Wikipedia talk:Quick and dirty Checkuser policy/proposal

>> The community can grant administrators the permission

How does the community grant permission ? Through a vote ? If it is a vote, I'll do a Boothy everytime. Tintin 15:09, 12 October 2005 (UTC)[reply]

Care to explain? --fvw* 15:15, 12 October 2005 (UTC)[reply]

Let me just say I am a little paranoid about my privacy. It's one thing to give access to the very small group of stewards, quite another to admins - even long term ones - whom, except for very few, I have only passing acquaintance with. Tintin 15:27, 12 October 2005 (UTC)[reply]

Admins can already get your IP address if they really want, it just takes a little more setting up. We have access to user javascript which we can use to get your IP, along with a million other ways. The only thing stopping us from doing so is that it's against policy; with this proposal there'd still be that limitation. --fvw* 15:31, 12 October 2005 (UTC)[reply]

If that's true (that admins have access to users IPs, even by roundabout means), it's a security hole which violates the Foundation's privacy policy. — Dan | Talk 15:55, 12 October 2005 (UTC)[reply]

Why? Developers for instance can do lots of things that violate the privacy policy, however as long as we stop them as soon as we find out that they are doing so having them have the ability to do so isn't a violation. Ditto for admins. --fvw* 16:09, 12 October 2005 (UTC)[reply]

I agree with this proposal. I suggested at the feature's inception (see m:CheckUser) and continue to believe that it be granted to a wider range of users than it is now for vandal-patrolling purposes. This attack has been a minor irritation at best, but a better-written bot could cause damage on a much larger scale. — Dan | Talk 15:55, 12 October 2005 (UTC)[reply]

Like Tintin, I'm a bit leary. I edited briefly under my real name before it dawned on me what a poor idea that was, and then for a somewhat longer time under another username, which I abandoned after letting who I used to be slip. I don't mind David Gerard being able to figure out who I am if he had reason to, nor any of the current bureaucrats. But Joe Random User who gets promoted to an admin because he's active on IRC, has been in no big fights yet, and has always used edit summaries in the two months he's been around... no confidence. —Cryptic (who's not at anywhere near his normal computer, so is editing anonymously at the moment) 208.186.48.81 17:08, 12 October 2005 (UTC)[reply]

The proposal is not to give all admins checkuser, but only those approved by the community for it. And as I said, any account currently editing is already at the mercy of any admin who chooses to violate policy. Also, in your specific case you'd be safe as there's a pretty short time limit on the edits checkuser lists, two weeks I think? --fvw* 17:13, 12 October 2005 (UTC)[reply]

I understand that it's not to give it to all admins; I'm specifically leary of it being given out as a popularity contest, which these sort of community voting thingies inevitably turn into. I wasn't aware of a time limit on checkuser, though, which does make me feel a lot better about this. —Cryptic/208.186.48.81 17:17, 12 October 2005 (UTC)[reply]

Actually, it's only a one week window ("This data is only stored for one week, so edits made prior to that will not be shown via CheckUser"). A developer would need to check out edits over a longer period of time. Carbonite | Talk 17:17, 12 October 2005 (UTC)[reply]

I read somewhere it's either a one-week window or a two-week window, only that I don't remember where. However, if there are objections about giving it to regular admins, how about giving it to a few bureaucrats? They're fewer, and they have been scrutinized much more by the community (an RfB in addition to an RfA) Titoxd^(?!?) 17:24, 12 October 2005 (UTC)[reply]

The issue I have with simply giving CheckUser to all bureaucrats is that they were never intended to have this power. Until recently, the only difference between bureaucrats and admins was that bureaucrats could promote users. A few months ago, they gained the ability to change a user's name (I think this is inactive right now). This was a small change and completely uncontroversial.

Personally, I would trust any of the current bureaucrats with access to CheckUser, but I would oppose granting it to the group en masse. We should grant access through an RfA-like request for CheckUser process. Carbonite | Talk 17:39, 12 October 2005 (UTC)[reply]

Don't give it to all of them, then. But that gives us a "candidate pool" from which to pick potential CheckUsers. Titoxd^(?!?) 23:42, 12 October 2005 (UTC)[reply]

not really becuase being able to use Checkuser effectively requires a certian level of technical skill.Geni 11:58, 13 October 2005 (UTC)[reply]

The m:CheckUser description states that "A log is kept of who has made which queries with the tool. This log is available to those with the checkuser permissions."

