessary,
and in particular in case of lack of respect towards the privacy policy,
the Board of Wikimedia Foundation can be asked to declare removal of
access as well.

Complaints of abuse of CheckUser or privacy policy breaches may also be
brought to the Ombudsman committee.


3 options

Discussion
RFARb
Privacy Ombudsman.


Nowhere do I see "block the user till they speak".

Thanks,
Jon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiCNcsACgkQ6+ro8Pm1AtXEKACfUpY6Pa+T9CWfrXGagkKZIZfp
ayAAoKp2LFcWvh/1rvKQcr6/ZYZR8MMn
=i+fs
-----END PGP SIGNATURE-----

_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

Jon-146
In reply to this post by Thomas Dalton
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thomas Dalton wrote:

> 2008/7/19 David Katz <[hidden email]>:
>> The thread at
>> http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard/Incidents/Tony_Sidaway#Break:_checkuseris
>> very disturbing. SlimVirgin seems to have inside knowledge from the
>> Checkuser Logs of which users Lar has been running checks on. The only way
>> she could have obtained this knowledge is if there is either a leak on the
>> Checkuser-L list or if someone with access to the Checkuser logs told her.
>
> I don't think who's been running checks on who is considered private
> information - it's the results of those checks that are covered by the
> privacy policy. If someone with access to the logs thought there was
> good reason to share part of them with SlimVirgin, then I think they
> would be allowed to do so.
>
> _______________________________________________
> WikiEN-l mailing list
> [hidden email]
> To unsubscribe from this mailing list, visit:
> https://lists.wikimedia.org/mailman/listinfo/wikien-l

Sections 5 and 6 of the privacy policy permit the release of CU
information to /admins/ for example for blocking and reporting.

http://wikimediafoundation.org/wiki/Privacy_policy#Policy_on_release_of_data_derived_from_page_logs

Best,
Jon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiCNjQACgkQ6+ro8Pm1AtVwbwCfS/RoLLouwprJ0sikiXJx+QoF
g+QAnjHb0rqLtODRuiJ4fsTZhDCg1WSS
=F+K5
-----END PGP SIGNATURE-----

_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

Josh Gordon-2
None of this really applies. No data derived from checkuser was released (at
least, from what's being said here); rather, the fact that a checkuser was
run was released. That's not in any way confidential information, nor is it
a release of privileged data. The _results_ of such a request are
privileged, though if someone asks me for the results of a checkuser run on
their own account, I'll tell them, assuming it does not release any
otherwise confidential information (for example, other unrelated users that
show up on the same dynamic IP.)

On Sat, Jul 19, 2008 at 11:45 AM, Jon <[hidden email]> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Thomas Dalton wrote:
> > 2008/7/19 David Katz <[hidden email]>:
> >> The thread at
> >>
> http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard/Incidents/Tony_Sidaway#Break:_checkuseris
> >> very disturbing. SlimVirgin seems to have inside knowledge from the
> >> Checkuser Logs of which users Lar has been running checks on. The only
> way
> >> she could have obtained this knowledge is if there is either a leak on
> the
> >> Checkuser-L list or if someone with access to the Checkuser logs told
> her.
> >
> > I don't think who's been running checks on who is considered private
> > information - it's the results of those checks that are covered by the
> > privacy policy. If someone with access to the logs thought there was
> > good reason to share part of them with SlimVirgin, then I think they
> > would be allowed to do so.
> >
> > _______________________________________________
> > WikiEN-l mailing list
> > [hidden email]
> > To unsubscribe from this mailing list, visit:
> > https://lists.wikimedia.org/mailman/listinfo/wikien-l
>
> Sections 5 and 6 of the privacy policy permit the release of CU
> information to /admins/ for example for blocking and reporting.
>
>
> http://wikimediafoundation.org/wiki/Privacy_policy#Policy_on_release_of_data_derived_from_page_logs
>
> Best,
> Jon
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkiCNjQACgkQ6+ro8Pm1AtVwbwCfS/RoLLouwprJ0sikiXJx+QoF
> g+QAnjHb0rqLtODRuiJ4fsTZhDCg1WSS
> =F+K5
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> WikiEN-l mailing list
> [hidden email]
> To unsubscribe from this mailing list, visit:
> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>



--
--jpgordon ∇∆∇∆
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

David Katz-5
In reply to this post by Jon-146
It certainly doesn't appear that SV was given this information so that she
could block or report the person on whom the CheckUser was run. Instead, it
appears that she was told so she could tip off the person.

Perhaps we should just have a policy where users against whom a checkuser is
run have the right to be informed rather than have a situation where you
only find out if your friends with someone who is the friend of a Checkuser
who leaks info.

