Revision as of 18:54, 18 December 2023 editA smart kitten (talk | contribs)Extended confirmed users, Rollbackers7,920 edits notify checkuser page of ongoing discussion regarding checkuser blocksTags: Mobile edit Mobile web edit Advanced mobile edit New topic← Previous edit | Latest revision as of 17:48, 18 November 2024 edit undoLowercase sigmabot III (talk | contribs)Bots, Template editors2,294,330 editsm Archiving 1 discussion(s) to Misplaced Pages talk:CheckUser/Archive 7) (bot | ||
(32 intermediate revisions by 17 users not shown) | |||
Line 12: | Line 12: | ||
}} | }} | ||
== Potential Checkuser involvement in ] == | |||
== CheckUser VRT Role Account == | |||
In the 2024 RFA review, ] in the Phase 2 of Admin recall involves Checkuser confirmation. Feedback from active CU would be appreciated on how feasible this would be. ] (]) 17:13, 11 May 2024 (UTC) | |||
Hi, | |||
== Transparency in the Checkuser Process == | |||
I’m not sure what would need to happen to set this up — or if it would be technically prohibitive — but I was wondering if it would be possible to set up a CheckUser role account, similar to ], for the purpose of sending emails through Misplaced Pages to the CheckUser VRT queue. | |||
The checkuser process is not open to auditing. From a technical perspective, there is no page to confirm that the checkuser process was performed because it likely involves not only the internal technical aspect handled by the MediaWiki tool but also a human element in analyzing user behavior patterns. I believe there should be a task list available that can at least ensure the technical checkuser was conducted and found no connection. It is not clear to me that it was done just because the administrator said so. I think this step is necessary to prevent human errors. ] (]) 23:12, 31 May 2024 (UTC) | |||
My reason for asking this is because the email linked to my WP account is an anonymous one, which I can reply to emails ''sent'' to, but can’t ''initiate'' emails from that specific address directly (or at least, I don’t think I can). Therefore, if I sent an email from my email client to the CheckUser email address, it wouldn’t be able to be verified to my account; whereas one sent through the Misplaced Pages interface would be. | |||
:@] that's not entirely true. The CU process can (and is) audited by other checkusers, both internal to enwiki and across projects via the ] (which I happen to be serving on at the moment). You are certainly correct, however, that non-checkusers have no direct visibility into the process; this is an area where preserving user privacy trumps transparency. ] ] 23:40, 31 May 2024 (UTC) | |||
Best, ] (]) 11:52, 1 September 2023 (UTC) | |||
::I understand that other checkusers can authenticate themselves but I was talking about a more transparent automatic tool that will simply show that the technical evaluation was actually done, but available to everyone without giving details of how the tool or the automated technical evaluation works internally. ] (]) 23:51, 31 May 2024 (UTC) | |||
:::I get the desire to know this, but even divulging that a check has been done (other than a checkuser talking about a check they did themselves) is considered a violation of the privacy policies. ] ] 23:56, 31 May 2024 (UTC) | |||
::::I believe it's technically OK to say that 'a checkuser' has checked something, that is, saying that a check was done without disclosing in any way which other party ran the check. The governing policy concerns 'non-public personal data'; if an account being checked is considered personal data then there's a whole load of people in trouble. There are numerous other potential problems with this proposal however, some of which would easily potentially violate privacy, others would potentially compromise effectiveness in combating disruption. -- ] <sup>]</sup> 00:17, 1 June 2024 (UTC) | |||
:::::What I propose is an automated tool that confirms the execution of the checkuser without revealing any private data. Even though there is a group of checkusers verifying the process, this is not sufficient. For greater transparency, it should be publicly shown that the checkuser was indeed carried out and not merely a decision based on other factors. ] (]) 12:47, 2 June 2024 (UTC) | |||
::::::On-demand reporting of checks can in fact reveal non-public data, for example closely linked accounts. It can also provide undesirable notice to a bad person that we're on to them. A lot of blocked sockpuppets might have no checks registered against their account. And a non-positive check result is very rarely a declaration of innocence. But basically checkusers are not going to say they've run a check when they haven't. They're just not. Why would they even? -- ] <sup>]</sup> 14:48, 2 June 2024 (UTC) | |||
== "]" listed at ] == | |||
] | |||
The redirect <span class="plainlinks"></span> has been listed at ] to determine whether its use and function meets the ]. Readers of this page are welcome to comment on this redirect at '''{{slink|Misplaced Pages:Redirects for discussion/Log/2024 July 5#CheckUser}}''' until a consensus is reached. <!-- Template:RFDNote --> ] (]) 06:40, 5 July 2024 (UTC) | |||
== Using CU template on talk pages? == | |||
