| Revision as of 09:13, 8 October 2023 editJasper Deng (talk | contribs)Edit filter managers, Extended confirmed users, Pending changes reviewers, Rollbackers53,719 editsm Reverted edit by Lfernando18 (talk) to last version by TonyBallioniTag: Rollback← Previous edit | Latest revision as of 17:48, 18 November 2024 edit undoLowercase sigmabot III (talk | contribs)Bots, Template editors2,293,704 editsm Archiving 1 discussion(s) to Misplaced Pages talk:CheckUser/Archive 7) (bot | ||
| (37 intermediate revisions by 20 users not shown) | |||
| Line 12: | Line 12: | ||
| }} | }} | ||
| == Potential Checkuser involvement in ] == | |||
| ==Should administrators be desysopped for undoing a checkuser block?== | |||
| {{atop | |||
| | status = | |||
| | result = OP has been blocked. For those looking for the referenced thread, it's ] ] ] 16:41, 7 July 2023 (UTC) | |||
| }} | |||
| In the 2024 RFA review, ] in the Phase 2 of Admin recall involves Checkuser confirmation. Feedback from active CU would be appreciated on how feasible this would be. ] (]) 17:13, 11 May 2024 (UTC) | |||
| == Transparency in the Checkuser Process == | |||
| Many years ago, the arbcom reminded users that checkusers have access to hidden information most of us don't. while it's accepted that undoing an arbcom decision lead to desysopping arbcom editors are usually held in an official light given they're nominated by a more rigorous process than the run of the mill RFA where all editor can simply support or oppose the request. That being said I would like to clarify | |||
| #are checkusers a subdivision of arbcom? | |||
| #given that a checkuser block can be restore like any other edit, would it be more prudent to AGF on the part person who reversed the block and simply restore the block? hundreds of accounts get indeffed and all too often the creator of these accounts end up in a vicious cycle of sock/block they can't escape. | |||
| #how exactly would regular admin unblocking a checkuserblock undermine the site's integrity? ] (]) 13:52, 7 July 2023 (UTC) | |||
| :This a crazy RfC. Much of the English is imprecise and borders on incomprehensible. I don't see why we should we be wasting our time on such an ill-considered RfC.--] (]) 14:03, 7 July 2023 (UTC) | |||
| ::@] Seems related to their Admin Review and ANI threads chasing after Daniel Case. I've left a comment at ANI. I'm just going to remove the RFC tag. This isn't even asking for a change to policy, just questioning it. -- ] (]) 14:23, 7 July 2023 (UTC) | |||
| {{abot}} | |||
| The checkuser process is not open to auditing. From a technical perspective, there is no page to confirm that the checkuser process was performed because it likely involves not only the internal technical aspect handled by the MediaWiki tool but also a human element in analyzing user behavior patterns. I believe there should be a task list available that can at least ensure the technical checkuser was conducted and found no connection. It is not clear to me that it was done just because the administrator said so. I think this step is necessary to prevent human errors. ] (]) 23:12, 31 May 2024 (UTC) | |||
| == CheckUser VRT Role Account == | |||
| :@] that's not entirely true. The CU process can (and is) audited by other checkusers, both internal to enwiki and across projects via the ] (which I happen to be serving on at the moment). You are certainly correct, however, that non-checkusers have no direct visibility into the process; this is an area where preserving user privacy trumps transparency. ] ] 23:40, 31 May 2024 (UTC) | |||
| Hi, | |||
| ::I understand that other checkusers can authenticate themselves but I was talking about a more transparent automatic tool that will simply show that the technical evaluation was actually done, but available to everyone without giving details of how the tool or the automated technical evaluation works internally. ] (]) 23:51, 31 May 2024 (UTC) | |||
| :::I get the desire to know this, but even divulging that a check has been done (other than a checkuser talking about a check they did themselves) is considered a violation of the privacy policies. ] ] 23:56, 31 May 2024 (UTC) | |||
