I am applying for the CheckUser permission, and have been an administrator since January 2017. In the course of my patrolling and gnoming efforts, I often interact with checkusers to verify sockpuppets I've identified. I'd like to help take some of the burden off those individuals.
Standard questions for all candidates (Ferret)
Please describe any relevant on-Wiki experience you have for this role.
Within my work as an admin and general editing / patrolling, I regularly encounter sockpuppetry and work with a couple of different checkusers as needed. I am not an SPI clerk, but have responded to and worked with SPI cases in the past and handled tagging, and performed behavioral analysis many times.
Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
My professional background is in Information Security, specifically Identity and Access Management. I am responsible for the technical implementation of computer policies and assisting with reporting and auditing compliance. My role frequently places me in interaction with Human Resources and Audit departments, and I regularly handle confidential information and personal data/PII.
Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
I do not hold any advanced permissions or OTRS permissions at this time.
Questions for this candidate (Ferret)
Editors may ask a maximum of two questions per candidate.
As I write this, there are approximately 120 VRT "tickets" in the paid editing queue. Can you tell us a little bit about your experience in addressing undisclosed paid editing, and are you intending on working to address the backlog in this queue? Risker (talk) 02:43, 27 September 2021 (UTC)[reply]
I do not have access to VRT so I do not know the exact format or nature of these tickets. I do sometimes come across undisclosed conflict of interest editors, some of whom have socked. Typically editing personal projects or their own companies. I have not spent much time on general non-specific UPE though, people who are simply editing for pay, and I do not at this time have any strong plan to get involved in the area. Once my feet are wet though, I may look into it. I'm always open for any user to approach me with an issue or case that I may be able to assist with though. -- ferret (talk) 12:52, 27 September 2021 (UTC)[reply]
Joe, I think some basic discussion around an SPI/socking case is allowable, as long as any information being revealed or results being reported would typically be public or would be openly posted at SPI or user talk. Common public results such as confirmed, possible, same continent, using proxies, etc. Any actual checkuser information or data would be inappropriate to discuss, just as it would be on wiki, and I would consider that to extend to private messaging outside of the known Wikimedia servers as well. If I need to confer with CUs about specific data, even if there are other CUs on Discord, we have venues for that (My understanding, both a mailing list and a private CU wiki). -- ferret (talk) 12:40, 27 September 2021 (UTC)[reply]
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-cwikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.
This isn't a name that regularly pops up at SPI as far as I can tell, so this gives the impression of wanting the tools more for drive-by purposes (i.e. spot a possible sock while doing regular anti-vandalism patrol). While I don't think that's a serious concern, I'm a bit wary of such "drive-by" (AKA discretionary) use of CU, as outside of SPI there is no where that CU investigations are publicly documented. I've never been a fan of the idea that functionaries are essentially only accountable to ARBCOM, and therefore only indirectly accountable to the community through ARBCOM, whereas regular admins are directly accountable to the community. I realize that it has to be this way due to privacy concerns, but in my opinion the least we can do is not hand out the tools to people who would primarily be using them in ways which leave no public trace of said use. I understand that said tasks have to be done by someone, but I'd prefer to leave those no-public-trace tasks to the Arbitrators themselves under most circumstances. In other words, I'm neutral here (purposely putting this at the end since the instructions caution against treating this like RFA). 199.8.32.6 (talk) 21:42, 27 September 2021 (UTC)[reply]
RoySmith
Nomination statement
I am applying only for CU. I have been an admin since 2005, active at SPI since August 2017, appointed as a clerk trainee in May 2020, and full clerk in December 2020. I applied for CU in 2019, which was declined. Feedback at the time indicated that I needed more experience at SPI. I made extensive statements about my background and experience in 2019; rather than repeat all that, I'll just refer people to WP:CUOS2019. One of my side projects over the past couple of years has been a suite of tools for helping to analyze SPI reports. It's available at https://spi-tools.toolforge.org/spi/.
Standard questions for all candidates (RoySmith)
Please describe any relevant on-Wiki experience you have for this role.
In addition to my admin duties, I have been active at SPI for over two years. First as a patrolling admin, later as a clerk. Prior to my involvement at SPI, I was working at AfC, where socking is rampant. It was this experience which led to my interest in the more formal aspects of sock hunting.
Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
From a technical standpoint, I have spent most of my professional career in network management, both hands-on and writing network management software. Regarding data security, my roles at Songza and Google gave me access to customer log data, which needed to be kept secure and confidential. Procedures included providing justification for access, reducing the scope of access to the minimum required for the task, and exercising diligence to protect access to confidential data under my control.
Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have VRT permissions? If so, to which queues?
None of the above.
Questions for this candidate (RoySmith)
Editors may ask a maximum of two questions per candidate.
As I write this, there are approximately 120 VRT "tickets" in the paid editing queue. Can you tell us a little bit about your experience in addressing undisclosed paid editing, and are you intending on working to address the backlog in this queue? Risker (talk) 02:43, 27 September 2021 (UTC)[reply]
Working SPI, I see a lot of what is clearly UPE. I am philosophically opposed to most forms of paid editing, but accept that as long as the proper disclosures are made, WMF policy allows it. Using behavioral evaluation alone, it is often difficult to distinguish between several accounts being socks vs being different UPE actors working from the same job description. CU can be a useful tool in those cases.
I would determine if they have a demonstrated need and can be trusted. I would examine their editing history, block log, edit filter log, user talk page, see if they've been dragged through WP:ANI, etc. I would also look at central auth to see if they've been blocked on other projects. Do a search of all subpages of WP:SPI for the user name. And of course, I would check the block log and CU logs for the IP(s) in question to see if there's any special instructions (i.e. "Do not grant any IPBE on this range"). If the block was placed by a another CU, I would consult with them before granting anything. A user working under the supervision of an established project such as WikiEd or an event coordinator would receive special consideration, as would somebody located in a country (i.e. China) where unfettered internet access is difficult. Finally, if I granted an exemption, I would log it at WT:IPBELOG. -- RoySmith(talk)15:03, 29 September 2021 (UTC)[reply]
Comments (RoySmith)
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-cwikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.
From my reading, the concerns raised in 2019 were not only related to needing more SPI experience, but were also related to an apparent general administrative (and editing) principle that every single new user that shows up at an AFD or other project discussion is automatically suspicious. That is simply not true - for AFD in particular, as long as we have a giant red notice at the top of the article in question with a bold link to the discussion page, we need to expect that casual drive-by readers who stumble upon the article one way or another might comment, even if they have little or no editorial experience/background. Sure, such comments may not hold as much weight as comments from experienced editors, but they are still equally valid and are not automatically "suspicious" in any way. The belief that any new account that finds internal project discussions quickly is automatically even considered a possible sock is not a good one, as it creates a short slippery slope to problematic and abusive "fishing". I'd be uncomfortable granting CU to someone who has knowingly held these beliefs in the past without a definitive statement saying that they no longer hold these views and don't plan to ever hold them again. 199.8.32.6 (talk) 21:50, 27 September 2021 (UTC)[reply]
GeneralNotability
Nomination statement
Hello! I'm GeneralNotability, and I'm applying for the checkuser and oversight permissions. For checkuser, I have been an SPI clerk since I became an administrator and have a good deal of experience dealing with sockpuppet investigations. I have a good understanding of both the abilities and limitations of the tool. I've also been active in tackling abuse from open proxies, including peer-to-peer proxies. I expect that I would mainly use the checkuser tool at SPI, but I also intend to work on CU-related backlogs, particularly the paid-en queue and requests for IPBE. I also intend to continue training SPI clerks. I would also be interested in developing scripts to streamline the checkuser process. As for oversight, I am active in the revdel request channel on IRC and would be willing and able to help tackle the suppression requests that come through the channel, especially since some revdel requests end up needing suppression. I expect I would also make use of it at SPI from time to time - there have been occasional cases where I had to ask an oversighter for help since some of the material common to two accounts was suppressed.
Standard questions for all candidates (GeneralNotability)
Please describe any relevant on-Wiki experience you have for this role.
