Wikipedia:Bureaucrats' noticeboard: Difference between revisions

Source: Wikipedia, the free encyclopedia.
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
→‎Request for reinstatement of sysop rights: Arbitration Committee comment
Line 45: Line 45:
****Thank you for your patience, all. Please go ahead with the resysop. For the Arbitration Committee, [[User:GorillaWarfare|GorillaWarfare]] <small>[[User talk:GorillaWarfare|(talk)]]</small> 19:54, 13 June 2015 (UTC)
****Thank you for your patience, all. Please go ahead with the resysop. For the Arbitration Committee, [[User:GorillaWarfare|GorillaWarfare]] <small>[[User talk:GorillaWarfare|(talk)]]</small> 19:54, 13 June 2015 (UTC)


*Since no further information or guidance has been provided by the committee and from my understanding of the events, there has been no negligence or carelessness on the part of Kevin Gorman as regards account security (indeed it was responsible and appropriate to self-request the removal of the tools as a precautionary measure), I will restore his administrator privileges after another 12 hours or so. –[[User:xeno|<b style="font-family:verdana;color:#000">xeno</b>]][[user talk:xeno|<sup style="color:#000">talk</sup>]] 23:50, 13 June 2015 (UTC)
=== Request for reinstatement of sysop rights (discussion) ===
=== Request for reinstatement of sysop rights (discussion) ===
{{archive top|(NAC) Invoking [[WP:IAR]] (and on the advice of a current arbitrator and 2 previous arbitrators) this discussion is suspended pending an official statement from ArbCom. [[User:Hasteur|Hasteur]] ([[User talk:Hasteur|talk]]) 22:23, 11 June 2015 (UTC)}}
{{archive top|(NAC) Invoking [[WP:IAR]] (and on the advice of a current arbitrator and 2 previous arbitrators) this discussion is suspended pending an official statement from ArbCom. [[User:Hasteur|Hasteur]] ([[User talk:Hasteur|talk]]) 22:23, 11 June 2015 (UTC)}}

Revision as of 23:51, 13 June 2015
    Bureaucrat tasks
    To contact bureaucrats to alert them of an urgent issue, please post below.
    For sensitive matters, you may contact an individual bureaucrat directly by e-mail.
    You may use this tool to locate recently active bureaucrats.
    Shortcuts

    The Bureaucrats' noticeboard is a place where items related to the Bureaucrats can be discussed and coordinated. Any user is welcome to leave a message or join the discussion here. Please start a new section for each topic.

    This is not a forum for grievances. It is a specific noticeboard addressing Bureaucrat-related issues. If you want to know more about an action by a particular bureaucrat, you should first raise the matter with them on their talk page. Please stay on topic, remain civil, and remember to assume good faith. Take extraneous comments or threads to relevant talk pages.

    If you are here to report that an RFA or an RFB is "overdue" or "expired", please wait at least 12 hours from the scheduled end time before making a post here about it. There are a fair number of active bureaucrats; and an eye is being kept on the time remaining on these discussions. Thank you for your patience.

    To request that your administrator status be removed, initiate a new section below.

    Crat tasks
    RfAs 0
    RfBs 0
    Overdue RfBs 0
    Overdue RfAs 0
    BRFAs 13
    Approved BRFAs 0
    Requests for
    bureaucratship update
    No current discussions. Recent RfAs, recent RfBs: (successful, unsuccessful)
    It is 02:28:58 on July 3, 2024, according to the server's time and date.


    Wikipedia:Arbitration/Requests/Case/Sockpuppet investigation block

    Pursuant to this decision of the Arbitration Committee, please remove admin tools from

    ping in reply) 17:42, 9 June 2015 (UTC)[reply
    ]

     Done Acalamari 18:43, 9 June 2015 (UTC)[reply]

    Bad RfA

    http://en.wikipedia.org/wiki/Wikipedia:Requests_for_adminship/habibisgreat

    Request for reinstatement of sysop rights

    Kevin Gorman (current rights · rights management · rights log (local) · rights log (global/meta) · block log)
     On hold pending comment from the Arbitration Committee (see Special:Diff/666496542; Special:Diff/666543382). –xenotalk 00:11, 12 June 2015 (UTC)[reply]

