Wikipedia talk:Requests for checkuser/Archive 3

This page is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

If Check User finds that Y is a sockpuppet of X, should both X and Y be blocked or only X or only Y. What is the policy  Doctor Bruno  02:08, 3 November 2006 (UTC)

Generally the sockpuppet account will be permanently blocked. The main account may just get a warning, a short block, or a long block, depending on the circumstances (how disruptive the accounts were, if this is the first sockpuppet or latest of many. It's a discretionary thing, there is no firm rule.

Thatcher131

02:18, 3 November 2006 (UTC)

Without definite rules, won't there be a case of bias setting in  Doctor Bruno  07:15, 3 November 2006 (UTC)

I have one doubt. This may sound trivial, but in India, it is very common for more than one person use the same computer. How to differentiate that situation and a Sock Puppet. For example, if my wife browses Wikipedia and votes in few Rfa or AFD from this computer, how can I prove that it was another person who used my computer and not me. Another case is browsing centres - Many persons may be using the same computer (with same IP). How to prove that they are both different people.  Doctor Bruno  16:05, 31 October 2006 (UTC)

And coming to the next question. What if Mr.X uses one account in a computer at his home and another account in a computer at his office. How to prove that (with different IP).  Doctor Bruno  16:05, 31 October 2006 (UTC)

I hope you don't mind, but I merged the two threads you started. Also because the answers to your questions are connected: in many cases, it is about common sense. People start suspecting that different accounts or IPs may be under the control of the same individual due to a similar pattern of behavior. That's a critical factor in flagging a sockpuppet.
If an IP is from a place where computers are shared (e.g.: universities, AOL, lan houses, etc.), we usually tag the IP's talk page to let the community, and perhaps more critically, Admins responding to abusive behavior, know that the IP is shared, so that it will be dealt with taking this into account. Geographical location can also play a role in this: if people are editing from work, home and school, they're still going to be in the same area, and this, combined with other factors, can give us a positive identification. Redux 19:41, 31 October 2006 (UTC)

I am sorry. I am not able to understand. May be I worded my questions wrongly. My questions was "how to prove that it is not a sock puppet" when two persons edit from the same computer and "how to prove that it is a sock puppet" when one persons edits with one username in his office and another username in his home  Doctor Bruno  20:22, 31 October 2006 (UTC)

That's where the common sense I mentioned comes into play, as well as that critical aspect of a similar behavior pattern. Supposing two different people edit Wikipedia from the same computer, say at a University's library: if they're doing completely different things, or just plain not doing anything wrong, most likely there will be no claims of illegal sockpuppetry, thus nothing to investigate. If someone were to say something, an experienced user (not just checkusers) would be able to determine that, although the edits could be coming from the same place, it is not the same person behind the IP.
In the other case you mentioned, again, two accounts would first be suspected of being socks of each other due to a similar behavior pattern, plus the fact that they would be behaving inappropriately. The fact that they could be editing from different IPs (home, office, school, etc) will not hide their geographical location (country, city), so a combination of factors will still lead to a positive identification. Has this been clearer? Redux 14:40, 1 November 2006 (UTC)

Now, when two users are editing from the same computer, the IP will be same. Will they be accused of Sock Puppetry, when they edit the same articles. For example, me (a doctor) and my dad (an engineer) may edit different articles and our areas of interest will also vary. I will be more concerned with the latest film and sport personalities, while he will see the past generation. But when my wife edits from this computer, she being a doctor and of my age group may concentrate on the same issues. How to prove that it is in fact two persons and not sock puppets, when the IP evidence is against the persons  Doctor Bruno  15:22, 1 November 2006 (UTC)

In that scenario it might be an idea to preempt any ideas by either openly linking the two accounts via the userpages (User x is married to User y) or privatly (by email) leave the details in question with a checkuser of trust. Agathoclea 16:18, 1 November 2006 (UTC)

It would also be a good idea, if the two sharing one computer are editing on the same articles, not to support each other in votes and reverts, as these actions are the things that really open up the sock puppet issues. This might seem unfair to those honest users in this predicament but unfortunately Wikipedia has to rely on IPs. Str1977 ^{(smile back)} 22:13, 1 November 2006 (UTC)

