Misplaced Pages

talk:CheckUser: Difference between revisions - Misplaced Pages

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editContent deleted Content addedVisualWikitext
Revision as of 09:13, 8 October 2023 editLfernando18 (talk | contribs)2 edits javascript: new sectionTags: Reverted Mobile edit Mobile web edit← Previous edit Latest revision as of 17:48, 18 November 2024 edit undoLowercase sigmabot III (talk | contribs)Bots, Template editors2,293,704 editsm Archiving 1 discussion(s) to Misplaced Pages talk:CheckUser/Archive 7) (bot 
(38 intermediate revisions by 21 users not shown)
Line 12: Line 12:
}} }}


== Potential Checkuser involvement in ] ==
==Should administrators be desysopped for undoing a checkuser block?==
{{atop
| status =
| result = OP has been blocked. For those looking for the referenced thread, it's ] ] ] 16:41, 7 July 2023 (UTC)
}}


In the 2024 RFA review, ] in the Phase 2 of Admin recall involves Checkuser confirmation. Feedback from active CU would be appreciated on how feasible this would be. ] (]) 17:13, 11 May 2024 (UTC)


== Transparency in the Checkuser Process ==
Many years ago, the arbcom reminded users that checkusers have access to hidden information most of us don't. while it's accepted that undoing an arbcom decision lead to desysopping arbcom editors are usually held in an official light given they're nominated by a more rigorous process than the run of the mill RFA where all editor can simply support or oppose the request. That being said I would like to clarify
#are checkusers a subdivision of arbcom?
#given that a checkuser block can be restore like any other edit, would it be more prudent to AGF on the part person who reversed the block and simply restore the block? hundreds of accounts get indeffed and all too often the creator of these accounts end up in a vicious cycle of sock/block they can't escape.
#how exactly would regular admin unblocking a checkuserblock undermine the site's integrity? ] (]) 13:52, 7 July 2023 (UTC)
:This a crazy RfC. Much of the English is imprecise and borders on incomprehensible. I don't see why we should we be wasting our time on such an ill-considered RfC.--] (]) 14:03, 7 July 2023 (UTC)
::@] Seems related to their Admin Review and ANI threads chasing after Daniel Case. I've left a comment at ANI. I'm just going to remove the RFC tag. This isn't even asking for a change to policy, just questioning it. -- ] (]) 14:23, 7 July 2023 (UTC)
{{abot}}


The checkuser process is not open to auditing. From a technical perspective, there is no page to confirm that the checkuser process was performed because it likely involves not only the internal technical aspect handled by the MediaWiki tool but also a human element in analyzing user behavior patterns. I believe there should be a task list available that can at least ensure the technical checkuser was conducted and found no connection. It is not clear to me that it was done just because the administrator said so. I think this step is necessary to prevent human errors. ] (]) 23:12, 31 May 2024 (UTC)
== CheckUser VRT Role Account ==