    Hi all - I'd like to request a reinstatement of my sysop rights. They were previously stripped (and my account blocked) after I had a technical compromise simultaneous to health issues that prevented me from immediately dealing with the technical isssue and requesting GorillaWarfare block my account, and have since locked down my system. I realize this is a slightly atypical situation, but feel that postinghere requesting reinstatement is likely to still be teh most transparent route. Kevin Gorman (talk) 14:44, 11 June 2015 (UTC)[reply]

    Hi Kevin. Not sure I've got this right, but it looks like you were desysopped just a week ago by an ArbCom representative. As such, I don't think we should resysop without ArbCom say-so. --Dweller (talk) 15:02, 11 June 2015 (UTC)[reply]
    Although performed at the behest of an arb member (and I would expect arb to be consulted before reinstating the rights,) they were removed at my own request (since I couldn't immediately secure my own accounts, I asked GW to take action.) Although I would expect arbcom to have input here, since they were removed at self-request and were not removed under a shade, it seemed more appropriate/transparent to request restoration and discussion here than through private lists. (GW is aware I posted here, as I imagine is the rest of arbcom by this point.) Kevin Gorman (talk) 15:14, 11 June 2015 (UTC)[reply]
    Kevin, as this request was made at the behest of an arb member, we will be waiting for an arb member to re-instate. WormTT(talk) 15:23, 11 June 2015 (UTC)[reply]
    I certainly expect the 'crats to wait on arbcom confirmation it's okay to and have no problem with it :) I just felt like it would be a little more in the wiki-way to place a request about it on a public board, rather than email arbcom-l and the crats lists independently. Realistically, I'm hoping it won't a particularly challenging discussion - I reached out once I knew an account had been compromised to prevent any damage to the wiki, asked for me rights to be stripped, and then remedied the situation as I could (which involved voluntary giving up of privs while not under the shadow of wrongdoing. In full disclosure, one of my blocks was challenged to ANI during this, but it was upheld.). Felt like BN was a better place for a discussion of restoration of rights not taken away under the shadow of wrongdoing than elsewrhere would've been, since it really is a 'crat matter. Kevin Gorman (talk) 15:47, 11 June 2015 (UTC)[reply]
    Seems sensible. Hopefully, they'll give us a quick answer. --Dweller (talk) 16:00, 11 June 2015 (UTC)[reply]
    Thanks, WTT. ArbCom is aware of this request and we are currently discussing it. Salvio Let's talk about it! 15:25, 11 June 2015 (UTC)[reply]

    (del/undel) 17:40, 4 June 2015 Addshore (talk | contribs | block) changed group membership for User:Kevin Gorman from edit filter manager, course campus volunteer, course coordinator, course instructor, course online volunteer and administrator to edit filter manager, course campus volunteer, course coordinator, course instructor and course online volunteer (Temporary desysop per private communication with the Arbitration Committee. GW)

    I've alerted GorillaWarfare to this, happy to follow Arbcom's instructions in this matter. WormTT(talk) 15:08, 11 June 2015 (UTC)[reply]
    Thanks for doing, that Worm That Turned. I should have thought of it in the first instance. --Dweller (talk) 15:38, 11 June 2015 (UTC)[reply]
    Slowly threading answers as I can, but yes, we certainly can. I'm more than willing to voice/video/verify with Keilana (a well-regarded admin,) Molly (a current arbcom member,) NF (a current arbcom member, and any number of WMF'ers who have met me in person. Threading in replies one by one to avoid complex edit conflicts. Kevin Gorman (talk) 21:50, 11 June 2015 (UTC)[reply]
    Great, thank you. –xenotalk 23:44, 11 June 2015 (UTC)[reply]
    Marked 'on hold' while awaiting response from the committee. –xenotalk 00:11, 12 June 2015 (UTC)[reply]
    • In the discussion below, it was pointed out that the Wikipedia:Administrators#Security policy since 2008 (and not modified following a 2013 RFC) asks bureaucrats to consider while evaluating such requests "their view on the incident and the management and security (including likely future security) of the account."