I know of at least 3 pairs of Wikipedians who live together, and there are probably a lot more. What you need to know first off is that checkuser is only run when there is strong evidence of disruptive behavior of some kind. So two people who are generally civil and well-behaved will never get checked. Likewise, two people who have different interests will likely never raise suspicions. If two users have similar strong interests and want to edit the same articles, it would be best to disclose the relationship on both user or user talk pages, and to make sure that only one of the account participates in any votes or consensus-gaining discussions. If it happens that two accounts are disruptive, and appear to be acting together, and are coming from the same IP, they will probably get treated as sockpuppets even if another relationship is declared, simply because we have no way of knowing. If you read the sockpuppet policy, two accounts that edit alike may be treated as sockpuppets even without technical evidence. Your best option is to declare the relationship up front and then behave yourselves.

Thatcher131

23:20, 1 November 2006 (UTC)

So when two people are editing from the same computer, they have to vote only once in a AFD or RFA if they are voting for the same reason. On the other hand, can both vote, if one votes Support and the other Oppose. Please don't get angry with me regarding these questions. I am just trying to get some points regarding forming a comprehensive policy in future. As of now, few genuine users gets affected and few intelligent crooks (is this term an oxymoron !!) escape. Both these are not good for Wikipedia. I understand that the present policy is 90% correct. Why can't we make that 100%  Doctor Bruno  02:04, 3 November 2006 (UTC)

AFD is not a vote. Two people making the same arguement carry no more weight than one persom. So socks don't matter. However, RFA is a vote and therefore, socks are banned. Being 100% sure would be nice, if we had a way to do it. We don't, so it comes down to a judgement call. It's not perfect, but it's the best we have. Regards, Ben Aveling

10:27, 3 November 2006 (UTC)

OK.. But what is wrong in moving from 90% (for example) to 95 %  Doctor Bruno  07:16, 3 November 2006 (UTC)

How do you suggest we do that? Regards, Ben Aveling 10:27, 3 November 2006 (UTC)

By making more clear and strict policies and leaving very less to "discretion". Discretion invariably leads to bias and broken hearts and wounded minds  Doctor Bruno  09:01, 10 November 2006 (UTC)

Clearer rules lead to more loopholes. [ælfəks] 12:39, 10 November 2006 (UTC)

This was actually suggested to me by a banned user, but I think it might be a good idea anyway. The idea is to delete checkuser archive pages if there is no activity for 6 months. I think the idea has merit. Checkuser cases that have been inactive for more than 6 months are likely to be editors who have left altogether, editors who have cleaned up their act, or sockpuppeters who are too clever to get caught.

• For editors who have left, per
  WP:DENY
  , we are reducing the amount of recordkeeping we do on banned troublemakers.
• For current editors who have behaved themselves, how long should we keep the record of his former misdeeds?
• In the case of clever sockpuppeters, the server logs don't retain IP information for that long, so a 6 month old list of names is not helpful to the technical task of running a new check, if one becomes necessary. (Some cases contain IP numbers, but an argument can be made that those should not be retained for privacy reasons.)

So the proposal is that checkuser cases that have been inactive for at least 6 months should be deleted, except for editors under ongoing arbitration sanction, and editors who have been community-banned where the checkuser case provides backup for the ban.

(Also, and this is a much more minor consideration, the archive page is pretty long and the clerks had discussed splitting the archives by year; 2006, 2007 etc. If the cases sunset off the page, we can keep the archives on one page.) Thoughts?

• I don't see a problem with this. Checkusers are always free to keep confidential records in any case. Mackensen (talk) 20:49, 15 November 2006 (UTC)

  Delete over oversight in this case, delete is still reviewable and will serve DENY whereas oversight might be like using a blowtorch in place of a match. -- Tawker 21:23, 15 November 2006 (UTC)

No, I wouldn't oversight at all, for the exact reason that deleted cases can be recovered if it's really important.