:@] that's not entirely true. The CU process can (and is) audited by other checkusers, both internal to enwiki and across projects via the ] (which I happen to be serving on at the moment). You are certainly correct, however, that non-checkusers have no direct visibility into the process; this is an area where preserving user privacy trumps transparency. ] ] 23:40, 31 May 2024 (UTC)
Hi,
::I understand that other checkusers can authenticate themselves but I was talking about a more transparent automatic tool that will simply show that the technical evaluation was actually done, but available to everyone without giving details of how the tool or the automated technical evaluation works internally. ] (]) 23:51, 31 May 2024 (UTC)
:::I get the desire to know this, but even divulging that a check has been done (other than a checkuser talking about a check they did themselves) is considered a violation of the privacy policies. ] ] 23:56, 31 May 2024 (UTC)
::::I believe it's technically OK to say that 'a checkuser' has checked something, that is, saying that a check was done without disclosing in any way which other party ran the check. The governing policy concerns 'non-public personal data'; if an account being checked is considered personal data then there's a whole load of people in trouble. There are numerous other potential problems with this proposal however, some of which would easily potentially violate privacy, others would potentially compromise effectiveness in combating disruption. -- ] <sup>]</sup> 00:17, 1 June 2024 (UTC)
:::::What I propose is an automated tool that confirms the execution of the checkuser without revealing any private data. Even though there is a group of checkusers verifying the process, this is not sufficient. For greater transparency, it should be publicly shown that the checkuser was indeed carried out and not merely a decision based on other factors. ] (]) 12:47, 2 June 2024 (UTC)
::::::On-demand reporting of checks can in fact reveal non-public data, for example closely linked accounts. It can also provide undesirable notice to a bad person that we're on to them. A lot of blocked sockpuppets might have no checks registered against their account. And a non-positive check result is very rarely a declaration of innocence. But basically checkusers are not going to say they've run a check when they haven't. They're just not. Why would they even? -- ] <sup>]</sup> 14:48, 2 June 2024 (UTC)
== "]" listed at ] ==
]
The redirect <span class="plainlinks"></span> has been listed at ] to determine whether its use and function meets the ]. Readers of this page are welcome to comment on this redirect at '''{{slink|Misplaced Pages:Redirects for discussion/Log/2024 July 5#CheckUser}}''' until a consensus is reached. <!-- Template:RFDNote --> ] (]) 06:40, 5 July 2024 (UTC)


== Using CU template on talk pages? ==
I’m not sure what would need to happen to set this up — or if it would be technically prohibitive — but I was wondering if it would be possible to set up a CheckUser role account, similar to ], for the purpose of sending emails through Misplaced Pages to the CheckUser VRT queue.


I have recently seen articles where there were very clearly cases of ] present. Might one invoke something like the <nowiki>{{checkuser needed}}</nowiki> template in such cases? Should one expect this to be followed up on? ... Or is '''privately''' reporting suspected IP socks (as opposed to an official SPI) ''always'' the best modus operandi? ] (]) 22:02, 5 September 2024 (UTC)
My reason for asking this is because the email linked to my WP account is an anonymous one, which I can reply to emails ''sent'' to, but can’t ''initiate'' emails from that specific address directly (or at least, I don’t think I can). Therefore, if I sent an email from my email client to the CheckUser email address, it wouldn’t be able to be verified to my account; whereas one sent through the Misplaced Pages interface would be.


:As a matter of policy and practice, CUs do not publicly disclose the IP address an account is operating from (barring extremely exugent circumstances or incidental disclosure by users drawing inference from the block log) so using that template the way you describe is unlikely to result in a CU being able to assist. ] &#124; ] 22:27, 5 September 2024 (UTC)
Best, ] (]) 11:52, 1 September 2023 (UTC)
::Thank you, @]. Now, would reporting the details to one (or multiple; in case of urgency...) CUs via email be likely to result in an investigation? And are there any steps after one or multiple such users have not responded? ] (]) 22:34, 5 September 2024 (UTC)
:::There are very few circumstances in which CUs will use their access to confirm that an IP and an account are the same, even for themselves. Mostly because it's not necessary. If it's obvious enough to investigate, it should be obvious enough for a block. Just file an SPI but without a CU request. Or if there's active, ongoing disruption use AIV. ] &#124; ] 23:11, 5 September 2024 (UTC)


== Device fingerprint ==
== The "contacting a checkuser" section. ==


Do CUs have access to ] data? -- ] (]) (PING me) 18:49, 17 November 2024 (UTC)
Currently, it advises users to look at the "active users" list, which shows which user who happen to have CU bits have done literally anything lately, while ] shows who has been recently active ''as a CU''. Should we replace and/or just add a link to the stats? Thoughts? ] (]) 18:51, 28 September 2023 (UTC)
:That makes sense to me. I'd go with prominently adding the stats, on the basis that more choice of information is good. -- ] <sup>]</sup> 21:23, 28 September 2023 (UTC)
:I'd say both. Show the stats while letting them see who is currently active. Better to know that someone who has been using it frequently is around right now than know one or the other. ] (]) 01:47, 29 September 2023 (UTC)