      Without comment on the propriety of this policy section, at this moment I don't feel I have enough information to properly consider your request as suggested; and while things may become clearer with further response from the committee (and the request is on hold at least until then anyway), perhaps you could describe the circumstances surrounding the compromised account and steps you've taken to re-secure your account both now and in the future? You could do this here, via Special:EmailUser/Bureaucrats or even directly to Special:EmailUser/Xeno if you prefer not to email the list (though other bureaucrats might also request the same disclosure from you). –xenotalk 00:59, 12 June 2015 (UTC)[reply]
      • I forwarded significantly more details to Xeno. In my mind, this was less of a breach than an average editathon, let alone Wikimania-type event. I trust Xeno's judgment as to who further disclose to. I don't think any realistic evaluation of what happened here has it any more a danger than an average editathon. Disclosure of OPSEC related events is something to be encouraged, not discouraged. I've had least one person in a position where they could actually do so suggest the possibility of an additional week long full block which would be entirely punitive in nature. Kevin Gorman (talk) 03:26, 12 June 2015 (UTC)[reply]
    • Since no further information or guidance has been provided by the committee and from my understanding of the events, there has been no negligence or carelessness on the part of Kevin Gorman as regards account security (indeed it was responsible and appropriate to self-request the removal of the tools as a precautionary measure), I will restore his administrator privileges after another 12 hours or so. –xenotalk 23:50, 13 June 2015 (UTC)[reply]

    Request for reinstatement of sysop rights (discussion)

    (NAC) Invoking
    WP:IAR (and on the advice of a current arbitrator and 2 previous arbitrators) this discussion is suspended pending an official statement from ArbCom. Hasteur (talk) 22:23, 11 June 2015 (UTC)[reply
    ]

