Has any CheckUser ever been reprimanded for misusing it?

[MysteriousStranger]

We know WP has relevant policy related to CheckUser and how it is to be used, but most of us who have socked have been caught by "fishing" CUs at least a few times. Given that that's in direct violation of the rules, one would think there would be record of someone losing the tool or at least being reprimanded for abuse, misuse, unnecessary or inappropriate use, etc. Has it ever happened? If it isn't publicly viewable I can understand because sensitive info might be involved. But I'm curious if any sort of action against a CU on those grounds has ever happened at all...because if not, then all those rules don't mean diddly, and they know it.

In general, it bothers me when someone in authority doesn't have to answer to the community. One reason Wikipedia as a whole bothers me so.

[Vigilant]

Risker and the !! debacle?

[Dysklyver]

Alex Shih was booted from Arbcom, lost his OS/CU tools and later essentially desysoped for fishing.

[Instant Noodle]

Jayjg lost his checkuser bit but I don't remember why, specifically.

[Black Kite]

Jayjg lost his checkuser bit but I don't remember why, specifically.

https://en.wikipedia.org/wiki/Wikipedia ... privileges

[rhindle]

Is CU logged every time it is used, even if only admins or higher muckity mucks can see it? Probably should make it publicly logged every time it's used. Not for whom is specifically being CU'd but just that someone did it.

[Poetlister]

Is CU logged every time it is used, even if only admins or higher muckity mucks can see it? Probably should make it publicly logged every time it's used. Not for whom is specifically being CU'd but just that someone did it.

Yes, there is a log visible only to CUs. It says who did the check and when, but does not give the results. However, it's easy to guess that if someone checks an account and then a few IP addresses, those are the addresses used by that account. I believe that log entries are deleted after a year.

[rhindle]

Yes, there is a log visible only to CUs. It says who did the check and when, but does not give the results. However, it's easy to guess that if someone checks an account and then a few IP addresses, those are the addresses used by that account. I believe that log entries are deleted after a year.

That should be more transparent than just CU's.

[Poetlister]

Yes, there is a log visible only to CUs. It says who did the check and when, but does not give the results. However, it's easy to guess that if someone checks an account and then a few IP addresses, those are the addresses used by that account. I believe that log entries are deleted after a year.

That should be more transparent than just CU's.

I expect that the WMF would say that even that much information is confidential and access to it needs to be restricted.

[Vigilant]

Yes, there is a log visible only to CUs. It says who did the check and when, but does not give the results. However, it's easy to guess that if someone checks an account and then a few IP addresses, those are the addresses used by that account. I believe that log entries are deleted after a year.

That should be more transparent than just CU's.

I expect that the WMF would say that even that much information is confidential and access to it needs to be restricted.

Which is why the CU function should be WMF employees only.

[Dysklyver]

Yes, there is a log visible only to CUs. It says who did the check and when, but does not give the results. However, it's easy to guess that if someone checks an account and then a few IP addresses, those are the addresses used by that account. I believe that log entries are deleted after a year.

That should be more transparent than just CU's.

I expect that the WMF would say that even that much information is confidential and access to it needs to be restricted.

Which is why the CU function should be WMF employees only.

They really should, Bbb23 could use a real job.

[Alex Shih]

Is CU logged every time it is used, even if only admins or higher muckity mucks can see it? Probably should make it publicly logged every time it's used. Not for whom is specifically being CU'd but just that someone did it.

Yes, there is a log visible only to CUs. It says who did the check and when, but does not give the results. However, it's easy to guess that if someone checks an account and then a few IP addresses, those are the addresses used by that account. I believe that log entries are deleted after a year.

Nothing is ever truly deleted on Wikipedia I think; CU log entry goes back to the beginning of time. The only thing "deleted" is the CU data more than 90 days after the last registered user action, but I suspect even that's stored in the database despite of not coming up in the check.

[Beeblebrox]

i just looked, and was surprised to find out I have been CU'd a number of times. I won't say by who, but I can see that I've been CU'd in 2008 and 2010 for completely bullshit reasons, and twice more in 2013 when I was very briefly blocked for a bullshit reason and they were disproving the idea that I'd been compromised.

The two who CU'd me in '08 and '10 aren't CUs anymore.

[Vigilant]

There's a CU wiki where results are stored past the publicly promulgated date of expiration.

There are certainly external data stores kept by people with data scraped from CU fishing expeditions.

Neither situation is good privacy policy.

WMF should hire identified employees to run this particular function.

Teh Communitah has proved, repeatedly, that they can't be trusted with this obligation.