I've been a fairly active SPI clerk since shortly after I became an administrator. In that time, I've gained a fairly good understanding of what CheckUser is and is not useful - as the saying goes, it's certainly not magic pixie dust, and I have both declined to block CU-confirmed accounts and have blocked accounts as sockpuppets even though CU found them unrelated. I'm also the current maintainer of spihelper, a tool used by a lot of SPI regulars, so I've got a pretty good handle on the day-to-day tasks at SPI. At a more technical level, I'm active at the WikiProject on Open Proxies and have learned a lot about identifying proxies. In particular, I was heavily involved behind the scenes with the recent work to proactively block residential proxies. As part of my WPOP work, I wrote a tool called bullseye to help identify possible proxies (and the tool has been quite helpful at SPI, too). Finally, I have one SPI clerk trainee and am backup trainer for two others, and I plan to continue training clerks if selected as a checkuser.
Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
I'm a general-purpose software engineer, and over the years I've had the opportunity to do work in the networking and computer security areas, both fairly relevant to the CheckUser tool. I have also worked in jobs dealing with sensitive data, such as data protected by NDA or data with legal/regulatory handling requirements.
Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have VRT permissions? If so, to which queues?
I do not hold advanced permissions on any other projects. I have access to the info-en VRT queue.
Questions for this candidate (GeneralNotability)
Editors may ask a maximum of two questions per candidate.
As I write this, there are approximately 120 VRT "tickets" in the paid editing queue. Can you tell us a little bit about your experience in addressing undisclosed paid editing, and are you intending on working to address the backlog in this queue? Risker (talk) 02:42, 27 September 2021 (UTC)[reply]
Risker, I think I've got a fair amount of experience at identifying and dealing with UPE (including dealing with a couple of our more prolific suspected UPE farms). As for the queue, I will quote directly from what I said in the ArbCom questionnaire: I would absolutely be interested in working the paid queue - it has a reputation for never getting responses but is the "official" way to report UPE using off-wiki evidence.. The current state of affairs is that experienced editors emailing paid-en will often CC a friendly admin on their report to actually take whatever action is needed. That is not a good situation for the official way to report private evidence of paid editing, especially for those folks who don't know a friendly admin. I want to do my part to fix the problem. GeneralNotability
Joe Roe, my understanding is that the Discord terms of service and privacy policies are not compatible with our own privacy policies, so it would not be appropriate to discuss privacy-sensitive information there (for example, specific IPs from a CU investigation). I believe it would be appropriate to discuss anything that I would say publicly on-wiki (so again for a CU investigation, "so-and-so accounts are confirmed to each other from a technical perspective"), and I don't see anything wrong with informal requests not involving sensitive data ("hey, could you take a look at these three accounts"). For the same reason, people shouldn't request suppression on Discord. I am also active on IRC, and my understanding is that it is acceptable to discuss private information on IRC, either in private messages or in designated checkuser/oversight channels. The caveat to all of this, of course, is that the global and enwiki privacy policies apply; I wouldn't go sharing private data anywhere with someone who didn't have the requisite permissions. GeneralNotability (talk) 12:57, 27 September 2021 (UTC)[reply]
First, for editors who are intentionally using a proxy - I don't really know what the norms are for granting those (though I'm guessing the main use case is getting around blocks on Wikipedia in one's own country), so my answer would really have to be "ask a more experienced CU what they think". I would generally be inclined to grant it to people getting around a country-level block, I'm just not sure what the normal thresholds are for users who show they can contribute to the encyclopedia, and existing users with a history of valid non-disruptive contribution.
The second part is editors who are caught by collateral damage from a proxy block (previously this wasn't a huge concern, since most proxies/VPNs were on colocation ranges, but with the increasing prevalence of residential proxies this is going to be more of an issue). In those cases, we have to decide whether the user is actually using the proxy or just happens to share an IP with a proxy. I would evaluate data such as the country of origin and ISP (to determine how likely it is that they're, for example, behind carrier-grade NAT) and whether the editor's CU data indicates that they are actually making use of the proxy (I can make some educated guesses about what proxy use would look like). If the data suggested they were not using the proxy and the user seemed to be in reasonably good standing (no history of socking, for example), I would grant the request. GeneralNotability (talk) 13:38, 29 September 2021 (UTC)[reply]
Comments (GeneralNotability)
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-cwikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.
