[Foundation-l] Stewards are ignoring requests for CheckUser information?

Robert Scott Horning robert_horning at netzero.net
Sun Apr 16 14:13:25 UTC 2006 

Essjay wrote:

>I don't know that the issue that concerns me is the same that concerns 
>the Foundation, but I know what scares the hell out of me about 
>Checkuser is this:
>
>We have users from all over the world. Not all of them live in countries 
>where their safety is guaranteed; there are, most assuredly, editors 
>from regimes where if their personal information was discovered, they 
>could be imprisoned and perhaps even killed. That terrifies me, because 
>I don't want anybody dying over Wikipedia, nor do I want them to end up 
>in prison. If checkuser falls into the wrong hands (I'm no conspiracy 
>theorist, but I don't think it's too hard to imagine foreign governments 
>wanting to hunt down our contributors; after all, at least two have 
>blocked us flat out already), the result could literally be a matter of 
>life and death. *Life and death.*
>
>Some people have advocated granting checkuser liberally, and I disagree 
>strongly with that; I'm not even particularly comfortable with the idea 
>of it being election-based at all, although I trust the Board, and I 
>don't believe they would have allowed for local elections if they 
>weren't convinced it was safe. I do think, however, that it should be 
>kept to as few users as possible, whether that means having guest 
>checkusers as Kelly & I have advocated, or whether it means some  other 
>system. I for one am certainly willing to perform checks for other 
>projects (indeed, I offered to do so for Wikisource), and I am sure that 
>some of the others would as well (Kelly has already stated her 
>willingness to do so).
>
>As I said, I can't say that the dire scenario I laid out above is what 
>the Board has in the back of their minds when thinking about checkuser, 
>but I certainly know it is what is in mine. I really don't want to turn 
>on CNN some morning and see "[Insert country here] dissident 
>assassinated after link to Wikipedia discovered."
>
>Essjay
>
>  
>
You mean to tell me that if you are using the internet in China (or 
Saudi Arabia, Iran, Syria, or North Korea), that the government of those 
countries has no clue about not only what IP address you are using, but 
also what websites you are accessing?  I am telling you that regardless 
of where you are from, the government is going to know not only the 
activities that you do within that country, but most major governments 
will be capable of monitoring their citizens that are living outside of 
their countries as well.  It isn't that difficult of a task, and nothing 
that the Wikimedia Foundation could do, including deliberate deleting of 
all logs is going to change that.  The checkuser information in 
particular is not going to stop any government (or even corporate 
monitoring... as in your immediate supervisor could do this as well) 
from being able to find out what your on-line activites have been.

I fail to see how checkuser information falling into the wrong hands is 
going to cause a problem in this situation.  Really.  If a government 
entity wants to find out that User:Chinese_Protestor who has posted over 
2000 edits in zh.wikipedia is actually using a certain internet cafe in 
downtown Beijing, they don't need to have access to the checkuser 
facilities to find that information out, nor to even identify exactly 
who that user is.  I don't even need to do that if I really cared to 
find out who that person is.  On top of that, how can you be absolutely 
sure that some user that is a "trusted user" by whatever standard you 
are discussing isn't already a steward, but also a government agent who 
is using the checkuser access to monitor dissidents?  And won't be in 
the future?

Furthermore, as I was pointing out, the information actually given out 
by checkuser status is practically nothing anyway.  It is not giving out 
"personally identifying information", just an IP address.  And not an IP 
address for what they were looking at, but only what they were doing 
when they did their last edit.  Yes, in theory you could contact the 
ISP, and if their own logs for IP addresses had personally identifying 
information, it could be a chain of evidence to link to a particular 
individual, but even in this situation for most countries it would 
require going into the legal process to get that information.  For 
governments this is a no-brainer and they would get it even if you tried 
to block it.  Besides, official Wikimedia policy grants access to this 
information to governments, so you aren't protected anyway.

Show me exactly how having specifically this tool is going to endanger 
anybody's life where they wouldn't already be in danger before?

And mind you, I'm not advocating that this tool be available to any user 
under any circumstances.  I'm just pointing out that by any reasonable 
definition of whom you call a trusted user for access to checkuser 
privileges you are also likely to grant them bureaucratship as well, and 
possibly adminship only.  The only reason why somebody would have 
checkuser privileges on a local project and not also bureaucratship is 
because they don't want to deal with the hassles of being an 
administrator and have repeatedly turned down the nomination when 
offered to them.  I fail to see under what higher standard you are 
possibly using to justify why somebody should be a checkuser and not be 
given full bureaucrat privileges, or the other way around.  If they 
can't be trusted with checkuser privileges, why are they given 
bureaucrat privileges?  I'm also pointing out that the issue is scalable 
as well, and that it is highly unlikely that the chinese protestor given 
in the above example is going to be editing on the Maori language 
Wikibooks.  On these smaller projects, the potential to do damage is 
going to be considerably less as well even from this more limited 
perspective.

BTW, If you are willing to perform a checkuser scan, can you help me out 
with, and block the IP address of [[b:User:Bruude]]?  There is a 
particularly vicious vandal going through Wikibooks right now, and it 
would be appreciated if we could get some help trying to track him down 
and stopping this user.  This is one of the kinds of requests that 
having somebody local with checkuser privileges would be incredibly 
helpful over, but the apparent policy is such that we can't have the 
apparent benefits of trying to stop idiots like this particular user who 
is now deliberately attacking administrators directly, since we've 
thwarted all of his previous attempts to vandalize the project.  By not 
giving us access to these reasonable and legitimate uses of this tool, 
it is making our job at helping out the projects all that much harder. 
 The whole point to this thread is that this sort of assistance from 
users like yourself is not forthcomming and we need to take these 
matters into our own hands if we want this level of assistance.

-- 
Robert Scott Horning

More information about the foundation-l mailing list