    The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

    Your first edit being here is suspicious. What do you have against this user?
    (talk) 18:28, 11 June 2015 (UTC)[reply
    ]
    Have you previously edited under other IPs? As a user? I don't have proof that you have, but the fact that you make your first edit an "oppose" to this user having his sysop rights restored casts some serious doubt.
    (talk) 18:29, 11 June 2015 (UTC)[reply
    ]
    The correct question would be - 'what do you have against admins who get their accounts compromised having their admin access restored like it's nothing'. I don't think it's worth asking though. As for your other questions, they belong on my talk page, not here. 72.88.208.18 (talk) 18:36, 11 June 2015 (UTC)[reply]
    (edit conflict) Being an admin or not has nothing to do with, for example, getting by our home broken into and your laptop (containing various passwords) stolen. I don't know if that's what happened here, it's just an example of how "an account can be potentially compromised". Nowhere does it imply the user was negligent. ☺ · Salvidrim! ·  18:24, 11 June 2015 (UTC)[reply]
    Details are irrelevant. Even if you think otherwise, you have absolutely no way of knowing for sure how the account got compromised. The only thing we know for sure is that it did happen, and the question is - what now? My answer: have Gorman run a reconfirmation rfa. Anything else would be just outright irresponsible. 72.88.208.18 (talk) 18:45, 11 June 2015 (UTC)[reply]
    Actually, I think the main question to ask is has this happened in the past and how was it handled then? Bureaucrats should know whether the proper step is to grant admin powers back, have the admin go through a reconfirmation RfA or some step that hasn't been mentioned here yet. Unless there are extraordinary circumstances (and you say that the details are irrelevant), this case should be handled in a way that similar cases have been resolved. Liz Read! Talk! 19:03, 11 June 2015 (UTC)[reply]
    You think? And what if similar cases in the past were handled the wrong way? It's better to use common sense than to waste time analyzing precedents here. 72.88.208.18 (talk) 19:29, 11 June 2015 (UTC)[reply]
    What exactly would users be judging at a reconfirmation RfA? Surely all they would be evaluating is whether the user will avoid their account being compromised in the future - something no one can judge. Sam Walton (talk) 19:34, 11 June 2015 (UTC)[reply]
    If we go that route then we have no option but to deny Gorman's request for resysopping. Not a bad idea at all, frankly. And no, his ability to keep his account secure isn't what would be judged at his rfa - we already know he can't be trusted to do that. The way I see it, we'd mainly be looking at Gorman's use of admin tools so far to determine whether the benefit of allowing him to continue holding the mop sufficiently offsets the risks associated with his account getting compromised again. 72.88.208.18 (talk) 19:52, 11 June 2015 (UTC)[reply]
    What you're saying is essentially, is that if someone were able to hack the bank servers and managed to get a hold of your back account, and started spending with it, that you can't be trusted to keep your bank account secure, and therefore should not be granted a loan. That doesn't sound very fair, not to mention a complete lack of
    Chat:Limited Access 20:26, 11 June 2015 (UTC)[reply
    ]
    The
    WP:RESYSOP procedure asks the bureaucrat to ensure the account is not compromised at the time of the request for re-instatement and that the user did not resign "for the purpose, or with the effect, of evading scrutiny of their actions that could have led to sanctions"; it doesn't give bureaucrats an active veto to refuse to restore adminship on the belief that the requesting user no longer holds the complete trust of the community. –xenotalk 19:46, 11 June 2015 (UTC)[reply
    ]
    Xeno, as usual, is right. --Dweller (talk) 19:59, 11 June 2015 (UTC)[reply]
    Except
    WP:RESYSOP isn't a policy, it's part of an information page. On the other hand, Wikipedia:Administrators#Security is a policy, and it reads 'Discretion on resysopping temporarily desysopped administrators is left to bureaucrats' and 'In certain circumstances, the revocation of privileges may be permanent' - you can and should deny requests and direct the requester to the rfa page in cases like this one where the decision to resysop is bound to cause controversy if it's made without a reconfirmation rfa. 72.88.208.18 (talk) 20:05, 11 June 2015 (UTC)[reply
    ]
    (
    [majestic titan] 20:09, 11 June 2015 (UTC)[reply
    ]
    A smear campaign you say? Where's the smearing though, other than in your above message? 72.88.208.18 (talk) 20:18, 11 June 2015 (UTC)[reply]
    Interesting. @FT2: regarding this change, was there any particular discussion surrounding it? (I think I may have found it here: Wikipedia:Bureaucrats' noticeboard/Archive 9#Readdition of administrator flag) –xenotalk 20:19, 11 June 2015 (UTC)[reply]
    FT2 replied at Special:Permalink/666604008#Resysopping.
    Wikipedia:Requests for comment/Resysopping practices may provide some guidance here. –xenotalk 20:39, 11 June 2015 (UTC)[reply]

    There is a previous discussion on this topic here: Wikipedia:Bureaucrats' noticeboard/Archive 6#Re-adminning compromised accounts. –xenotalk 19:38, 11 June 2015 (UTC)[reply]

    Where they were resysopped. There is no reason that Kevin shouldn't be resysopped promptly here.
    [majestic titan] 20:09, 11 June 2015 (UTC)[reply
    ]
    My only thought is that Kevin said (above) that he is replying to comments here. Although I think this portion of the discussion doesn't need to be addressed by him. Liz Read! Talk! 22:00, 11 June 2015 (UTC)[reply]
        • (edit conflict) ArbCom are still discussing this - it is a slightly atypical situation which is why it is taking us time, but please bear with us. I am not able to share anything more, but we do have more information than is public. I have no objection to any 'crat hatting discussion of this at their discretion. I will say I am disappointed by the IP's users tone. Thryduulf (talk) 22:04, 11 June 2015 (UTC)[reply]
    Per Liz's suggestion, I'm going to avoid further posts here (I'm assuming everyone can see the troll as a troll- everyone tends to get hit soooner or later,) except to point that GorillaWarfare, who blocked my account as compromised, is the same arb who unblocked my account as no longer compromised ear — Preceding unsigned comment added by Kevin Gorman (talkcontribs) 22:14, 11 June 2015‎ (UTC)[reply]
    The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

    Request for reinstatement of sysop rights (break)