| ::::I believe it's technically OK to say that 'a checkuser' has checked something, that is, saying that a check was done without disclosing in any way which other party ran the check. The governing policy concerns 'non-public personal data'; if an account being checked is considered personal data then there's a whole load of people in trouble. There are numerous other potential problems with this proposal however, some of which would easily potentially violate privacy, others would potentially compromise effectiveness in combating disruption. -- ] <sup>]</sup> 00:17, 1 June 2024 (UTC) | |||
| :::::What I propose is an automated tool that confirms the execution of the checkuser without revealing any private data. Even though there is a group of checkusers verifying the process, this is not sufficient. For greater transparency, it should be publicly shown that the checkuser was indeed carried out and not merely a decision based on other factors. ] (]) 12:47, 2 June 2024 (UTC) | |||
| ::::::On-demand reporting of checks can in fact reveal non-public data, for example closely linked accounts. It can also provide undesirable notice to a bad person that we're on to them. A lot of blocked sockpuppets might have no checks registered against their account. And a non-positive check result is very rarely a declaration of innocence. But basically checkusers are not going to say they've run a check when they haven't. They're just not. Why would they even? -- ] <sup>]</sup> 14:48, 2 June 2024 (UTC) | |||
| == "]" listed at ] == | |||
| ] | |||
| The redirect <span class="plainlinks"></span> has been listed at ] to determine whether its use and function meets the ]. Readers of this page are welcome to comment on this redirect at '''{{slink|Misplaced Pages:Redirects for discussion/Log/2024 July 5#CheckUser}}''' until a consensus is reached. <!-- Template:RFDNote --> ] (]) 06:40, 5 July 2024 (UTC) | |||
| == Using CU template on talk pages? == | |||
| I’m not sure what would need to happen to set this up — or if it would be technically prohibitive — but I was wondering if it would be possible to set up a CheckUser role account, similar to ], for the purpose of sending emails through Misplaced Pages to the CheckUser VRT queue. | |||
| I have recently seen articles where there were very clearly cases of ] present. Might one invoke something like the <nowiki>{{checkuser needed}}</nowiki> template in such cases? Should one expect this to be followed up on? ... Or is '''privately''' reporting suspected IP socks (as opposed to an official SPI) ''always'' the best modus operandi? ] (]) 22:02, 5 September 2024 (UTC) | |||
| My reason for asking this is because the email linked to my WP account is an anonymous one, which I can reply to emails ''sent'' to, but can’t ''initiate'' emails from that specific address directly (or at least, I don’t think I can). Therefore, if I sent an email from my email client to the CheckUser email address, it wouldn’t be able to be verified to my account; whereas one sent through the Misplaced Pages interface would be. | |||
| :As a matter of policy and practice, CUs do not publicly disclose the IP address an account is operating from (barring extremely exugent circumstances or incidental disclosure by users drawing inference from the block log) so using that template the way you describe is unlikely to result in a CU being able to assist. ] | ] 22:27, 5 September 2024 (UTC) | |||
| Best, ] (]) 11:52, 1 September 2023 (UTC) | |||
| ::Thank you, @]. Now, would reporting the details to one (or multiple; in case of urgency...) CUs via email be likely to result in an investigation? And are there any steps after one or multiple such users have not responded? ] (]) 22:34, 5 September 2024 (UTC) | |||
| :::There are very few circumstances in which CUs will use their access to confirm that an IP and an account are the same, even for themselves. Mostly because it's not necessary. If it's obvious enough to investigate, it should be obvious enough for a block. Just file an SPI but without a CU request. Or if there's active, ongoing disruption use AIV. ] | ] 23:11, 5 September 2024 (UTC) | |||
| == Device fingerprint == | |||
| == The "contacting a checkuser" section. == | |||
| Do CUs have access to ] data? -- ] (]) (PING me) 18:49, 17 November 2024 (UTC) | |||
| Currently, it advises users to look at the "active users" list, which shows which user who happen to have CU bits have done literally anything lately, while ] shows who has been recently active ''as a CU''. Should we replace and/or just add a link to the stats? Thoughts? ] (]) 18:51, 28 September 2023 (UTC) | |||