Thatcher131

21:31, 15 November 2006 (UTC)

T · C

 ] 21:43, 15 November 2006 (UTC)

Perhaps this is just my belief that WP:DENY does less to deter vandals than it does to deter checkusers (I've always thought it should be called WP:MAKETHEJOBOFCHECKUSERSHARDER), but I think this is a bad idea. Many times the only records we have of what IP some notorious troublemaker was using are the RFCU archives; there's a case still on the page where the reason for denial is "We have no record of the user's IP." Sure, we can always undelete the page, but that assumes we'll remember it exists; it's not like we can just go to a list and say "Oh, yes, that was the name of the page!" I doubt the importance will be realized, though, until someone comes and says "By the way, do you think this is -Ril-/Cheesedreams?" and we say "Sorry, we deleted those records, please wait 1 year and 300 lost editors and we'll make a decision. Have a nice day, and do try to enjoy the trolling in the meantime." Essjay (Talk) 01:33, 16 November 2006 (UTC)

Ouch.

Thatcher131

01:34, 16 November 2006 (UTC)

I didn't intend the comment to be scathing, just sobering. To be clear, I don't think anyone wants to deliberately make the job of removing trolls and vandals from Wikipedia harder, but I do think the ultimate effects of some well-intentioned proposals are to do just that. (Hence "the road to Hell is paved with good intentions.") Having run into the situation more times than I care to recall where we were unable to confirm a sockpuppeteer because of lack of records, I specifically set up the archiving scheme (any of the clerks remember about six months ago when we did that?) to maintain all records so we wouldn't have the problem in the future. I can think of one occasion in particular where the job of tracking an Internodeuser sockpuppet was made extremely difficult by poor recordkeeping, and had it not been for the tagged userpages (the main focus of deletion in the first round of WP:DENY purges) I would have never made the confirmation. That sort of thing happens all the time, and will only happen more as the site grows more popular. So, let me first apologize if I was harsh in my comments, but I ceratinly think there are some very large and very real consequences to deleting all the records we've worked so hard to preserve. To quote David Gerard, the proto-checkuser, "I've often wished I'd kept better records." Essjay (Talk) 02:31, 16 November 2006 (UTC)

Well, I would basically consider this a dead issue if either you or Mackensen objected, so

Thatcher131

02:54, 16 November 2006 (UTC)

Please don't consider it dead because I objected; I'd much prefer it was because I made sense in what I said, rather than that I was completely off-base but said the magic word. Consensus should be key here. Essjay (Talk) 03:48, 16 November 2006 (UTC)

Certain opinions should carry more weight, like the people who do the bulk of the checks, former arbitrators, bureaucrats, and ABCO users. Or in other words, the guys who own the sandbox :) . While I think there is some merit to the idea, I am happy to yield to superior wisdom, longer experience, and greater common sense, and humbly admit my mistake for the month.

Thatcher131

04:52, 16 November 2006 (UTC)

Dear Dr: Brunoji, Ur doubt is very relevant. In India, it is very common for more than one person use the same computer. I and my husband are using same computer.In addition to that I'm working as a journalist in a notable Malayalam newspaper company. Hundreds of journalists are using the same IP address of the company's computer. My co-journalists are interested in wiki editing. Recently the it was imputed that we are sock puppet. Actually I was totally innocent. But how can I prove my innocence...?  Nileena joseph ^{(Talk|Contribs)} 19:42, 11 November 2006 (UTC)

In one sense, you can't and it does not matter. There is no rule against using more than one account except in certain circumstances. (Voting, if one account is blocked, 3RR, probably some other cases.) So for most purposes, it doesn't matter to Wikipedia if you and your wife and hundreds of other journalists are using the same IP address or not. So long as all of your co-users are well behaved wikipedians, this is a non-issue for you. Regards, Ben Aveling 02:40, 18 November 2006 (UTC)

