checkuser

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

checkuser

The Uninvited Co., Inc
I believe that Nathan has handled most of the complaints himself.  I
have investigated a handful (3 or 4).  There have been no findings that
have led to anything being referred to the board of trustees.

There are some points of policy that are vague and should be clarified.

The first of these has already been brought up by others, which is
whether or not the commission should be investigating allegations of
abuse of the checkuser tool that are unrelated to privacy violations.
My sense is that it should not, except possibly in the case of smaller
wikis that do not have the governance systems in place to do this
themselves.  The language barriers are too hard to overcome and it isn't
possible for the commission to appreciate the nuances.

Another issue is that policy is silent on the release of derived data.
If someone releases the information that someone is "a user from
Chicago," or at a particular college, they have revealed partial
information derived from page logs about an individual user.  It's
unclear whether or when this is permitted.  We should be providing clear
guidance not only for the commission but for individual checkusers.

As awareness of the commission rises I think we should make it clear
that it is not an alternate venue for routine sock-related disputes.
Checkusers operating on various wikis should have the confidence to do
their jobs without worrying about being second-guessed by a commission
that is unfamiliar with the conventions of their home wiki and language.
 

The board of trustees approached me about the ombudsman role initially
and I would be happy to serve in that capacity if asked to do so again,
though it is not a role I particularly relish nor one that I would seek
out.

Steve/UC


_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: checkuser

Anthony-73
On 8/1/07, The Uninvited Co., Inc <[hidden email]> wrote:
> The first of these has already been brought up by others, which is
> whether or not the commission should be investigating allegations of
> abuse of the checkuser tool that are unrelated to privacy violations.

Aren't all allegations of abuse of the checkuser tool (other than by
developers) related to privacy violations?  The privacy policy says
that "When using a pseudonym, your IP address will not be available to
the public, but it will be stored on the wiki servers for a relatively
short amount of time. Thus it will be available to developers and may
be released under certain circumstances (see below)."

So if the checkuser was not a "developer", and the release didn't fall
under the reasons listed "below", then the release was a violation of
the privacy policy.

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: checkuser

Gregory Maxwell
In reply to this post by The Uninvited Co., Inc
On 8/1/07, The Uninvited Co., Inc <[hidden email]> wrote:
[snip]
> Another issue is that policy is silent on the release of derived data.
> If someone releases the information that someone is "a user from
> Chicago," or at a particular college, they have revealed partial
> information derived from page logs about an individual user.  It's
> unclear whether or when this is permitted.  We should be providing clear
> guidance not only for the commission but for individual checkusers.
[snip]

How is it unclear?

"When using a pseudonym, your IP address will not be available to the
public except in cases of abuse, including vandalism of a wiki page by
you or by another user with the same IP address. In all cases, your IP
address will be stored on the wiki servers and can be seen by
Wikimedia's server administrators and by users who have been granted
"CheckUser" access. Your IP address, and its connection to any
usernames that share it may be released under certain circumstances
(see below)."
...
"Policy on release of data derived from page logs

It is the policy of Wikimedia that personally identifiable data
collected in the server logs, or through records in the database via
the CheckUser feature, may be released by the system administrators or
users with CheckUser access, in the following situations:

   1. In response to a valid subpoena or other compulsory request from
law enforcement
   2. With permission of the affected user
   3. To the chair of Wikimedia Foundation, his/her legal counsel, or
his/her designee, when necessary for investigation of abuse
complaints.
   4. Where the information pertains to page views generated by a
spider or bot and its dissemination is necessary to illustrate or
resolve technical issues.
   5. Where the user has been vandalising articles or persistently
behaving in a disruptive way, data may be released to assist in the
targeting of IP blocks, or to assist in the formulation of a complaint
to relevant Internet Service Providers
   6. Where it is reasonably necessary to protect the rights, property
or safety of the Wikimedia Foundation, its users or the public.

Wikimedia policy does not permit public distribution of such
information under any circumstances, except as described above."

If there is abuse, data can be released. We can release any of our
logged data on your activity in the interest of protecting our site,
our users, or the public at large.

While we can release data when there is abuse we are not obligated to
release all data (except perhaps to authorities in some circumstances)
so instead we may release derived data when doing so is useful for the
protection of our site, it's users, or the public at large.

If there is no abuse then no data should be released.

Fundamentally the first questions asked when investigating a complaint
about checkuser and the privacy policy are: "Was a checkuser even
performed?" "Was data could only have been known from that checkuser
released?" and "Was there clear abuse by the party whos information
was released?".

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: checkuser

Anthony-73
Apparently http://en.wikipedia.org/wiki/Wikipedia:Privacy_policy
doesn't even have the right version of the policy.

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: checkuser

Gregory Maxwell
In reply to this post by Anthony-73
On 8/1/07, Anthony <[hidden email]> wrote:
>  The privacy policy says
> that "When using a pseudonym, your IP address will not be available to
> the public, but it will be stored on the wiki servers for a relatively
> short amount of time. Thus it will be available to developers and may
> be released under certain circumstances (see below)."

No it doesn't. It's an old version (>1year .. approx 2year old text).

Where did you find that?  Sounds like some page needs to be fixed.

The current text is as I quoted.

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: checkuser

Anthony-73
On 8/1/07, Gregory Maxwell <[hidden email]> wrote:

> On 8/1/07, Anthony <[hidden email]> wrote:
> >  The privacy policy says
> > that "When using a pseudonym, your IP address will not be available to
> > the public, but it will be stored on the wiki servers for a relatively
> > short amount of time. Thus it will be available to developers and may
> > be released under certain circumstances (see below)."
>
> No it doesn't. It's an old version (>1year .. approx 2year old text).
>
> Where did you find that?  Sounds like some page needs to be fixed.
>
Yeah, sorry, it was at
http://en.wikipedia.org/wiki/Wikipedia:Privacy_policy, which, well, is
a pretty obvious place to look!  (It did have a nice disclaimer that
"The official version of this policy is at Wikimedia:Privacy policy"
which I managed to ignore.)

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l
Reply | Threaded
Open this post in threaded view
|

Re: checkuser

David Gerard-2
In reply to this post by The Uninvited Co., Inc
On 02/08/07, The Uninvited Co., Inc <[hidden email]> wrote:

> Another issue is that policy is silent on the release of derived data.
> If someone releases the information that someone is "a user from
> Chicago," or at a particular college, they have revealed partial
> information derived from page logs about an individual user.  It's
> unclear whether or when this is permitted.  We should be providing clear
> guidance not only for the commission but for individual checkusers.


I do try to keep to the rule "if in doubt, say nothing" and advise
other checkers to do so.

OTOH, if someone is clearly doing bad things, too bad. Also, if they
are using their IP as a separate personality, that's what they get for
using their IP as a sockpuppet.


> The board of trustees approached me about the ombudsman role initially
> and I would be happy to serve in that capacity if asked to do so again,
> though it is not a role I particularly relish nor one that I would seek
> out.


Job finds you!!


- d.

_______________________________________________
foundation-l mailing list
[hidden email]
http://lists.wikimedia.org/mailman/listinfo/foundation-l