:What we have is described at ] ] ] 18:53, 17 November 2024 (UTC)
== javascript ==


{{Short description|High-level programming language}}
{{Distinguish|Java (programming language)|Javanese script|ECMAScript}}
{{Redirect|.js|the Microsoft dialect used in Internet Explorer|JScript|}}
{{For|the uses of JavaScript on Misplaced Pages|Misplaced Pages:WikiProject JavaScript|selfref=yes}}
{{pp-pc|small=yes}}

{{Infobox programming language
| name = JavaScript
| logo = <!-- Do not add the unofficial logo, per ] -->
| logo alt =
| screenshot = JavaScript code.png
| screenshot caption = Screenshot of JavaScript source code
| paradigm = ]: ], ], ], ], ]
| designer = ] of ] initially; others have also contributed to the ] standard
| typing = ], ], ]
| implementations = ], ], ], ]
| influenced = ], ], ], ], ], ], ], ]
| license =
| file extensions = {{flatlist|
* <code>.js</code>
* <code>.cjs</code>
* <code>.mjs</code><ref name="node.js ECMAScript Modules Specification">{{cite web|url=https://github.com/nodejs/node-eps/blob/master/002-es-modules.md|title=nodejs/node-eps|website=GitHub|access-date=2018-07-05|archive-date=2020-08-29|archive-url=https://web.archive.org/web/20200829024713/https://github.com/nodejs/node-eps/blob/master/002-es-modules.md|url-status=live}}</ref>
}}
| file format =
| wikibooks = JavaScript
| year = {{start date and age|1995|12|4}}<ref name="press_release">{{Cite press release |url=https://wp.netscape.com/newsref/pr/newsrelease67.html |archive-url=https://web.archive.org/web/20070916144913/https://wp.netscape.com/newsref/pr/newsrelease67.html |archive-date=2007-09-16 |title=Netscape and Sun announce JavaScript, the Open, Cross-platform Object Scripting Language for Enterprise Networks and the Internet |date=December 4, 1995}}</ref>
| latest release version = {{wikidata|property|edit|reference|P548=Q2804309|P348}}
| latest release date = {{start date and age|{{wikidata|qualifier|single|P548=Q2804309|P348|P577}}}}
| latest preview version = {{wikidata|property|edit|reference|P548=Q51930650|P348}}
| latest preview date = {{start date and age|{{wikidata|qualifier|single|P548=Q51930650|P348|P577}}}}
| influenced by = ],<ref name="looklikejava">{{cite book|last=Seibel|first=Peter|title=Coders at Work: Reflections on the Craft of Programming|isbn=9781430219484|quote="Eich: The immediate concern at Netscape was it must look like Java."|url=https://books.google.com/books?id=nneBa6-mWfgC&q=The+immediate+concern+at+Netscape+was+it+must+look+like+Java.&pg=PA141|access-date=December 25, 2018|date=September 16, 2009|archive-date=December 24, 2020|archive-url=https://web.archive.org/web/20201224233514/https://books.google.com/books?id=nneBa6-mWfgC&q=The+immediate+concern+at+Netscape+was+it+must+look+like+Java.&pg=PA141|url-status=live}}</ref><ref name="origin"/> ],<ref name="origin"/> ],<ref>{{cite web|url=https://brendaneich.com/2008/04/popularity/|title = Popularity – Brendan Eich}}</ref> ],<ref>{{cite web|title=Brendan Eich: An Introduction to JavaScript, JSConf 2010|website=]|quote="Eich: "function", eight letters, I was influenced by AWK."|url=https://www.youtube.com/watch?v=1EyRscXrehw|access-date=November 25, 2019|page=22m|archive-date=August 29, 2020|archive-url=https://web.archive.org/web/20200829024704/https://www.youtube.com/watch?v=1EyRscXrehw|url-status=live}}</ref> ]<ref>{{cite book |last=Eich |first=Brendan |authorlink1=Brendan Eich |chapter=Foreword |editor1-last=Goodman |editor1-first=Danny |editor1-link=Danny Goodman |year=1998 |title=JavaScript Bible |edition=3rd |publisher=] |isbn=0-7645-3188-3 |lccn=97078208 |oclc=38888873 |ol=712205M |url-access=registration |url=https://archive.org/details/javascriptbible000good}}</ref>
| website = {{URL|https://ecma-international.org/publications-and-standards/standards/ecma-262/}}
}}