    @GorillaWarfare: didn't see the old fashioned way to alert used. Just in case. --DHeyward (talk) 03:40, 12 June 2015 (UTC)[reply]

    Thanks for double-checking! I am indeed aware, and we are discussing it. GorillaWarfare (talk) 04:25, 12 June 2015 (UTC)[reply]
    There are differing views, but yes the discussion is ongoing. :) -- Euryalus (talk) 02:45, 13 June 2015 (UTC)[reply]
    Could you clarify what there are different views about @Euryalus:? I wasn't desysoped as part of an arb proceeding, but to ensure that a temporarily compromised account could cause no damage. As far as I can see it, the only thing needed to continue here is to ensure I am who I say I am. I believe that I have done that already, but if not would be glad to go buy NF a coffee if he is on campus tomorrow, or voice verify with any current arb/functionary/admin/Wikimedian whom I have previously met.
    I don't think this is (nor do I believe it should be) a referendum on my current popularity among currrent arbitrators, admins, or the community as a whole. I think I have established that I am who I say I am - if I haven't, I'd be glad to go buy NativeForeigner a coffee if he is on campus tomorrow, or voice-verify with any of the hundreds of Wikipedians I've previously spoken to in-depth, including Gorilawarfare, Keilana, Andrew Lih, a great number of WMF staff, and a great number of other admins/arbs/CU's/OS'ers/WMF trustees/people who have written books about Wikipedia.
    Unless concern remains that I am not who I say I am, I believe the only appropriate action for a crat wandering by to take would be to flip the bit. If some portion of arbcom believes that I have committed a desysoppable action by not throughly vetting the equipment on a network before connecting to it, thy have procedures in place to try desysop me themselves, those procedures are separate than the crat actions here and haveso far not been forthcoming. I could see delaying the 'crat switch a bit if they were eminently forthcoming, but it's been days. Though I'll get it done eventually anyway, I had intendedd to spend a good chunk of the next few days rewriting, rearranging, and restructuring content in a few area (woo, hefty amazon giftcards,) and given the way I work it's a bit of an unnecessary pain to rely on a second admin or just waiting for the bit to be reswitched.
    Particularly given that it would have been possible for me to switch passwords on my mobile, and never mention that I had discovered that I had connected to a network that was at the time the target of both software and hardware keyloggers, it seems like disincentivizing good behavior. I'd be happy to voice verify that my account is back under control with any functionary who has heard my voice, which includes quite a few of them. Keep in mind that punishing people who divulge security lapses makes it less likely that future security lapses will be divulged - and this one would've been pretty to hide unless I am in fact delusional (I'd love to read the doc with legal implications about that whole mess of worms that some poor legal WMF intern would get to write about desysopping proccedures in that situation...
    Fundamentally, this is a process for the 'crats. If they're content I say I am, they should flip the switch. If they're not, they shouldn't, but should lay out what identity proof they'd like. If Arbcom wants to try to desysop, I can't stop hem from doing so (though I do think it'd vbe rather wasteful,) but it should be through their own well-established processes - not unnecessarily taildragging the processes of the 'crats. (Noteworthily perhaps, since I reached out to her individually as the first Wikipedian friend I saw on FB with advanced privs, I would be skeptical of any claim that Molly's original actions in blocking/locking/striping my account were taken by her under the color of the committee as a whole.) Kevin Gorman (talk) 08:58, 13 June 2015 (UTC)[reply]
    I don't know what the committee is discussing, but this is the same reason it would be imprudent for a bureaucrat to fulfill this request without waiting. They may have access to information we don't. I do apologize for the delay, hopefully we will hear soon. –xenotalk 13:43, 13 June 2015 (UTC)[reply]
    (Speaking as an editor not an arb clerk) Given that
    formal statement/decision), as Kevin has asked for in his last para, or ask ArbCom to desysop. Callanecc (talkcontribslogs) 14:49, 13 June 2015 (UTC)[reply
    ]
    I don't know on what you're basing your beliefs about the motivations of the Arbitration Committee. I won't speculate on what Salvio giuliano indicated the committee is discussing; however, in certain scenarios that come to mind, restoring the bit without awaiting further comment or direction would be reckless (and this is without any sort of prejudice towards Kevin Gorman or his rights to the administrative toolset).