| :That makes sense to me. I'd go with prominently adding the stats, on the basis that more choice of information is good. -- ] <sup>]</sup> 21:23, 28 September 2023 (UTC) | |||
| :What we have is described at ] ] ] 18:53, 17 November 2024 (UTC) | |||
| :I'd say both. Show the stats while letting them see who is currently active. Better to know that someone who has been using it frequently is around right now than know one or the other. ] (]) 01:47, 29 September 2023 (UTC) | |||
Latest revision as of 17:48, 18 November 2024
 | The project page associated with this talk page is an official policy on Misplaced Pages. Policies have wide acceptance among editors and are considered a standard for all users to follow. Please review policy editing recommendations before making any substantive change to this page. Always remember to keep cool when editing, and don't panic. | Shortcuts |
 | Text and/or other creative content from this version of Misplaced Pages:User access levels was copied or moved into Misplaced Pages:CheckUser with this edit on 10 January 2017. The former page's history now serves to provide attribution for that content in the latter page, and it must not be deleted as long as the latter page exists. |
 Archives | |||||||
|
|||||||
|
This page has archives. Sections older than 180 days may be automatically archived by Lowercase sigmabot III when more than 5 sections are present. |
Potential Checkuser involvement in admin recall
In the 2024 RFA review, one of the subproposals in the Phase 2 of Admin recall involves Checkuser confirmation. Feedback from active CU would be appreciated on how feasible this would be. Soni (talk) 17:13, 11 May 2024 (UTC)
Transparency in the Checkuser Process
The checkuser process is not open to auditing. From a technical perspective, there is no page to confirm that the checkuser process was performed because it likely involves not only the internal technical aspect handled by the MediaWiki tool but also a human element in analyzing user behavior patterns. I believe there should be a task list available that can at least ensure the technical checkuser was conducted and found no connection. It is not clear to me that it was done just because the administrator said so. I think this step is necessary to prevent human errors. Wilfredor (talk) 23:12, 31 May 2024 (UTC)
- @Wilfredor that's not entirely true. The CU process can (and is) audited by other checkusers, both internal to enwiki and across projects via the Ombuds Commission (which I happen to be serving on at the moment). You are certainly correct, however, that non-checkusers have no direct visibility into the process; this is an area where preserving user privacy trumps transparency. RoySmith (talk) 23:40, 31 May 2024 (UTC)
- I understand that other checkusers can authenticate themselves but I was talking about a more transparent automatic tool that will simply show that the technical evaluation was actually done, but available to everyone without giving details of how the tool or the automated technical evaluation works internally. Wilfredor (talk) 23:51, 31 May 2024 (UTC)
- I get the desire to know this, but even divulging that a check has been done (other than a checkuser talking about a check they did themselves) is considered a violation of the privacy policies. RoySmith (talk) 23:56, 31 May 2024 (UTC)
- I believe it's technically OK to say that 'a checkuser' has checked something, that is, saying that a check was done without disclosing in any way which other party ran the check. The governing policy concerns 'non-public personal data'; if an account being checked is considered personal data then there's a whole load of people in trouble. There are numerous other potential problems with this proposal however, some of which would easily potentially violate privacy, others would potentially compromise effectiveness in combating disruption. -- zzuuzz 00:17, 1 June 2024 (UTC)
- What I propose is an automated tool that confirms the execution of the checkuser without revealing any private data. Even though there is a group of checkusers verifying the process, this is not sufficient. For greater transparency, it should be publicly shown that the checkuser was indeed carried out and not merely a decision based on other factors. Wilfredor (talk) 12:47, 2 June 2024 (UTC)