[Beeblebrox]

As English Wikipedia's worst checkuser, I don't use the CU wiki, but yeah, it is my understanding that material is stored there long after it would otherwise be considered stale, and there's literally nothing anyone can do to stop individual CUs from privately storing screen grabs or other records of results.

But there's no way the WMF is going to pay enough staff to actually do the job the entire CU team does across all projects.

[turnedworm]

As English Wikipedia's worst checkuser, I don't use the CU wiki, but yeah, it is my understanding that material is stored there long after it would otherwise be considered stale, and there's literally nothing anyone can do to stop individual CUs from privately storing screen grabs or other records of results.

But there's no way the WMF is going to pay enough staff to actually do the job the entire CU team does across all projects.

Excuse me? Worst CU? I think you'll find you have me to fight for that title.

As to the lead question, yes, CUs have been reprimanded by Arbcom, publicly as mentioned above but more often privately.

[Kumioko]

There's a CU wiki where results are stored past the publicly promulgated date of expiration.

There are certainly external data stores kept by people with data scraped from CU fishing expeditions.

Neither situation is good privacy policy.

WMF should hire identified employees to run this particular function.

Teh Communitah has proved, repeatedly, that they can't be trusted with this obligation.

I completely agree with this and as someone who has frequently manipulated the CU tool and users into blocking both innocent IP networks and accounts, this tool is both inadequate to the task it's being used for and also shouldn't be in the hands of volunteers, largely untrustworthy children and abusers like Bbb23 and others.

[Poetlister]

Nothing is ever truly deleted on Wikipedia I think; CU log entry goes back to the beginning of time. The only thing "deleted" is the CU data more than 90 days after the last registered user action, but I suspect even that's stored in the database despite of not coming up in the check.

Yes, a developer can extract CU data, probably right back to the start of Wikipedia. What CUs check is not the actual database but a copy specifically made for the purpose.

[Kumioko]

Nothing is ever truly deleted on Wikipedia I think; CU log entry goes back to the beginning of time. The only thing "deleted" is the CU data more than 90 days after the last registered user action, but I suspect even that's stored in the database despite of not coming up in the check.

Yes, a developer can extract CU data, probably right back to the start of Wikipedia. What CUs check is not the actual database but a copy specifically made for the purpose.

That's because a the time the CU data was made available to the CU's the devs didn't agree and knew that it would be used abusively even then. They were overruled and now we have an environment where CU's are actively abusing the tool with little to nothing being done about most of it.

[Dysklyver]

Yes, a developer can extract CU data, probably right back to the start of Wikipedia.

There are various legal reasons why the WMF wouldn't want to keep data that long, and on various occasions they have said it is destroyed after a short time.

Whether it actually is or not I don't know. Only those in charge of the servers know that.

[Kumioko]

I would assume that there is still a limit though probably longer. I doubt there is much of a reason to keep logs all the way back to the creation of Wikipedia, that would be tens of millions of rows of database tablespace for very little return. My guess is they might have 1 couple years at max, but probably no more than what the CU's have.

[The Garbage Scow]

I wonder how much longer until someone with vintage admin/CU rights who makes their lone miserable edit per year just to keep the bit is compromised and someone proceeds to dig through the logs to find private IP address info about everyone?

All the more reason people should be using VPNs, and all the more ridiculous Wikipedia thinks VPNs are evil and should be universally rangeblocked.

EDIT: There's another question. Has anyone with CU privileges ever been compromised? I'm assuming most CU folks are at least aware of this Wiki containing everyone's secret data.

[Beeblebrox]

I wonder how much longer until someone with vintage admin/CU rights who makes their lone miserable edit per year just to keep the bit is compromised and someone proceeds to dig through the logs to find private IP address info about everyone?

All the more reason people should be using VPNs, and all the more ridiculous Wikipedia thinks VPNs are evil and should be universally rangeblocked.

EDIT: There's another question. Has anyone with CU privileges ever been compromised? I'm assuming most CU folks are at least aware of this Wiki containing everyone's secret data.

CU/OS have their own activity standards, basically "use it or loose it." I almost got removed earlier this year for not doing enough checks.

[Kumioko]

I wonder how much longer until someone with vintage admin/CU rights who makes their lone miserable edit per year just to keep the bit is compromised and someone proceeds to dig through the logs to find private IP address info about everyone?

All the more reason people should be using VPNs, and all the more ridiculous Wikipedia thinks VPNs are evil and should be universally rangeblocked.

EDIT: There's another question. Has anyone with CU privileges ever been compromised? I'm assuming most CU folks are at least aware of this Wiki containing everyone's secret data.

CU/OS have their own activity standards, basically "use it or loose it." I almost got removed earlier this year for not doing enough checks.

