This is an archive of past discussions on Wikipedia:CheckUser. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.
In real life I am conducting academic research and publishing on the topic of privacy. (See, for example, https://link.springer.com/chapter/10.1007/978-3-030-91081-5_6) I have a couple questions in my capacity as a member of the reading public, not as a Wikipedia editor.
Do checkusers ever copy fingerprint data (IP and/or user agent string) and save it anywhere for future reference? The policy says that such data is not logged, but it is silent on the question whether such data may be copied and retained manually, such as in notes, a private wiki, or shared via a mailing list.
Thank you. I was sort of afraid of that. Those answers in Archive 47 are concerning and somebody should get in touch with WMF Legal and go over that to tighten things up. JehochmanTalk20:53, 4 January 2022 (UTC)
@Jehochman: As an aside, that paper is heavily aligned with what I (used to) do at my previous company - would I be able to trouble you for a copy, if you'd be so kind? -- TNT (talk • she/her) 20:35, 4 January 2022 (UTC)
Someone's employer or rough geographic location would be considered personal information. Both of those are things that can be derived from IPs. TonyBallioni (talk) 03:12, 13 October 2022 (UTC)
It's even worse when you have a sequence of IP addresses. If you know the neighborhood where somebody lives, what coffee shop they frequent, and where they work, as well as the timing of their activity, that information has a lot of entropy. JehochmanTalk03:26, 13 October 2022 (UTC)
How many times has this tool been used on my account?
Any way to find out, and the name of the Checkuser who performed the check? Or does this only get revealed in special circumstances? Tewdar 13:08, 15 October 2022 (UTC)
In my experience, checkusers don't make a habit of talking about that kind of thing. I can think of several reasons why that might make sense. Users making such requests are normally directed to the relevant oversight people if they suspect abuse of the tool (yes, I know). In cases where there may be another checkuser involved, I seem to recall their checkuser activity may fall under the definition of non-public data in itself, though I'd have to look that up to be sure. What I am happy to say is that the overwhelming majority of users, regular or otherwise, who have never acted suspiciously or been credibly accused of sockpuppetry, will have zero checks logged. -- zzuuzz(talk)13:50, 15 October 2022 (UTC)
That certainly matches my understanding. As a CU, I'm allowed to disclose that I checked an account (that happens all the time at SPI), but I'm not allowed to disclose what checks other CUs have run. If you have specific concerns, my suggestion is to contact arbcom, but I suspect you'll need to give them an exceptionally good reason before they would divulge that information. -- RoySmith(talk)15:04, 15 October 2022 (UTC)
@RoySmith: Super late reply, but I wanted to point out that Wikipedia:CheckUser#Notifying the account that is checked states in verbatim: Checkusers are permitted, but not required, to inform an editor that their account has been checked. The result of a check may be disclosed to the community (on a community process page like Wikipedia:Sockpuppet investigations). I understand this to mean that checkusers have discretion under policy inform someone that their account has been checked, even if the check was performed by another checkuser. Whether this permits a CU from disclosing the name of the CU is less clear, and the policy of course states that this is "permitted, but not required"—it is indeed quite rare that CUs will agree to disclose anything from the CU log outside of reporting results at SPI. Mz7 (talk) 06:20, 9 November 2022 (UTC)
@Blablubbs and Primefac: To be clear, that clarification applies only to disclosing the names of checkusers that have previously run checks on an account—is that right? For example, if I decline to check an account at SPI by stating publicly that "another CU has already looked into this account", would that be permissible? Mz7 (talk) 23:28, 10 November 2022 (UTC)
Proposed policy
I'm going to go ahead and close this section per WP:SNOW, as I think enough has been said. Under current practice, stewards will only lock accounts if there is evidence of cross-wiki abuse. Because of this, the current practice on enwiki is to only report sockpuppets of cross-wiki sockmasters to m:SRG. If an account uses sockpuppets on enwiki and no other project, then it is unlikely that a steward will agree to lock that account. This page is not the right place to propose a change to that common practice—if such a change is truly desired, the best place would be in a discussion with the stewards on Meta. Respectfully, Mz7 (talk) 06:14, 9 November 2022 (UTC)
The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.