To enhance transparency and reduce concerns about privacy, could we also have a log available to everyone that contains just the number of CheckUser queries performed by each user? Or perhaps just a timestamp and the user's name? With wider access to this function, there would be more oversight and abuses could be spotted and dealt with quickly. Carbonite | Talk 16:16, 12 October 2005 (UTC)[reply]

I agree that that would be a good idea, but could we not tie that to this proposal please? As I mentioned earlier, I'm trying to get this through as soon as possible. Something that requires new features to be coded wouldn't exactly help. --fvw* 16:19, 12 October 2005 (UTC)[reply]

I completely agree with this proposal and would like to see it go through ASAP. I'm just trying to allievate the concerns of users who may fear that their privacy would be in danger. There's already a log of CheckUser uses, so developing a log that shows less data shouldn't be too difficult or time-consuming. It's just a different view of the same data. Still, a log should not be a prerequisite for granting CheckUser access to more admins. Carbonite | Talk 16:26, 12 October 2005 (UTC)[reply]

Well, since this is an emergency proposal (as the "Quick and dirty" in the name suggests), we're going to have to make an official policy when everything is calmer. So, I'd say start thinking about it, but don't tie it to this lightning proposal. Titoxd^(?!?) 17:27, 12 October 2005 (UTC)[reply]

Sounds reasonable to me. Let's get this rolling and iron out the detail later. Carbonite | Talk 19:43, 12 October 2005 (UTC)[reply]

Right, are there any objections if we open this up to community endorsement/disendorsement tomorrow barring any new objections coming up (I wasn't kidding when I said I wanted to hurry this along)?

If you have any objections to this that can be solved by anything but "I don't want anybody else to get CheckUser", please post them now. --fvw* 19:33, 12 October 2005 (UTC)[reply]

If an admin is voted to become a 'vandal hunter', how long will he be one ? Is this going to be a permanent role like being an admin, or a temporary one like a bureaucrat ? There is no need to decide on this now, but when will we take such decisions (Sorry if such things are 'obvious' to experienced users. This is first time I am being part of a discussion like this) ? Tintin 19:42, 12 October 2005 (UTC)[reply]

Bureaucrat isn't a temporary position. Perhaps you're thinking of the ArbCom? Carbonite | Talk 19:44, 12 October 2005 (UTC)[reply]

Thanks, Arbcom was what I meant. Tintin 19:49, 12 October 2005 (UTC)[reply]

It's a good question, I was thinking indefinite, i.e. until the community or arbcom decides against it. Is there any reason why this should be different to the other privs? --fvw* 19:47, 12 October 2005 (UTC)[reply]

IMHO, indefinite would be fine. Tintin 20:05, 12 October 2005 (UTC)[reply]

I have no objection to granting bureaucrats access to Checkuser, nor would I object to the creation of some sort of specialised position meant explicitly for tracing down vandalism. Wikipedia is growing by leaps and bounds, and unfortunately this also means we need to be able to scale our abilities to perform these sort of anti-vandalism tasks. Hall Monitor 20:56, 12 October 2005 (UTC)[reply]

Why tomorrow? There's still blocks being handed out to the VandalBot as of when I wrote this edit. I suggest doing it now. Titoxd^(?!?) 23:43, 12 October 2005 (UTC)[reply]

I suppor the proposal and have no objection to granting permissions as stated above. As for still blocking vandalbot, I'm still doing it, have been for hours. An IP block would have been great. Going back to blocking. ∞Who?¿? 10:36, 13 October 2005 (UTC)[reply]

I'm not sure if this has been suggested yet, but it might be a good idea to require anyone who is given this access to never openly connect an IP with a registered user (unless it's someone like Willy on Wheels). They might be able to discuss it through email with the user (such as if it is found out that the user had sockpuppets), or in private IRC chat, but not by posting in big letters on the user's talk page: "HEY ARE YOU WINSTON SMITH OF ALBUQUERQUE, NEW MEXICO WITH AN IP OF 127.0.0.1?!?" Anyways, I think I had a point somewhere in there... — BRIAN0918 • 2005-10-12 20:57