:This is certainly possible from a technical standpoint. The Arbitration Committee is the entity that owns the ] role account, and they could pretty easily spin up a similar one for the CheckUser VRT queue—if you would like to see this happen, the best approach might be to reach out to an arbitrator directly to ask if they could raise it with their colleagues. The only thing I would call out is that the CheckUser VRT queue is not very actively monitored, and not all checkusers have access to it. On the other hand, I do think having a role account for ] access could be useful for things like ] requests (probably the most common use of the queue), as it would definitively link the IPBE request with the requesting account. ] (]) 03:35, 5 November 2023 (UTC) | |||
I have recently seen articles where there were very clearly cases of ] present. Might one invoke something like the <nowiki>{{checkuser needed}}</nowiki> template in such cases? Should one expect this to be followed up on? ... Or is '''privately''' reporting suspected IP socks (as opposed to an official SPI) ''always'' the best modus operandi? ] (]) 22:02, 5 September 2024 (UTC) | |||
== The "contacting a checkuser" section. == | |||
:As a matter of policy and practice, CUs do not publicly disclose the IP address an account is operating from (barring extremely exugent circumstances or incidental disclosure by users drawing inference from the block log) so using that template the way you describe is unlikely to result in a CU being able to assist. ] | ] 22:27, 5 September 2024 (UTC) | |||
Currently, it advises users to look at the "active users" list, which shows which user who happen to have CU bits have done literally anything lately, while ] shows who has been recently active ''as a CU''. Should we replace and/or just add a link to the stats? Thoughts? ] (]) 18:51, 28 September 2023 (UTC) | |||
::Thank you, @]. Now, would reporting the details to one (or multiple; in case of urgency...) CUs via email be likely to result in an investigation? And are there any steps after one or multiple such users have not responded? ] (]) 22:34, 5 September 2024 (UTC) | |||
:That makes sense to me. I'd go with prominently adding the stats, on the basis that more choice of information is good. -- ] <sup>]</sup> 21:23, 28 September 2023 (UTC) | |||
:::There are very few circumstances in which CUs will use their access to confirm that an IP and an account are the same, even for themselves. Mostly because it's not necessary. If it's obvious enough to investigate, it should be obvious enough for a block. Just file an SPI but without a CU request. Or if there's active, ongoing disruption use AIV. ] | ] 23:11, 5 September 2024 (UTC) | |||
:I'd say both. Show the stats while letting them see who is currently active. Better to know that someone who has been using it frequently is around right now than know one or the other. ] (]) 01:47, 29 September 2023 (UTC) | |||
== Device fingerprint == | |||
==Notification of discussion at WT:AC/N regarding CU blocks== | |||
] You are invited to join the discussion at ].  Best, ‍—‍]<sub>]]</sub> 18:54, 18 December 2023 (UTC)<!-- ] --> | |||
Do CUs have access to ] data? -- ] (]) (PING me) 18:49, 17 November 2024 (UTC) | |||
:What we have is described at ] ] ] 18:53, 17 November 2024 (UTC) |
Latest revision as of 17:48, 18 November 2024
The project page associated with this talk page is an official policy on Misplaced Pages. Policies have wide acceptance among editors and are considered a standard for all users to follow. Please review policy editing recommendations before making any substantive change to this page. Always remember to keep cool when editing, and don't panic. | Shortcuts |
Text and/or other creative content from this version of Misplaced Pages:User access levels was copied or moved into Misplaced Pages:CheckUser with this edit on 10 January 2017. The former page's history now serves to provide attribution for that content in the latter page, and it must not be deleted as long as the latter page exists. |
Archives | |||||||
|
|||||||
This page has archives. Sections older than 180 days may be automatically archived by Lowercase sigmabot III when more than 5 sections are present. |
Potential Checkuser involvement in admin recall
In the 2024 RFA review, one of the subproposals in the Phase 2 of Admin recall involves Checkuser confirmation. Feedback from active CU would be appreciated on how feasible this would be. Soni (talk) 17:13, 11 May 2024 (UTC)
Transparency in the Checkuser Process
The checkuser process is not open to auditing. From a technical perspective, there is no page to confirm that the checkuser process was performed because it likely involves not only the internal technical aspect handled by the MediaWiki tool but also a human element in analyzing user behavior patterns. I believe there should be a task list available that can at least ensure the technical checkuser was conducted and found no connection. It is not clear to me that it was done just because the administrator said so. I think this step is necessary to prevent human errors. Wilfredor (talk) 23:12, 31 May 2024 (UTC)
- @Wilfredor that's not entirely true. The CU process can (and is) audited by other checkusers, both internal to enwiki and across projects via the Ombuds Commission (which I happen to be serving on at the moment). You are certainly correct, however, that non-checkusers have no direct visibility into the process; this is an area where preserving user privacy trumps transparency. RoySmith (talk) 23:40, 31 May 2024 (UTC)
- I understand that other checkusers can authenticate themselves but I was talking about a more transparent automatic tool that will simply show that the technical evaluation was actually done, but available to everyone without giving details of how the tool or the automated technical evaluation works internally. Wilfredor (talk) 23:51, 31 May 2024 (UTC)
