[Foundation-l] (volunteer) job position : Ombudsperson checkuser (or checkuser Ombudsperson or whatever)

Robert Scott Horning robert_horning at netzero.net
Thu Jun 22 00:18:38 UTC 2006 

Daniel Arnold wrote:

>Am Mittwoch, 21. Juni 2006 16:07 schrieb Robert Scott Horning:
>  
>
>>I've heard a lot of fear mongering and what I percieve to be unwarrented
>>fears about abuses to checkuser actions.  Can you give some clear
>>examples of what have been percieved as abuses of those with checkuser
>>privileges, at least types of problems that have happened as a matter or
>>practice?
>>    
>>
>
>I did never take the time investigating the background of any checkuser of 
>others. I just noticed some statistics:
>
>en.wikipedia (and some other smaller projects as well) have overproportional 
>heavy use of CheckUser. de.wikipedia (the second largest one, which has like 
>en.wikipedia many trolls but probably has different approaches keeping them 
>down, which naturally also have their specific positive and negative side 
>effects) has no checkuser trace in the logfiles (a developer can make a 
>Checkuser directly at the servers without Checkuser logfile traces but 
>nonetheless it were only a few in case of de.wikipedia).
>

The point I was trying to make here is that there have been enough 
checkuser scans and enough people with checkuser privileges that there 
must be, just through statistical analysis, some abuse that has taken 
place, or at least something that should have been investigated to see 
if a person with checkuser privileges has gone too far.  Or if that has 
not happened that perhaps the whole worry is way overrated.  Take for 
example somebody with sysop privileges and having deleted about 1000 
pages from a given project.  Don't tell me that 100% of those deletions 
are going to occur without *somebody* complaining that the admin went 
too far, even for the very best admin that is completely on top of 
policies and one of the most trusted Wikimedians.  I was trying to ask 
if there are some specific examples here for checkuser abuse rather than 
some vague "it will happen in the future".  Even investigations that 
later were proven to be legitimate uses of checkuser scans.

>>I know I am speaking from an apparent minority opinion on this mailing
>>list, but I fail to see what real damage is happening from simply
>>looking up the IP address of a user.
>>    
>>
>
>My concerns are as follows: A Checkuser of an IP from let us say China or 
>Saudi Arabia can have *serious* impact if these informations come into the 
>wrong hands although the probability of a worst case scenario is quite low.
>
Who is this information going to be protected from?  The governments of 
those countries,  aka Chinese and Saudi governments?  According to 
Wikimedia Foundation policy, this information can be, indeed must be, 
turned over to authorized government officials of any government that 
makes an official request for this information.  The check user policy 
is not going to be any kind of protection in this situation.  In 
addition, as I've pointed out earlier, both of these governments are 
more than capable technologically to be able to obtain the IP addresses 
of Wikimedia users without even having to ask for it from the 
Foundation.  The Chinese have an entire battalion of their army that 
does nothing but electronic surveilance and warfare.  This is a trivial 
task for people with that kind of training.  They don't call it the 
Great Firewall of China for a trivial reason, as all IP traffic into and 
out of China is monitored.

As for the Saudis, I was offered a job with a Saudi company for 
$150,000/year (turned it down BTW).  They certainly have the financial 
means to get whatever technological talent they need, especially if it 
is perceived as a threat to the royal family in any form, or even 
religious zealots within their government.  If I were a Saudi citizen, I 
would not count on the Wikimedia checkuser policy as offering even a 
shred of protection.  At best a speed bump to slow down the government 
by a few days.  And a nightmare of negative publicity for the WMF if 
board members tried to drag their heels intentionally with an overtly 
political act to stop any government from obtaining this information.

>So if en.wp makes heavy regular use of checkuser why shouldn't zh.wp and ar.wp 
>do the same as well (and logfile data of a palestinian on he.wp is also a 
>potentially serious matter for example)? It is a question of caution and role 
>model function of en.wp.
>
>So I don't suggest to en.wp stop checkuser but use it more seriously. Just 
>block an IP or recently created vandal account unilaterally if you think it's 
>a sock puppet without investigating deeper (hey you're admin you have to *be 
>bold* sometimes) and only perform a checkuser afterwards in case there was a 
>real demand from several third persons.
>
>That way you also avoid creating a large bueraucracy on blocking of small 
>fishes like IPs and short lived accounts and have more time for far more 
>important matters.
>
>Checkuser should mainly be a weapon against sock puppets of people that are 
>involved deeper in the project (let's say several accounts of a single person 
>that abuses them for quite some time in a sophisticated way with a mixture 
>out of valid and POV edits).
>
>Just my 2 cents...
>
>Arnomane
>
I agree that sockpuppets and persistant vandals (a variation of sock 
puppet abuse) would be the main reasons for even using checkuser scans. 
 While I can dream up some scenerios of abuse, what I'm asking is what 
actual abuse has happened based on experience.  Apparently there is none 
at all.

It is too bad that non-Wikipedia projects can't use checkuser scans, 
however.  That is another fight for another thread.

-- 
Robert Scott Horning

More information about the foundation-l mailing list