If someone is found to be a sockpuppet via CheckUser here, I propose you always report that to m:Steward requests/Global. Users who have been blocked here have gone on to edit other wikis, and it just creates more work to block or investigate over and over again, including on smaller ones (e.g. q:) where we don't even have local CheckUsers. Is there something that I'm missing here about why this wouldn't be desirable, other than the added overhead on CheckUsers here? ―Justin (koavf)❤T☮C☺M☯00:02, 8 November 2022 (UTC)
As GN said, socking on one wiki is not automatically cross-wiki abuse. Reporting socks to SRG increases the workload on the Stewards, given that we have to confirm the results of the local investigation, decide if global action is necessary, run checks on loginwiki if appropriate, and then deal with the inevitable appeals. We don't have the bandwidth to deal with frivolous requests that don't actually involve cross-wiki abuse. You are welcome to establish consensus on enwikiquote that accounts blocked for sockpuppetry on the English Wikipedia should also be blocked on enwikiquote and block them yourself. AntiCompositeNumber (talk) 03:45, 8 November 2022 (UTC)
Accounts aren't locked unless they've caused cross-wiki disruption (or belong to someone known to cause cross-wiki disruption). It's not used as a first resort, especially since different projects have different rules on what constitutes blockable sockpuppetry. GeneralNotability (talk) 00:08, 8 November 2022 (UTC)
So the policy is to wait until they've edited on other wikis? I don't understand this: if User X is abusing multiple accounts, then Sockpuppet Y, Sockpuppet Z, etc. shouldn't be editing Wikiquote and Wikibooks, etc. anyway. Am I wrong? ―Justin (koavf)❤T☮C☺M☯00:44, 8 November 2022 (UTC)
You are indeed wrong. Like I said, other projects have different rules on what constitutes blockable sockpuppetry. Further, a block on one project does not correspond to a block on all projects (for good reason!) and if User X has only edited enwiki, then there is no policy-based reason for Sock Y to not be able to edit enwikiquote or Sock Z not to be able to edit enwikiversity. GeneralNotability (talk) 01:10, 8 November 2022 (UTC)
Not many, commons sort of does. But local blocks don't necessitate global action unless there is cross-wiki abuse. We will not lock accounts whose actions do not necessitate a lock. Pursuing this further is a waste of time, that is not going to change. Vermont (🐿️—🏳️🌈) 03:55, 8 November 2022 (UTC)
Could you please focus on the original responses and not get sidetracked on which projects "allow or encourage" sockpuppets? That isn't even what I said in the first place, and is ignoring the main thrust of my response. GeneralNotability (talk) 22:43, 8 November 2022 (UTC)
I'm responding to what someone else wrote and I did respond to your above comment. What, in principle, would you like me to write? As you pointed out, global locks only occur after there has been cross-wiki abuse. Okay, noted. ―Justin (koavf)❤T☮C☺M☯22:47, 8 November 2022 (UTC)
It's impossible to overstate how problematic this would be. Stewards would be overwhelmed with request that are not within their purview. They would have no choice but to just start ignoring the flood of reports, accomplishing nothing. Beeblebrox (talk) 04:35, 8 November 2022 (UTC)
Levivich, practically speaking, if a block anywhere equated to a block everywhere, that would allow any project to dictate blocking policy for all the others. Policies differ - for example, enwiki disallows the use of the names of organizations as account names, while other projects allow that. Or paid editing - Commons does not require paid-editing disclosures, while other projects do. GeneralNotability (talk) 22:41, 8 November 2022 (UTC)
Thanks. I'm curious why you think that's a good reason. Why shouldn't we have one block policy for all projects? (You know, like a universal code of conduct...) What's the benefit of allowing projects to set differing local policies about behaviors that are serious enough to be blocked over? Particularly given the interdependence of projects, like en, commons, data, source, quote, wikt... I don't get why it's good that when someone is blocked here for, say, making stuff up, or harassment, or pretending to be multiple people in order to influence content, or whatever, they can just go off to wikidata or wherever and continue the problematic behavior there. To ask the converse of a question asked above: if someone is blocked on another wiki for socking, why would we want them editing at enwiki? The only reason I can think of is that we don't trust that the decisions made on other wikis are made well, and vice versa. Levivich (talk) 22:53, 8 November 2022 (UTC)
First of all - you're inverting what I said :) My comment was on the capacity of local policies having a global impact, not on whether we should have global policies. And even if we did have a global policy...I'd consider that to be a minimum, one which projects could build on top of. As for we don't trust that the decisions made on other wikis are made well, well...yes, decisions on other wikis are not always made well. They aren't always made well here, either! Also, consider - there's noshortageoftopics where other language Wikipedias might consider the enwiki version of the story to be "making stuff up"/disinformation (if memory serves, there are or have been versions of those linked articles on other languages where the unpleasantness was downplayed or caveated with things like "according to Western sources"). Do we want a block for not toeing the official narrative in those countries/languages to be global? GeneralNotability (talk) 00:27, 9 November 2022 (UTC)
Just because someone is disruptive in one place in one way does not mean that person cannot provide value elsewhere. E.g. someone fundamentally not understanding appropriate media uploads at c: is not necessarily someone who cannot write some good recipes at b:. ―Justin (koavf)❤T☮C☺M☯22:49, 8 November 2022 (UTC)
And, different projects may have fundamentally different views of what constitutes disruptive behavior. It's not hard to imagine a project which forbids editing on certain days of the year due to their religious significance, and blocks people who violate that rule. Would that be a good reason to also block them on enwiki? -- RoySmith(talk)23:27, 8 November 2022 (UTC)
Does that or something like that actually happen? I find it extremely hard to imagine. A WMF project closed for religious holiday? Levivich (talk) 23:32, 8 November 2022 (UTC)
"It's not hard to imagine a project which forbids editing on certain days of the year due to their religious significance" Wait, what? ―Justin (koavf)❤T☮C☺M☯00:14, 9 November 2022 (UTC)
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.