On Sat, Jul 19, 2008 at 2:45 PM, Jon <[hidden email]>
wrote:Sections 5 and 6 of the privacy policy permit the release of CU
information to /admins/ for example for blocking and reporting.

http://wikimediafoundation.org/wiki/Privacy_policy#Policy_on_release_of_data_derived_from_page_logs

Best,
Jon
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

Josh Gordon-2
On Sat, Jul 19, 2008 at 12:54 PM, David Katz <[hidden email]> wrote:

> It certainly doesn't appear that SV was given this information so that she
> could block or report the person on whom the CheckUser was run. Instead, it
> appears that she was told so she could tip off the person.
>

Maybe I'm not reading well. From where do you get the idea it was run on
anyone other than her?


--
--jpgordon ∇∆∇∆
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

David Katz-5
In reply to this post by David Katz-5
Do users have the right to be told if a checkuser has been run by them and
by whom? SlimVirgin seems to. Several years ago the fact that Kelly Martin
ran a check on her was leaked and maximum drama ensued. This year, SV was
informed that Lar ran a check on a friend of hers and again, drama.

Either all users should have the right to know if checks have been run on
them or none should. SV should not have special access to information just
because she has a friend who is a CheckUser and is willing to give her
information from the CheckUser log.

On Sat, Jul 19, 2008 at 3:54 PM, David Katz <[hidden email]> wrote:

> It certainly doesn't appear that SV was given this information so that she
> could block or report the person on whom the CheckUser was run. Instead, it
> appears that she was told so she could tip off the person.
>
> Perhaps we should just have a policy where users against whom a checkuser
> is run have the right to be informed rather than have a situation where you
> only find out if your friends with someone who is the friend of a Checkuser
> who leaks info.
>
> On Sat, Jul 19, 2008 at 2:45 PM, Jon <[hidden email]>
> wrote:Sections 5 and 6 of the privacy policy permit the release of CU
> information to /admins/ for example for blocking and reporting.
>
>
> http://wikimediafoundation.org/wiki/Privacy_policy#Policy_on_release_of_data_derived_from_page_logs
>
> Best,
> Jon
>
>
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

David Katz-5
In reply to this post by Josh Gordon-2
http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard/Incidents/Tony_Sidaway#Break:_checkuser

"Well, perhaps other people ought to learn about it. And I wouldn't bank on
our mutual friend not being as pissed off about it as I am. Please don't
assume anything. SlimVirgin <http://en.wikipedia.org/wiki/User:SlimVirgin>
talk| <http://en.wikipedia.org/wiki/User_talk:SlimVirgin>edits<http://en.wikipedia.org/wiki/Special:Contributions/SlimVirgin>05:58,
17 July 2008 (UTC)"

Josh, someone doesn't usually refer to themselves as "our mutual friend".

On Sat, Jul 19, 2008 at 4:00 PM, Josh Gordon <[hidden email]>
wrote:

>
>
> Maybe I'm not reading well. From where do you get the idea it was run on
> anyone other than her?


>
>
> --
> --jpgordon ∇∆∇∆
> _______________________________________________
> WikiEN-l mailing list
> [hidden email]
> To unsubscribe from this mailing list, visit:
> https://lists.wikimedia.org/mailman/listinfo/wikien-l
>
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

Josh Gordon-2
On Sat, Jul 19, 2008 at 1:06 PM, David Katz <[hidden email]> wrote:

>
> http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard/Incidents/Tony_Sidaway#Break:_checkuser
>
> "Well, perhaps other people ought to learn about it. And I wouldn't bank on
> our mutual friend not being as pissed off about it as I am. Please don't
> assume anything. SlimVirgin <http://en.wikipedia.org/wiki/User:SlimVirgin>
> talk| <http://en.wikipedia.org/wiki/User_talk:SlimVirgin>edits<
> http://en.wikipedia.org/wiki/Special:Contributions/SlimVirgin>05:58,
> 17 July 2008 (UTC)"
>
> Josh, someone doesn't usually refer to themselves as "our mutual friend".
>
> On Sat, Jul 19, 2008 at 4:00 PM, Josh Gordon <[hidden email]>
> wrote:
>
> >
> >
> > Maybe I'm not reading well. From where do you get the idea it was run on
> > anyone other than her?
>

Ah, I see. So there was an offsite request (not uncommon, I process those
frequently) to checkuser SlimVirgin and some other editor; a checkuser
decided it was a justified request and ran the check; and another checkuser
told SlimVirgin she'd been the target of a checkuser along with another
editor.

So what?

SlimVirgin might have grounds for complaint if the tool was used improperly;
I don't know one way or another. But nobody has grounds to complain that she
was told that she was the target of a checkuser. Whether she has the right
to know who requested the checkuser is a fuzzier question; I wouldn't mind
if there was a policy that a person may ask and automatically be told if and
why she was checked. I'll generally not reveal the "why" information myself,
especially if a check comes up without any useful information; it would just
exacerbate drama.