    The
    WP:RESYSOP
    procedure has built-in delays: immediate re-sysop is not guaranteed, there is an automatic waiting period to ensure sufficient bureaucrats can review and comment on the request. Other bureaucrats are likely witholding comment because we are awaiting further information, and we will require some additional time for bureaucrats to review whatever new information becomes available and comment before the request is finally processed.
    That being said: if there is going to be a further significant delay, the committee might consider issuing a temporary injunction on the matter as appropriate, as clarity is required as to whether the committee is taking up the matter, in contrast to comments by arbitrators GorillaWarfare and Thryduulf in the thread mentioned by Callanecc above which indicate the desysop was a self-request and discussion of his admin tools belongs at WP:BN (Special:Permalink/666705786#Kevin Gorman - compromised account desysop and block). –xenotalk 15:32, 13 June 2015 (UTC)[reply]
    Only on the fact that some arbs have said we're discussing it which has effectively stopped a crat flipping the switch. Given that the desysop was not done by a decision of the Committee's they've effectively desysoped (or stopped a resysop) without the process of level I or II.
    Given that the request was made more than 24 hours ago that requirement of RESYSOP has already been met, so now it's just waiting for a crat.
    Thanks Xeno, that was my main point: if they don't want to resysop to happen at any time they need to post a desysop decision (which short of opening a case with an injunction) is the only to do it. Callanecc (talkcontribslogs) 15:45, 13 June 2015 (UTC)[reply]
    Unfortunately the requirements of RESYSOP are not yet met: the hold period "may be lengthened at a bureaucrat's discretion, if new information arises." In this case, it's been lengthened for an indefinite period of time, and clarity is required because it's not really fair for the request to be held in limbo (especially given Kevin's indication that he's unaware the reason for the delay). –xenotalk 16:07, 13 June 2015 (UTC)[reply]
    Not all self-requested removals are grounds for automatic resysopping - such as resigning under a cloud. (I'm not saying that is necessarily the case here). --Rschen7754 15:52, 13 June 2015 (UTC)[reply]
    • I do wish that whatever the concern is would at least have been directly forwarded to me by now. I have a feeling that whatever question there is I could answer on FB in about thirty seconds, and I suspect that taking longer than anticipated to return rights to someone who followed best practices in locking down a potential opsec issue may have the effect of discouraging fourthcomingness in the future, at least potentially. Kevin Gorman (talk) 02:34, 13 June 2015 (UTC)[reply]
    Just a stalker comment. No idea what arbs are discussing but I've been involved in security related stuff. The issue isn't just insuring the privileged account is no longer compromised, there is also the question of how it was comprimised and questions of diligence to the rules regarding account protection. The easy, extreme case is Snowden. He fled the country and the immediate concern is shutting down his access. The next concern is how he got access and that led to the firing of his cubicle mate (Snowden keylogged his passwords but that should have never worked if the coworker followed policy - yes, the NSA has more restrictions than WP but the illegal keylogging wasn't a defense for the coworker and it was the "two"-party authorization that gave him access). It's never just "everything's okay now." Anyway, just 0.02 that security breaches and impersonations are more than just establishing the account holder. I would hope due diligence is a checkuser and account log to see if there are other accounts that are compromised and then analyzing any relationship. --DHeyward (talk) 09:23, 13 June 2015 (UTC)[reply]
    I absolutely agree, but the Committee didn't remove the tools. So if they want to decide when they are returned they need to officially remove them first. Callanecc (talkcontribslogs) 14:55, 13 June 2015 (UTC)[reply]
    I think it's debateable whether the committee removed the tool the request came from an arbitrator after all. There is private information involved in the case, whatever Kevin may state. I'm certain the committee will get back to us soon, there is no rush as long as the decision is the right one. WormTT(talk) 18:13, 13 June 2015 (UTC)[reply]
    Retrieved from "https://en.wikipedia.org/w/index.php?title=Wikipedia:Bureaucrats%27_noticeboard&oldid=666827735"