To be honest the biggest problem is that releasing this information can
hurt quite a lot. It can give away the techniques the checkuser (or
checkusers, more then one working together is very common to make sure
they're right) used to draw the connections. This is especially true for
technical information where it can easily give away 'tell-tale' signs used
as part of the determination.
Almost every time I've ever seen the information demanded it was quite
clear (usually even with out any type of technical information) that the
user was guilty as charged and now they just wanted one of those two
things: A target (the CU) or the information (to find out where they went
wrong).
Yes, if a horrible checkuser was checking you you wouldn't know instantly
but that's why we have so many checks and balances. Giving all of this
information to everyone, especially automatically, would make it almost
infinitely harder for checkusers to do their job.
James
On Wed, Jun 13, 2012 at 6:30 PM, John <phoenixoverride(a)gmail.com> wrote:
Risker comment was basically "lets not set a
global accountability and
ability to get CU related logs of our self on a global level, instead take
it to each project and fight it out there" to me that reeks of obfuscation.
Realistically this should be a global policy, just like our privacy policy
is. Why shouldnt users know when they have been checkusered and why?
On Wed, Jun 13, 2012 at 9:24 PM, Philippe Beaudette, Wikimedia Foundation <
pbeaudette(a)wikimedia.org> wrote:
I dunno, John, you almost had me convinced until
that email. I saw in
that
mail a reasonable comment from Risker based on
long time precedent.
As you may know, there are a number of checks and balances in place.
First, the CUs watch each other. With a broad group, you can be assured
they don't all always agree and there is healthy debate and dialogue.
Second, enwp has an audit subcommittee that routinely audits the logs
with
a fine toothed comb. They are NOT all previous
checkusers, to avoid the
sort of groupthink that appears to concern you. Then, the WMF has an
ombudsman commission, which also may audit with commission from the
Board.
Those people take their role very seriously. And
last, anyone with
genuine
privacy concerns can contact the WMF: me,
Maggie, anyone in the legal or
community advocacy department.
Is it an iron clad assurance of no misbehavior? Probably not, and we
will
continue to get better at it: but I will say that
in 3 years of being
pretty closely involved with that team, I'm impressed with how much they
err on the side of protection of privacy. I have a window into their
world,
and they have my respect.
Best, PB
-----------------------
Philippe Beaudette
Director, Community Advocacy
Wikimedia Foundation, Inc
Sent from my Verizon Wireless BlackBerry
-----Original Message-----
From: John <phoenixoverride(a)gmail.com>
Sender: wikimedia-l-bounces(a)lists.wikimedia.org
Date: Wed, 13 Jun 2012 21:17:09
To: Wikimedia Mailing List<wikimedia-l(a)lists.wikimedia.org>
Reply-To: Wikimedia Mailing List <wikimedia-l(a)lists.wikimedia.org>
Subject: Re: [Wikimedia-l] CheckUser openness
Yet another attempt from a checkuser to make monitoring their actions and
ensuring our privacy more difficult.
On Wed, Jun 13, 2012 at 9:10 PM, Risker <risker.wp(a)gmail.com> wrote:
> Each project has its own standards and thresholds for when checkusers
may
> be done, provided that they are within the
limits of the privacy
policy.
> These standards vary widely. So, the
correct place to discuss this is
on
> each project.
>
> Risker
>
> On 13 June 2012 21:02, Thomas Dalton <thomas.dalton(a)gmail.com> wrote:
>
> > Why shouldn't spambots and vandals be notified? Just have the
software
> > automatically email anyone that is
CUed. Then the threshold is simply
> > whether you have an email address attached to your account or not.
> >
> > This seems like a good idea. People have a right to know what is
being
> done
> > with their data.
> > On Jun 14, 2012 12:35 AM, "Risker" <risker.wp(a)gmail.com>
wrote:
> >
> > > On 13 June 2012 19:18, John <phoenixoverride(a)gmail.com> wrote:
> > >
> > > > This is something that has been bugging me for a while. When a
user
> has
> > > > been checkusered they should at least be notified of who
preformed
it
> > and
> > > > why it was preformed. I know this is not viable for every single
CU
> >
action
> > > as many are for anons. But for those users who have been around
for
a
> > > > period, (say autoconfirmed) they should be notified when they are
> CU'ed
> > > and
> > > > any user should be able to request the CU logs pertaining to
> themselves
> > > > (who CU'ed them, when, and why) at will. I have seen CU's
refuse
to
> >
provide
> > > information to the accused.
> > >
> > > See the Rich Farmbrough ArbCom case where I suspect obvious
fishing,
> > where
> > > the CU'ed user was requesting information and the CU claimed it
would
> be
> > a
> > > violation of the privacy policy to release the
time/reason/performer
of
> > the
> > > checkuser.
> > >
> > > This screams of obfuscation and the hiding of information. I know
the
> >
ombudsman committee exists as a check and balance, however before
> something
> > can be passed to them evidence of inappropriate action is needed.
Ergo
> > > Catch-22
> > >
> > > I know checkusers keep a private wiki
> > >
https://checkuser.wikimedia.org/wiki/Main_Page and I know
according
to
> > our
> > > privacy policy we are supposed to purge our information regularly
(on
> > > wiki
> > > > CU logs exist for 90 days) however who oversees the regular
removal
> of
> > > > private information on the wiki?
> > > >
> > > > My proposal would be for all users who are at least auto
confirmed
to
> > be
> > > > notified and be able to request all CU logs regarding themselves
at
any
> > > point, and any mentions of themselves on the CU wiki should be
> > retrievable.
> > >
> > >
> > >
> > Perhaps some full disclosure should be made here John. You are a
> checkuser
> > yourself, have access to the checkuser-L mailing list and the
checkuser
> > wiki, helped to set up the Audit
Subcommittee on the English
Wikipedia
> > > (which carries out reviews of checkuser/oversighter actions on
> request);
> > > you are also a member of the English Wikipedia functionaries
mailing
list
> > because you are a former arbitrator, a checkuser and an oversighter
on
> > enwp. (so have access there to express
your concerns or suggest
changes
> > in
> > > standards), It seems you are complaining about a specific case,
and
> >
instead of talking things out about this specific case, you've
decided
> to
> > > propose an entirely different checkusering standard. I'll point
out
in
> > passing that half of the spambots blocked in recent weeks by
checkusers
> > > were autoconfirmed on one or more projects, and even obvious
vandals
> can
> > > hit the autoconfirmed threshold easily on most projects.
> > >
> > > Full disclosure on my part: I am also an Enwp checkuser and a
member
of
> the
> > Arbitration Committee.
> >
> > Risker
> > _______________________________________________
> > Wikimedia-l mailing list
> > Wikimedia-l(a)lists.wikimedia.org
> > Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> > >
> > _______________________________________________
> > Wikimedia-l mailing list
> > Wikimedia-l(a)lists.wikimedia.org
> > Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
_______________________________________________
Wikimedia-l mailing list
Wikimedia-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
_______________________________________________
Wikimedia-l mailing list
Wikimedia-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
_______________________________________________
Wikimedia-l mailing list
Wikimedia-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
_______________________________________________
Wikimedia-l mailing list
Wikimedia-l(a)lists.wikimedia.org
Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l