Sounds reasonable. Maybe an email with a copy sent to abuse@wikimedia.org or something like that. Titoxd^(?!?) 23:40, 12 October 2005 (UTC)[reply]

I hate to sound patronising here, but I'd like to remind everyone that privacy is a real-world matter, not a Wiki matter. While it's unlikely, an checkuserer could use a user's IP to expose that user to consequences in the real world. (Think oppressive government. Think of an agent of an oppressive government who starts editing WP and gets promoted to checkuser. Of course, there are probably more common situations in which it could be trouble.) We can't trust someone with powers that have consequences in the real world just because they're a good Wikipedian.

Therefore, I oppose giving anyone checkuser permissions unless their real identity is public and proven true and, preferably, they are personally known to the Foundation. The Foundation should probably also have to approve all cases. It would help if checkuser logs were available to all users and there were a limit on how many times anyone could run checkuser per day. ~~ N (t/c) 20:57, 12 October 2005 (UTC)[reply]

So, maybe make it a requirement that anyone who is going to become one has been to a Wikipedia meetup, or that they have to scan their driver's license (blurring the usual numbers) and send it to someone at the Foundation. (or, for even more insanity, require that they take a screenshot of the scanned image while the "You are logged in as User:XYZ" Wikipedia window is in the background. Or require a digital photo of yourself next to the screen with the logged-in-window and driver's license pic opened. :) ) — BRIAN0918 • 2005-10-12 21:08

LOL... when you put it that way, actually my idea doesn't sound so useful. I still think the Foundation should at least have to approve all checkuserers. ~~ N (t/c) 22:28, 12 October 2005 (UTC)[reply]

I already mentioned this above, but any admin can already do this by changing user javascript or one of the many raw HTML variables. The only ability this adds is is to look slightly into the past, and the only real change is that it entitles the user to retrieve that IP information. --fvw* 21:13, 12 October 2005 (UTC)[reply]

Then that should be changed posthaste. ~~ N (t/c) 22:28, 12 October 2005 (UTC)[reply]

can't be. However loseing your adminship and being banned from wikipedia for the rest of eternity by a bunch of pissed off admins can often offend.Geni 11:55, 13 October 2005 (UTC)[reply]

I don't see how it is wikipedia's job to protect those who are breaking the law by accessing the wiki (oppressive government as you put it.) However, those with this power should have logs of their use of it publically avalible, and getting the access removed should be much easiesr than it is for say, adminship. -Greg Asche (talk) 00:12, 13 October 2005 (UTC)[reply]

Agreed. However, that should be written at CheckUser policy when the emergency passes, not here. But does anyone want to make that a blue-link? Titoxd^(?!?) 00:22, 13 October 2005 (UTC)[reply]

The page is created, so we can discuss any policy whenever we're not busy with the vandal. Titoxd^(?!?) 00:29, 13 October 2005 (UTC)[reply]

Good, we need to push this through and get the ball rolling on actually stopping some vandalism here... -Greg Asche (talk) 00:48, 13 October 2005 (UTC)[reply]

Ok, I don't think there have been any new objections, so let's go for it shall we? How does 5 days, at least 40 participants and at least 80% support needed sound? It might take a little campaigning to get that many people to chime in, but I think that 5 days is the least we can get away with. --fvw* 12:06, 13 October 2005 (UTC)[reply]

• For a normal standard, I think 5 by 80 is good. No objection to that. I still think they should grant emergency status if they are going to be unable to assist atm. ∞Who?¿? 12:25, 13 October 2005 (UTC)[reply]
  • We may want to make it seven days to match with WP:RFA. And list it at the bottom of that page to have it get sufficient attention. Other than that, fine. We need more checkusers, preferably yesterday. I would also be ok with giving CheckUser rights to all Bureaucrats or all ArbCommers, but the ArbCom is already overloaded as it is so a simple vote would be easiest. Radiant_>|< 13:04, 13 October 2005 (UTC)[reply]