Should administrators be desysopped for undoing a checkuser block?
The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.
Many years ago, the arbcom reminded users that checkusers have access to hidden information most of us don't. while it's accepted that undoing an arbcom decision lead to desysopping arbcom editors are usually held in an official light given they're nominated by a more rigorous process than the run of the mill RFA where all editor can simply support or oppose the request. That being said I would like to clarify
are checkusers a subdivision of arbcom?
given that a checkuser block can be restore like any other edit, would it be more prudent to AGF on the part person who reversed the block and simply restore the block? hundreds of accounts get indeffed and all too often the creator of these accounts end up in a vicious cycle of sock/block they can't escape.
This a crazy RfC. Much of the English is imprecise and borders on incomprehensible. I don't see why we should we be wasting our time on such an ill-considered RfC.--Bbb23 (talk) 14:03, 7 July 2023 (UTC)
@Bbb23 Seems related to their Admin Review and ANI threads chasing after Daniel Case. I've left a comment at ANI. I'm just going to remove the RFC tag. This isn't even asking for a change to policy, just questioning it. -- ferret (talk) 14:23, 7 July 2023 (UTC)
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.
I'd say both. Show the stats while letting them see who is currently active. Better to know that someone who has been using it frequently is around right now than know one or the other. TonyBallioni (talk) 01:47, 29 September 2023 (UTC)
CheckUser VRT Role Account
Hi,
I’m not sure what would need to happen to set this up — or if it would be technically prohibitive — but I was wondering if it would be possible to set up a CheckUser role account, similar to User:Oversight, for the purpose of sending emails through Wikipedia to the CheckUser VRT queue.
My reason for asking this is because the email linked to my WP account is an anonymous one, which I can reply to emails sent to, but can’t initiate emails from that specific address directly (or at least, I don’t think I can). Therefore, if I sent an email from my email client to the CheckUser email address, it wouldn’t be able to be verified to my account; whereas one sent through the Wikipedia interface would be.
This is certainly possible from a technical standpoint. The Arbitration Committee is the entity that owns the User:Oversight role account, and they could pretty easily spin up a similar one for the CheckUser VRT queue—if you would like to see this happen, the best approach might be to reach out to an arbitrator directly to ask if they could raise it with their colleagues. The only thing I would call out is that the CheckUser VRT queue is not very actively monitored, and not all checkusers have access to it. On the other hand, I do think having a role account for Special:EmailUser access could be useful for things like WP:IPBE requests (probably the most common use of the queue), as it would definitively link the IPBE request with the requesting account. Mz7 (talk) 03:35, 5 November 2023 (UTC)
Notification of discussion at WT:AC/N regarding CU blocks
Are there any policies arround a cabal of individual users acting together to influece the bias of a wiki article? If they are coordinating their efforts, what differentiates this from a single user's sockpuppetry? Thank you for your time. 2600:8804:6600:4:BD84:27CE:9D3F:EBC5 (talk) 20:53, 9 January 2024 (UTC)
This is to notify you that on 17 January, h18:28, I sent a request for investigation to checkuser-en-wpATwikipedia.org, given that in a comment from November 2023 hereabove I read that the latter is not actively monitored.