- On-demand reporting of checks can in fact reveal non-public data, for example closely linked accounts. It can also provide undesirable notice to a bad person that we're on to them. A lot of blocked sockpuppets might have no checks registered against their account. And a non-positive check result is very rarely a declaration of innocence. But basically checkusers are not going to say they've run a check when they haven't. They're just not. Why would they even? -- zzuuzz 14:48, 2 June 2024 (UTC)
- What I propose is an automated tool that confirms the execution of the checkuser without revealing any private data. Even though there is a group of checkusers verifying the process, this is not sufficient. For greater transparency, it should be publicly shown that the checkuser was indeed carried out and not merely a decision based on other factors. Wilfredor (talk) 12:47, 2 June 2024 (UTC)
- I believe it's technically OK to say that 'a checkuser' has checked something, that is, saying that a check was done without disclosing in any way which other party ran the check. The governing policy concerns 'non-public personal data'; if an account being checked is considered personal data then there's a whole load of people in trouble. There are numerous other potential problems with this proposal however, some of which would easily potentially violate privacy, others would potentially compromise effectiveness in combating disruption. -- zzuuzz 00:17, 1 June 2024 (UTC)
- I get the desire to know this, but even divulging that a check has been done (other than a checkuser talking about a check they did themselves) is considered a violation of the privacy policies. RoySmith (talk) 23:56, 31 May 2024 (UTC)
- I understand that other checkusers can authenticate themselves but I was talking about a more transparent automatic tool that will simply show that the technical evaluation was actually done, but available to everyone without giving details of how the tool or the automated technical evaluation works internally. Wilfredor (talk) 23:51, 31 May 2024 (UTC)
"CheckUser" listed at Redirects for discussion
The redirect CheckUser has been listed at redirects for discussion to determine whether its use and function meets the redirect guidelines. Readers of this page are welcome to comment on this redirect at Misplaced Pages:Redirects for discussion/Log/2024 July 5 § CheckUser until a consensus is reached. Ahri Boy (talk) 06:40, 5 July 2024 (UTC)
Using CU template on talk pages?
I have recently seen articles where there were very clearly cases of WP:LOUTSOCK present. Might one invoke something like the {{checkuser needed}} template in such cases? Should one expect this to be followed up on? ... Or is privately reporting suspected IP socks (as opposed to an official SPI) always the best modus operandi? Biohistorian15 (talk) 22:02, 5 September 2024 (UTC)
- As a matter of policy and practice, CUs do not publicly disclose the IP address an account is operating from (barring extremely exugent circumstances or incidental disclosure by users drawing inference from the block log) so using that template the way you describe is unlikely to result in a CU being able to assist. HJ Mitchell | Penny for your thoughts? 22:27, 5 September 2024 (UTC)
- Thank you, @HJ Mitchell. Now, would reporting the details to one (or multiple; in case of urgency...) CUs via email be likely to result in an investigation? And are there any steps after one or multiple such users have not responded? Biohistorian15 (talk) 22:34, 5 September 2024 (UTC)
- There are very few circumstances in which CUs will use their access to confirm that an IP and an account are the same, even for themselves. Mostly because it's not necessary. If it's obvious enough to investigate, it should be obvious enough for a block. Just file an SPI but without a CU request. Or if there's active, ongoing disruption use AIV. HJ Mitchell | Penny for your thoughts? 23:11, 5 September 2024 (UTC)
- Thank you, @HJ Mitchell. Now, would reporting the details to one (or multiple; in case of urgency...) CUs via email be likely to result in an investigation? And are there any steps after one or multiple such users have not responded? Biohistorian15 (talk) 22:34, 5 September 2024 (UTC)
Device fingerprint
Do CUs have access to device fingerprint data? -- Valjean (talk) (PING me) 18:49, 17 November 2024 (UTC)
- What we have is described at mw:Extension:CheckUser RoySmith (talk) 18:53, 17 November 2024 (UTC)