--
--jpgordon ∇∆∇∆
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

Sarah-128
In reply to this post by Jon-146
On 7/19/08, Jon <[hidden email]> wrote:
>  Complaints of abuse of CheckUser or privacy policy breaches may also be
>  brought to the Ombudsman committee.

No, in fact only privacy policy breaches can be brought to the
Ombudsman committee. There is no process, as I understand it, for
dealing with checkuser misuse, except taking it to a full ArbCom
hearing, which is why no complaint was brought against Lar, the
checkuser in this case. The editor and two admins who were
checked-usered by him, and I was one of them, didn't have the time or
energy to start an ArbCom case over it.

Someone asked how I knew about this. I was told by one of the people
Lar checkusered, whom he told about it himself, then I was also told
by a sitting member of ArbCom. People who have been checked are
allowed to be told about it under the policy: "Notification to the
account that is checked is permitted but is not mandatory."
http://meta.wikimedia.org/wiki/Checkuser#Use_of_the_tool

There are editors who have argued that it should be mandatory, a view
I'm increasingly coming around to myself.

Sarah

_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

David Gerard-2
2008/7/19 SlimVirgin <[hidden email]>:

> No, in fact only privacy policy breaches can be brought to the
> Ombudsman committee. There is no process, as I understand it, for
> dealing with checkuser misuse, except taking it to a full ArbCom
> hearing, which is why no complaint was brought against Lar, the
> checkuser in this case. The editor and two admins who were
> checked-usered by him, and I was one of them, didn't have the time or
> energy to start an ArbCom case over it.


It would and should be rejected.


> There are editors who have argued that it should be mandatory, a view
> I'm increasingly coming around to myself.


So, tell me: what is the violation you feel you have been subjected
to? Use as many words as you feel you need to.


- d.

_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

Sarah-128
In reply to this post by David Katz-5
On 7/19/08, David Katz <[hidden email]> wrote:
> It certainly doesn't appear that SV was given this information so that she
>  could block or report the person on whom the CheckUser was run. Instead, it
>  appears that she was told so she could tip off the person.

You've misunderstood what happened. I was told -- told, not "tipped
off" -- about the checkuser because I was one of the people Lar
checked. That is allowed under the policy.

_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

Josh Gordon-2
In reply to this post by Sarah-128
On Sat, Jul 19, 2008 at 1:50 PM, SlimVirgin <[hidden email]> wrote:

> There are editors who have argued that it should be mandatory, a view
> I'm increasingly coming around to myself.
>

I think I'm beginning to agree with you myself. But then, it wouldn't be
right to publicly do this, and I'd venture that the vast majority of
checkuser subjects have no legitimate email address to tell privately.


--
--jpgordon ∇∆∇∆
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

Sarah-128
In reply to this post by David Gerard-2
On 7/19/08, David Gerard <[hidden email]> wrote:

> 2008/7/19 SlimVirgin <[hidden email]>:
>
>
>  > No, in fact only privacy policy breaches can be brought to the
>  > Ombudsman committee. There is no process, as I understand it, for
>  > dealing with checkuser misuse, except taking it to a full ArbCom
>  > hearing, which is why no complaint was brought against Lar, the
>  > checkuser in this case. The editor and two admins who were
>  > checked-usered by him, and I was one of them, didn't have the time or
>  > energy to start an ArbCom case over it.
>
>
>
> It would and should be rejected.

Perhaps we should submit one and see.

There was no reason at all to check the first account(s) that Lar
checked. If you know some of the details of the case, and I assume you
do (though I also know you don't know all of them), you'll know that
he had no grounds *whatsoever* to perform the first check, or the
second, but it was assumed and hoped that both checks might lead to
me. He performed the check upon the private request of a troublemaker
who has been harassing me for over a year.

Both the first and second editor were affected by this. The first
abandoned the checked accounts because Lar is not trusted. The second
editor began to wind down his or her involvement in Wikipedia, as did
I to a lesser degree.

I find your attitude worrying. The Ombudsman committee cannot hear the
case because they don't cover checkuser misuse. And you say the ArbCom
*should* not hear it. So there is nothing left to curb this kind of
behavior, despite this person's involvement with Wikipedia Review.

I have no problem with people being checked randomly by anyone. In
fact, if that's the de facto situation, why not give everyone access
to checkuser and allow it to be used wily nily?

But if you're going to pretend to editors that they are checks and
balances on the use of it -- and so long as the policy on meta gives
that impression -- there needs to be a protection mechanism, or at
least peer pressure from other checkusers, and at the moment, we have
neither.