As GN has observed from the other side, the paid-en VRT queue has been hopelessly backlogged for a long time. When I find the time to process tickets there, I often find actionable reports of UPE and/or sockpuppetry (though others unfortunately can't be investigated because too much time has passed), so it would be productive if we had more CUs interested in helping with it. GN is already one of the most active and effective admins working in COI/PAID enforcement, so it's great to hear that he would pitch in if appointed. – Joe (talk) 08:59, 27 September 2021 (UTC)[reply]
In the time I've spent editing Wikipedia, I've formed the opinion that while admins perform multiple tasks which are vital to the smooth running of the project, the one which is most important to deal with urgently is the protection of our contributors, and of the subjects of our articles about living people, from harm. I've come across numerous cases of harassment, doxxing and threats of violence, and want to do whatever I can to help deal with such situations. I've done what I can with the normal admin toolset, and I became involved in SPI clerking last December in hopes of becoming more effective in this area. I believe that access to the CU and OS privileges would allow me to be more effective in this area, so if the functionaries team believe that I would be able to use them competently and not to abuse them, I would like to be given the opportunity to serve in these roles.
Abuse of multiple accounts causes disruption beyond harassment and doxxing of course - now that I'm familiar with the SPI process, I think I could also use CU to help process all types of cases and keep the backlogs down.
Standard questions for all candidates (Girth Summit)
Please describe any relevant on-Wiki experience you have for this role.
I've been contributing as an SPI clerk (trainee) since December 2020, and believe that I have gotten to grips with how the process works, and with analysing the behaviour of different accounts to determine whether socking is likely, and whether a CU check would be appropriate and policy-compliant.
Arbcom’s announcement indicated that they are particularly interested in appointing people who are willing to work in mentoring other editors in SPI; I have a fair amount of experience in mentoring other editors through the CVUA program, which would be relevant experience in this area. I also have a fair amount of experience in pushing back against UPE through my work in NPP, and I would be interested in contributing more in that area with the CU toolset.
Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
In real life I am a teacher – amongst other things, I teach children and teenagers about the importance of keeping their personal information private on-line, about the dangers of cyberbullying and abuse, and generally about what we call 'internet safety'. I wouldn't really consider that 'technical expertise' for this kind of role, but I know from personal experience how harmful online harassment can be for people, and I consider that to be a powerful impetus for me to use these tools responsibly and effectively.
Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have VRT permissions? If so, to which queues?
No, EnWiki is the only project on which I hold advanced permissions.
I was granted permission to the info-en queue on OTRS in 2019, but I confess that I did very little with it – I found the interface confusing, and was concerned about messing things up in a public-facing role. Another editor kindly offered to talk me through it on a call, but we didn’t manage to pin down a mutually convenient time, and I wandered off into other areas of the project. I would be willing to pick this up again.
Questions for this candidate (Girth Summit)
Editors may ask a maximum of two questions per candidate.
As I write this, there are approximately 120 VRT "tickets" in the paid editing queue. Can you tell us a little bit about your experience in addressing undisclosed paid editing, and are you intending on working to address the backlog in this queue? Risker (talk) 02:42, 27 September 2021 (UTC)[reply]
I often come across paid editors through work at NPP, and in SPI cases. If someone would be willing to hold my hand and get me up to speed with the processes at VRT, I would be willing to help out in this area. GirthSummit (blether)06:02, 27 September 2021 (UTC)[reply]
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-cwikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.
While I don't see or know of any concerns/red flags that blatantly stick out, I would prefer to see the user become a full SPI clerk (they indicate in their statement that they are only a trainee) and work as a full clerk for a few months before I'd unconditionally support granting CU. 199.8.32.6 (talk) 21:57, 27 September 2021 (UTC)[reply]
I'd be the first to admit that I still have things to learn; however, while the duties of clerks and CUs overlap, they aren't identical. I've never had to perform a complex manual histmerge on two concurrent SPI cases, so I still need to learn how to do that and demonstrate competence since it's something a full clerk needs to be able to fly solo on. I don't think that lacking certain specific experience essential to clerking unusually complicated cases would prevent me from using the CU tools effectively to handle more typical cases. GirthSummit (blether)22:23, 27 September 2021 (UTC)[reply]
I wasn't planning to comment on other candidates, but since this came up and Girth Summit is my trainee - I agree with everything he's said above. At this point he operates basically autonomously, asking for help as needed, but I trust him to make good decisions on his own. He is a trainee, but I believe he's learned all the skills he would need to operate effectively as a CU. GeneralNotability (talk) 12:29, 28 September 2021 (UTC)[reply]
Dreamy Jazz
Nomination statement
I am applying for the CheckUser permissions. My RfA was in December 2019 and I’ve been a SPI clerk since May 2020. Furthermore I’m a VRT agent, ArbCom clerk and have been previously active in accounts for creation. SPI has a backlog of cases, which as I write this statement is mostly comprised of checkuser requests, which I could help address if I am appointed. I’m also willing to help in ACC and UTRS. You can reach me over IRC for off-wiki communication and if I am appointed, I will respond to request for checkuser over IRC. I am familiar with the relevant policies from my time as a SPI clerk and already signed the relevant agreements. As a SPI clerk, I’m very familiar with IP addresses, ranges and identifying sockpuppets from their edits. If you have any questions for me, please feel free to ask them below.