'''JavaScript''' ({{IPAc-en|ˈ|dʒ|ɑː|v|ə|s|k|r|ɪ|p|t}}), often abbreviated as '''JS''', is a ] that is one of the core technologies of the ], alongside ] and ]. {{as of|2023}}, 98.7% of ]s use JavaScript on the ] side for ] behavior,<ref>{{Cite web |title=Usage Statistics of JavaScript as Client-side Programming Language on Websites, July 2023 |url=https://w3techs.com/technologies/details/cp-javascript |access-date=2023-07-02 |website=w3techs.com}}</ref> often incorporating third-party ]. All major ]s have a dedicated ] to execute the ] on ]' devices.

JavaScript is a ], often ] language that conforms to the ] standard.<ref name="tc39">{{cite web|title=ECMAScript® 2020 Language Specification|url=https://tc39.es/ecma262/#sec-overview|url-status=live|archive-url=https://web.archive.org/web/20200508053013/https://tc39.es/ecma262/#sec-overview|archive-date=2020-05-08|access-date=2020-05-08}}</ref> It has ], ] ], and ]s. It is ], supporting ], ], and ] ]s. It has ]s (APIs) for working with text, dates, ]s, standard ]s, and the ] (DOM).

The ECMAScript standard does not include any ] (I/O), such as ], ], or ] facilities. In practice, the web browser or other ] provides JavaScript APIs for I/O.

] were originally used only in web browsers, but are now core components of some ] and a variety of ]. The most popular ] for this usage is ].

Although ] and JavaScript are similar in name, ], and respective ], the two languages are distinct and differ greatly in design.

Return to JavaScript.


Misplaced Pages
Privacy policy Terms of UseDesktop

Latest revision as of 17:48, 18 November 2024

The project page associated with this talk page is an official policy on Misplaced Pages. Policies have wide acceptance among editors and are considered a standard for all users to follow. Please review policy editing recommendations before making any substantive change to this page. Always remember to keep cool when editing, and don't panic.Shortcuts
Text and/or other creative content from this version of Misplaced Pages:User access levels was copied or moved into Misplaced Pages:CheckUser with this edit on 10 January 2017. The former page's history now serves to provide attribution for that content in the latter page, and it must not be deleted as long as the latter page exists.

Archives
Archive 1Archive 2Archive 3
Archive 4Archive 5Archive 6
Archive 7

This page has archives. Sections older than 180 days may be automatically archived by Lowercase sigmabot III when more than 5 sections are present.

Potential Checkuser involvement in admin recall

In the 2024 RFA review, one of the subproposals in the Phase 2 of Admin recall involves Checkuser confirmation. Feedback from active CU would be appreciated on how feasible this would be. Soni (talk) 17:13, 11 May 2024 (UTC)

Transparency in the Checkuser Process

The checkuser process is not open to auditing. From a technical perspective, there is no page to confirm that the checkuser process was performed because it likely involves not only the internal technical aspect handled by the MediaWiki tool but also a human element in analyzing user behavior patterns. I believe there should be a task list available that can at least ensure the technical checkuser was conducted and found no connection. It is not clear to me that it was done just because the administrator said so. I think this step is necessary to prevent human errors. Wilfredor (talk) 23:12, 31 May 2024 (UTC)