- I get the desire to know this, but even divulging that a check has been done (other than a checkuser talking about a check they did themselves) is considered a violation of the privacy policies. RoySmith (talk) 23:56, 31 May 2024 (UTC)
- I believe it's technically OK to say that 'a checkuser' has checked something, that is, saying that a check was done without disclosing in any way which other party ran the check. The governing policy concerns 'non-public personal data'; if an account being checked is considered personal data then there's a whole load of people in trouble. There are numerous other potential problems with this proposal however, some of which would easily potentially violate privacy, others would potentially compromise effectiveness in combating disruption. -- zzuuzz 00:17, 1 June 2024 (UTC)
- What I propose is an automated tool that confirms the execution of the checkuser without revealing any private data. Even though there is a group of checkusers verifying the process, this is not sufficient. For greater transparency, it should be publicly shown that the checkuser was indeed carried out and not merely a decision based on other factors. Wilfredor (talk) 12:47, 2 June 2024 (UTC)
- On-demand reporting of checks can in fact reveal non-public data, for example closely linked accounts. It can also provide undesirable notice to a bad person that we're on to them. A lot of blocked sockpuppets might have no checks registered against their account. And a non-positive check result is very rarely a declaration of innocence. But basically checkusers are not going to say they've run a check when they haven't. They're just not. Why would they even? -- zzuuzz 14:48, 2 June 2024 (UTC)
- What I propose is an automated tool that confirms the execution of the checkuser without revealing any private data. Even though there is a group of checkusers verifying the process, this is not sufficient. For greater transparency, it should be publicly shown that the checkuser was indeed carried out and not merely a decision based on other factors. Wilfredor (talk) 12:47, 2 June 2024 (UTC)
- I believe it's technically OK to say that 'a checkuser' has checked something, that is, saying that a check was done without disclosing in any way which other party ran the check. The governing policy concerns 'non-public personal data'; if an account being checked is considered personal data then there's a whole load of people in trouble. There are numerous other potential problems with this proposal however, some of which would easily potentially violate privacy, others would potentially compromise effectiveness in combating disruption. -- zzuuzz 00:17, 1 June 2024 (UTC)
- I get the desire to know this, but even divulging that a check has been done (other than a checkuser talking about a check they did themselves) is considered a violation of the privacy policies. RoySmith (talk) 23:56, 31 May 2024 (UTC)
- I understand that other checkusers can authenticate themselves but I was talking about a more transparent automatic tool that will simply show that the technical evaluation was actually done, but available to everyone without giving details of how the tool or the automated technical evaluation works internally. Wilfredor (talk) 23:51, 31 May 2024 (UTC)
"CheckUser" listed at Redirects for discussion
The redirect CheckUser has been listed at redirects for discussion to determine whether its use and function meets the redirect guidelines. Readers of this page are welcome to comment on this redirect at Misplaced Pages:Redirects for discussion/Log/2024 July 5 § CheckUser until a consensus is reached. Ahri Boy (talk) 06:40, 5 July 2024 (UTC)
Using CU template on talk pages?
I have recently seen articles where there were very clearly cases of WP:LOUTSOCK present. Might one invoke something like the {{checkuser needed}} template in such cases? Should one expect this to be followed up on? ... Or is privately reporting suspected IP socks (as opposed to an official SPI) always the best modus operandi? Biohistorian15 (talk) 22:02, 5 September 2024 (UTC)
- As a matter of policy and practice, CUs do not publicly disclose the IP address an account is operating from (barring extremely exugent circumstances or incidental disclosure by users drawing inference from the block log) so using that template the way you describe is unlikely to result in a CU being able to assist. HJ Mitchell | Penny for your thoughts? 22:27, 5 September 2024 (UTC)
- Thank you, @HJ Mitchell. Now, would reporting the details to one (or multiple; in case of urgency...) CUs via email be likely to result in an investigation? And are there any steps after one or multiple such users have not responded? Biohistorian15 (talk) 22:34, 5 September 2024 (UTC)
- There are very few circumstances in which CUs will use their access to confirm that an IP and an account are the same, even for themselves. Mostly because it's not necessary. If it's obvious enough to investigate, it should be obvious enough for a block. Just file an SPI but without a CU request. Or if there's active, ongoing disruption use AIV. HJ Mitchell | Penny for your thoughts? 23:11, 5 September 2024 (UTC)
- Thank you, @HJ Mitchell. Now, would reporting the details to one (or multiple; in case of urgency...) CUs via email be likely to result in an investigation? And are there any steps after one or multiple such users have not responded? Biohistorian15 (talk) 22:34, 5 September 2024 (UTC)
Device fingerprint
Do CUs have access to device fingerprint data? -- Valjean (talk) (PING me) 18:49, 17 November 2024 (UTC)
- What we have is described at mw:Extension:CheckUser RoySmith (talk) 18:53, 17 November 2024 (UTC)