Well with Bbb23 doing a couple thousand a month there's no need for anyone else really.

[Poetlister]

CU/OS have their own activity standards, basically "use it or loose it." I almost got removed earlier this year for not doing enough checks.

That presumably encourages CUs to make more checks than they need to.

[rhinoroars]

I think it was Chase me Ladies I am Cavalry.

[Beeblebrox]

CU/OS have their own activity standards, basically "use it or loose it." I almost got removed earlier this year for not doing enough checks.

That presumably encourages CUs to make more checks than they need to.

Meh. Five actions per every three months is not exactly a huge number.

[Poetlister]

I think it was Chase me Ladies I am Cavalry.

Chase me ladies, I'm the Cavalry (T-C-L). We've discussed him here.

[The Garbage Scow]

I think it was Chase me Ladies I am Cavalry.

Chase me ladies, I'm the Cavalry (T-C-L). We've discussed him here.

Here's a Guardian interview with him.

And here's the desysop.

[BURob13]

The answer to your question is "Yes", including recently with the Alex situation.

In my opinion, by far the most important thing I've done on the Committee has been to push for more training and accountability of local CUs. I ran the first training session in a couple years last fall when the new CUs came on, which both covered the technical aspects of the tool and the policies they must follow. Those training sessions will continue for new and existing CheckUsers to ensure everyone is on the same page and there's no "drift" in what any individual considers sufficient for a check or confirmed result.

I've also pushed for random audits of existing CheckUsers so the system is more robust to an Alex-type situation. I was fairly upset with how long the issues with Alex went essentially unnoticed because there were no audits. Different arbs maybe knew different small pieces of it, but everything needs to be brought together to realize it's a broad issue. I individually received multiple private reports after I went "public" with that situation which suggest we didn't even know the whole picture when he resigned.

[BURob13]

CU/OS have their own activity standards, basically "use it or loose it." I almost got removed earlier this year for not doing enough checks.

That presumably encourages CUs to make more checks than they need to.

Five checks is two investigations, max. Very much don't need to "invent" checks to maintain access to the tools.

[Kumioko]

The answer to your question is "Yes", including recently with the Alex situation.

In my opinion, by far the most important thing I've done on the Committee has been to push for more training and accountability of local CUs. I ran the first training session in a couple years last fall when the new CUs came on, which both covered the technical aspects of the tool and the policies they must follow. Those training sessions will continue for new and existing CheckUsers to ensure everyone is on the same page and there's no "drift" in what any individual considers sufficient for a check or confirmed result.

I've also pushed for random audits of existing CheckUsers so the system is more robust to an Alex-type situation. I was fairly upset with how long the issues with Alex went essentially unnoticed because there were no audits. Different arbs maybe knew different small pieces of it, but everything needs to be brought together to realize it's a broad issue. I individually received multiple private reports after I went "public" with that situation which suggest we didn't even know the whole picture when he resigned.

The "issue" with Alex is hardly unique, he is just the one you all chose to identify and go after. There is no way that Bbb23 hasn't violated the rules just by the sheer volume of CU's he is doing and in fact he is obviously randomly checkusering new editors and RFA voters on fishing expeditions. So saying that you are pushing for reform and fighting for the common good are pretty shallow considering that there are obvious violations literally everywhere and we don't even need to be Checkusers to see it.

[Alex Shih]

As much as BU Rob13 likes to spew bullshit, he's actually pretty against how Bbb23 operates. But then we have other CU arbs that openly protects the kind of checks Bbb23 runs despite of being upset with it sometimes, so the story goes. And then occasionally we have overly excited CUs (including the righteous Rob here) talking about their theory of findings to the point of almost desysoppng someone before they have a chance to defend themselves (and when they do, often times it turns out it's just confirmation bias). It is what it is.

Which is why it's nice to see folks like Courcelles and AGK in ArbCom, as they are the kind of same institutional people but on the opposite end of the spectrum, which will generate more exciting drama (as AGK have already been doing) down the line.

[Kumioko]

As much as BU Rob13 likes to spew bullshit, he's actually pretty against how Bbb23 operates. But then we have other CU arbs that openly protects the kind of checks Bbb23 runs despite of being upset with it sometimes, so the story goes. And then occasionally we have overly excited CUs (including the righteous Rob here) talking about their theory of findings to the point of almost desysoppng someone before they have a chance to defend themselves (and when they do, often times it turns out it's just confirmation bias). It is what it is.

Which is why it's nice to see folks like Courcelles and AGK in ArbCom, as they are the kind of same institutional people but on the opposite end of the spectrum, which will generate more exciting drama (as AGK have already been doing) down the line.