@Wilfredor that's not entirely true. The CU process can (and is) audited by other checkusers, both internal to enwiki and across projects via the Ombuds Commission (which I happen to be serving on at the moment). You are certainly correct, however, that non-checkusers have no direct visibility into the process; this is an area where preserving user privacy trumps transparency. RoySmith (talk) 23:40, 31 May 2024 (UTC)
I understand that other checkusers can authenticate themselves but I was talking about a more transparent automatic tool that will simply show that the technical evaluation was actually done, but available to everyone without giving details of how the tool or the automated technical evaluation works internally. Wilfredor (talk) 23:51, 31 May 2024 (UTC)
I get the desire to know this, but even divulging that a check has been done (other than a checkuser talking about a check they did themselves) is considered a violation of the privacy policies. RoySmith (talk) 23:56, 31 May 2024 (UTC)
I believe it's technically OK to say that 'a checkuser' has checked something, that is, saying that a check was done without disclosing in any way which other party ran the check. The governing policy concerns 'non-public personal data'; if an account being checked is considered personal data then there's a whole load of people in trouble. There are numerous other potential problems with this proposal however, some of which would easily potentially violate privacy, others would potentially compromise effectiveness in combating disruption. -- zzuuzz 00:17, 1 June 2024 (UTC)
What I propose is an automated tool that confirms the execution of the checkuser without revealing any private data. Even though there is a group of checkusers verifying the process, this is not sufficient. For greater transparency, it should be publicly shown that the checkuser was indeed carried out and not merely a decision based on other factors. Wilfredor (talk) 12:47, 2 June 2024 (UTC)
On-demand reporting of checks can in fact reveal non-public data, for example closely linked accounts. It can also provide undesirable notice to a bad person that we're on to them. A lot of blocked sockpuppets might have no checks registered against their account. And a non-positive check result is very rarely a declaration of innocence. But basically checkusers are not going to say they've run a check when they haven't. They're just not. Why would they even? -- zzuuzz 14:48, 2 June 2024 (UTC)

"CheckUser" listed at Redirects for discussion

The redirect CheckUser has been listed at redirects for discussion to determine whether its use and function meets the redirect guidelines. Readers of this page are welcome to comment on this redirect at Misplaced Pages:Redirects for discussion/Log/2024 July 5 § CheckUser until a consensus is reached. Ahri Boy (talk) 06:40, 5 July 2024 (UTC)

Using CU template on talk pages?

I have recently seen articles where there were very clearly cases of WP:LOUTSOCK present. Might one invoke something like the {{checkuser needed}} template in such cases? Should one expect this to be followed up on? ... Or is privately reporting suspected IP socks (as opposed to an official SPI) always the best modus operandi? Biohistorian15 (talk) 22:02, 5 September 2024 (UTC)

As a matter of policy and practice, CUs do not publicly disclose the IP address an account is operating from (barring extremely exugent circumstances or incidental disclosure by users drawing inference from the block log) so using that template the way you describe is unlikely to result in a CU being able to assist. HJ Mitchell | Penny for your thoughts? 22:27, 5 September 2024 (UTC)
Thank you, @HJ Mitchell. Now, would reporting the details to one (or multiple; in case of urgency...) CUs via email be likely to result in an investigation? And are there any steps after one or multiple such users have not responded? Biohistorian15 (talk) 22:34, 5 September 2024 (UTC)
There are very few circumstances in which CUs will use their access to confirm that an IP and an account are the same, even for themselves. Mostly because it's not necessary. If it's obvious enough to investigate, it should be obvious enough for a block. Just file an SPI but without a CU request. Or if there's active, ongoing disruption use AIV. HJ Mitchell | Penny for your thoughts? 23:11, 5 September 2024 (UTC)

Device fingerprint

Do CUs have access to device fingerprint data? -- Valjean (talk) (PING me) 18:49, 17 November 2024 (UTC)

What we have is described at mw:Extension:CheckUser RoySmith (talk) 18:53, 17 November 2024 (UTC)