Sarah

_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

Sarah-128
In reply to this post by Josh Gordon-2
On 7/19/08, Josh Gordon <[hidden email]> wrote:

> On Sat, Jul 19, 2008 at 1:50 PM, SlimVirgin <[hidden email]> wrote:
>
>  > There are editors who have argued that it should be mandatory, a view
>  > I'm increasingly coming around to myself.
>  >
>
>
> I think I'm beginning to agree with you myself. But then, it wouldn't be
>  right to publicly do this, and I'd venture that the vast majority of
>  checkuser subjects have no legitimate email address to tell privately.

I'm thinking of a policy that says anyone who asks whether they've
been checkusered must be told whether, why, and by whom, if they make
the request within six months of the check. The request must come from
the e-mail address the editor has added to their Wikipedia
preferences. They may only ask whether that particular account has
been checked. They need not be told the results of the check, in case
that inadvertently implicates someone else, though they may be told it
if no one else is involved.

We could build in a grandfather clause so that this doesn't apply
retroactively. That would protect current checkusers who had performed
checks without knowing the information might become public.

Sarah

_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

Josh Gordon-2
On Sat, Jul 19, 2008 at 2:10 PM, SlimVirgin <[hidden email]> wrote:

> On 7/19/08, Josh Gordon <[hidden email]> wrote:
> > On Sat, Jul 19, 2008 at 1:50 PM, SlimVirgin <[hidden email]>
> wrote:
> >
> >  > There are editors who have argued that it should be mandatory, a view
> >  > I'm increasingly coming around to myself.
> >  >
> >
> >
> > I think I'm beginning to agree with you myself. But then, it wouldn't be
> >  right to publicly do this, and I'd venture that the vast majority of
> >  checkuser subjects have no legitimate email address to tell privately.
>
> I'm thinking of a policy that says anyone who asks whether they've
> been checkusered must be told whether, why, and by whom, if they make
> the request within six months of the check. The request must come from
> the e-mail address the editor has added to their Wikipedia
> preferences. They may only ask whether that particular account has
> been checked. They need not be told the results of the check, in case
> that inadvertently implicates someone else, though they may be told it
> if no one else is involved.
>
> We could build in a grandfather clause so that this doesn't apply
> retroactively. That would protect current checkusers who had performed
> checks without knowing the information might become public.
>

I'd support that. The "why" doesn't have to include the identity of the
person who requested the check. I don't have any particular reason to think
that checkusers have any right to expect that their activities will not be
reported to the targets of the checks, but I guess such a clause would be
drama reducing.




--
--jpgordon ∇∆∇∆
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

Thomas Dalton
In reply to this post by Sarah-128
> I'm thinking of a policy that says anyone who asks whether they've
> been checkusered must be told whether, why, and by whom, if they make
> the request within six months of the check. The request must come from
> the e-mail address the editor has added to their Wikipedia
> preferences. They may only ask whether that particular account has
> been checked. They need not be told the results of the check, in case
> that inadvertently implicates someone else, though they may be told it
> if no one else is involved.

Sounds good to me. I'm not 100% it's necessary to be told who did,
since that could cause checkusers to become targets. If you find out
you've been checkusered and don't think the reason was good enough,
you can file an ArbCom case (the checkuser in question can make an
anonymous statement) and if it's decided the check wasn't warranted,
then the checkuser is revealed (and de-checkusered). I don't know if
that's really necessary, though, we don't allow anonymity for other
privileged actions. I'm not sure if the reason is currently logged -
if this policy is implemented, a reason should be required when the
checkuser is performed. Giving a reason afterwards lends itself to
abuse.

> We could build in a grandfather clause so that this doesn't apply
> retroactively. That would protect current checkusers who had performed
> checks without knowing the information might become public.

The policy on when you can and can't run a checkuser hasn't changed,
so I'm not sure a grandfather clause is necessary, but it could be
included if it's necessary to get the policy accepted.

_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
Reply | Threaded
Open this post in threaded view
|

Re: SlimVirgin and CheckUser leaks

Josh Gordon-2
On Sat, Jul 19, 2008 at 2:19 PM, Thomas Dalton <[hidden email]>
wrote:

> I'm not sure if the reason is currently logged -
> if this policy is implemented, a reason should be required when the
> checkuser is performed. Giving a reason afterwards lends itself to
> abuse.


 A reason is logged, if it is provided. I'll admit I don't enter a reason
for a lot of the cases that I process that involve, for example, Grawp
socks. It could easily be made mandatory, at the cost of making the process
more annoying than it already is. An exhaustive checkuser search of a sock
farm can take hundreds of checks, and the tools, as powerful as they are,
have a pretty primitive interface. But there's no technical cause that
reasons can't be mandatory.

--
--jpgordon ∇∆∇∆
_______________________________________________
WikiEN-l mailing list
[hidden email]
To unsubscribe from this mailing list, visit:
https://lists.wikimedia.org/mailman/listinfo/wikien-l
1234 ... 7