Courcelles and AGK are both worthless!

[BURob13]

talking about their theory of findings to the point of almost desysoppng someone before they have a chance to defend themselves

That literally has never happened. No instance has come up while I've been on the Committee where I've supported desysopping due to CU data. We've had no instances (or even expected instances) of admin socking. Unless I'm badly misunderstanding you, I'm very puzzled what you're insinuating here.

[Alex Shih]

We've had no instances (or even expected instances) of admin socking.

Damn, that poor admin somewhere in Canada with likely a dumb coworker never knew how close he was getting level 2 desysop.

Obviously I am not going to point out specific instances. While lying openly is part of the arb business in the Wikipedia game (regretfully, I had to do a couple also), you should try to do it a little less with someone that was on the mailing list at the same time.

[BURob13]

Oh, I found what you're talking about. It doesn't match your description of things, which is why it hadn't registered or come up in my searches. I did misstate that there had never been suspicions of admin sockpuppetry; I had forgotten this instance, because it burned out very fast during a time when I was mostly focused on other things.

At the time, I supported investigating some odd technical evidence. I certainly never supported a desysop. We did our due diligence, and came to an appropriate conclusion. I can't say much more than that.

[Kumioko]

Well that was the response we expected from you anyway. I doubt anyone here thought you would do anything except support the end result and justify/ excuse the conduct.

[Dysklyver]

I am aware of numerous past examples of suspected admin sockpuppetry which has been checked, some of which I have seen actual evidence of being checked, so it's far from an unknown occurrence, although rare.

[Kumioko]

I am aware of numerous past examples of suspected admin sockpuppetry which has been checked, some of which I have seen actual evidence of being checked, so it's far from an unknown occurrence, although rare.

Well they go out of their way to allow an admin to prove it isn't them or assume it isn't them because they are an admin whereas they assume an editor is socking, often not giving them the opportunity to dispute it.

[BURob13]

ArbCom has accepted many appeals during my tenure where the editor explained the technical results adequately after an initial block.

[Kumioko]

ArbCom has accepted many appeals during my tenure where the editor explained the technical results adequately after an initial block.

Sure, there have been a few outliers of experienced editors who know wlhow the CU tool works. No one's doubting that. The problem is the overzealous use of the CU tool and the false positives that are generated due to the generic data the tool captures. I mean seriously, it should capture email address and MAC.

[Poetlister]

ArbCom has accepted many appeals during my tenure where the editor explained the technical results adequately after an initial block.

Sure, there have been a few outliers of experienced editors who know wlhow the CU tool works. No one's doubting that. The problem is the overzealous use of the CU tool and the false positives that are generated due to the generic data the tool captures. I mean seriously, it should capture email address and MAC.

How exactly could it capture an e-mail address? if a user is logged in, maybe it could note the e-mail address associated with that account, but would anyone with two accounts be stupid enough to use the same address on both?

[Kumioko]

It could capture an email address if it was used when the account was created. Which is currently optional, but should be required and then it would be a lot more useful in the future. Of course again that can be faked, and fairly easily, but it is something that adds to the amount of time it takes to create an alternate account and might dissuade a few from doing it and help...even if only a little.

[tarantino]

Sure, there have been a few outliers of experienced editors who know wlhow the CU tool works. No one's doubting that. The problem is the overzealous use of the CU tool and the false positives that are generated due to the generic data the tool captures. I mean seriously, it should capture email address and MAC.

It would be virtually impossible for the wmf to get the MAC address of your phone, PC or whatever unless it has been compromised. Your ISP probably doesn't even know it because every time a packet goes through a network device, like a modem or router, the packet's MAC address is changed to that device's.

[Kumioko]

My I ask how the online games like WOW and Second Life do it then?

[tarantino]

The software used to play those games read your MAC address. A browser can't.

[Kumioko]

The software used to play those games read your MAC address. A browser can't.

Ah ok, thanks. So if someone installed the Wikipedia app, then in theory it could right?

[tarantino]

The software used to play those games read your MAC address. A browser can't.

Ah ok, thanks. So if someone installed the Wikipedia app, then in theory it could right?

Yeah, but if people found out it did, they'd raise hell.

[Midsize Jake]

Ah ok, thanks. So if someone installed the Wikipedia app, then in theory it could right?

I believe so, except that on iOS and Android you'd at least (hopefully) get a warning during the install process that the app wants to know your identity and location. I suppose one of us could install it on a smartphone or tablet and find out what it wants, but I dunno, that just seems so anathema to every principle we hold dear, I can't say that's a realistic possibility.