Standard questions for all candidates (Dreamy Jazz)
Please describe any relevant on-Wiki experience you have for this role.
As mentioned in my nomination statement I have been a SPI clerk since May 2020, and I’ve been a full once since February 2021. Through my work as a SPI clerk, I’ve been working alongside CUs and so I think I am familiar with what a CU needs to do before they can run a check and how they can report results. As a SPI clerk I also have been dealing with reported IP addresses and making range blocks. I feel that I also meet several of the "particular need" points mentioned by ArbCom for this year’s appointments including currently using IRC and VRT, and analysing behavioural evidence at SPI.
I was also an ACC team member a while back where I dealt with private information such as IP addresses of those requesting an account. I no longer have access to the tool due to inactivity. As such I am already familiar with how to handle private information such as IP addresses.
As a side note, I've attempted to keep the answers to these standard questions shorter. However, if you would like more information from me about matters relating to questions 1 and 3 please ask a question below.
Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
I study Computer Science at university. From my degree, and from my general understanding of computer science, I’ve have a good understanding of tech in general. I’ve also had a CS internship in the public sector which gave me access to information which needed credentials to access and was not always publicly accessible through other sources.
Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have VRT permissions? If so, to which queues?
I do not hold and have never held any of these advanced permissions.
I am a member of the info-en and info VRT queues.
Questions for this candidate (Dreamy Jazz)
Editors may ask a maximum of two questions per candidate.
As I write this, there are approximately 120 VRT "tickets" in the paid editing queue. Can you tell us a little bit about your experience in addressing undisclosed paid editing, and are you intending on working to address the backlog in this queue? Risker (talk) 02:42, 27 September 2021 (UTC)[reply]
I've never dealt with a off-wiki report of paid editing. However, I have used edits and other actions made onwiki by accounts (including their username) to determine if I think a user could be making edits for undisclosed payments. I've also dealt with users reporting a sockpuppet with onwiki evidence of undisclosed paid editing. To respond to these concerns / reports, I've left uw-paid warnings and blocked users for suspicion of undisclosed paid editing when I've also blocked them for WP:UPOL violations or sockpuppetry (so that these concerns should be addressed in any unblock request). If you would like specific examples, then I can detail some in a follow up answer, but alternatively you can view these by searching for the phrase "paid" in the log of blocks I have made.
Although my experience of off-wiki reports is very limited (which is what this queue deals with) I am willing to help to reduce this backlog but would want to be helped by an functionary who is experienced in dealing with tickets in the paid editing queue while I learn how to deal with the reports. Dreamy Jazztalk to me | my contributions10:45, 27 September 2021 (UTC) (modified for clarification 15:19, 27 September 2021 (UTC))[reply]
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-cwikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.
I'm slightly concerned that this user is rushing into things a little too quickly. The short amount of time between their RFA, them becoming an SPI trainee, and then even becoming an ARBCOM clerk (!) is a little too short in my humble opinion to support a request for yet another advanced permission now. I would probably support in a year or two as long as no serious concerns arise between now and then. 199.8.32.6 (talk) 22:00, 27 September 2021 (UTC)[reply]
Thanks for your input. I do agree that my candidacy can be seen as me rushing into things. My intention to go for CU now, instead of in a few years time, was because of the backlog of CU requests at SPI which I think I can help to address. As such my intention was not to rush into this and is to put myself forward to help. However, I do respect your opinion and understand that compared to all apart from one here I am the newest admin.
wikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.