Hiya, I don't do a lot of RFCU checks, so need some help. I'm currently sorting through sockpuppetry checks at Wikipedia_talk:Naming conventions (television). I'm certain that some of the accounts are sockpuppets (only created a few weeks ago, very uncivil behavior, spend practically no Wikipedia time in other editing areas, etc.), but I'm not sure who exactly they're sockpuppets of, since there are many different voices in the discussion. Examples are: Yaksha (talk · contribs), Izzy Dot (talk · contribs), Youngster of Germany (talk · contribs). I can make a pretty educated guess that one or more of them are sockpuppets of Ned Scott (talk · contribs) who has a few similar behavior patterns to Izzy Dot, and another possible is admin Wknight94 (talk · contribs), who has admitted to using other accounts, but hasn't said who. I'll freely admit that I'm not entirely certain who's pulling the strings, so, how should I proceed with this? Should I just list all of the names together for the RFCU? I'm worried that if it's multiple people using multiple sockpuppets, it's just going to get all muddled. --Elonka 19:52, 16 November 2006 (UTC)

I haven't said who because you didn't ask. You can find the one other account I have here. It is used (well, it will be used eventually) to whittle away at the list of Unwatched Pages which, similar to the Uncategorized Pages, only shows the first 1,000. You'll likely never see an edit from it unless I forget to logout. If you do, you'll notice the user ID doesn't hide it very well. You'll also notice the user ID's user page has a tag on it saying it's an alternate account. If you decide to proceed with an WP:RFCU against me, let me know and I'll be happy to hunt down any IP addresses I've used - there are probably 3 or 4 different regions and networks. —Wknight94 (talk) 21:49, 16 November 2006 (UTC)

And what is your opinion on the other obvious sockpuppets? Who do you think is pulling the strings? --Elonka 19:20, 17 November 2006 (UTC)

No idea. I've seen no evidence. I'd agree with your assertion on at least two of them but I've no evidence at all who could be the leader. You have some I assume? —Wknight94 (talk) 19:36, 17 November 2006 (UTC)

Similar language patterns between Ned Scott and Izzy Dot (like using the term "stupid votes", and other types of similar profanity). Youngster of Germany is also clearly a sockuppet account that was created to nominate the

Hunter x Hunter articles), I'm not sure who the sockpuppeteer, if any, might be. I also have concerns about Ace Class Shadow (talk · contribs), which again has similar language patterns to Ned Scott (like a history of civility warnings), but it might just be a case of similar personality types. --Elonka

21:26, 17 November 2006 (UTC)

Seems a bit flimsy but I'm not an RFCU expert. I'm still waiting for any evidence which warrants my name being used here. Surely you wouldn't mention me by name here as a possible sock-whatever without something to back it up, right? That would be a lack of good faith to the point of being a personal attack, no doubt. —Wknight94 (talk) 02:23, 18 November 2006 (UTC)

The two main reasons that your name came up were (1) that you had clearly placed the "alt account" userbox on your main page, but without indicating who your alt account was; and (2) that you and Ned Scott clearly seemed to be working together, such as the day when the two of you were showing up at multiple pages in my watchlist (diffs at User_talk:Elonka#Stalking). I'd say that that in particular made for a reasonable suspicion on my part. Also, multiple attempts by me to try and contact you off-wiki, were rebuffed (though the offer still stands). For what it's worth, I'd like to work with you, not against you. I sincerely believe that we do have points of agreement, but that there have been some profound miscommunications which have led to mistrust from both sides. But I'm optimistic that if we could figure out how to talk, we could work through it. However, the on-wiki "public" communication process, I think hinders this. Which is why I'd like to have a real-time private chat with you via AIM or Google Talk or even in IRC, to see if we could reach a meeting of the minds. --Elonka 02:51, 18 November 2006 (UTC)

You might want to read

WP:SOCK more closely. Your (1) above is basically saying that my advertising of an alternate account is evidence that I am deceptively using an alternate account. I don't follow that, esp. when the creation of the one account is plain as day in my user creation log... Next, if me being curious about the various pages connected to you makes me a stalker, then I guess User:Danny from the Foundation is a stalker since he tried to have the article about you deleted and User:Jimbo Wales is a stalker for making this edit to the article about your mother. (If I admitted to living across the Tampa Bay from the Foundation - which I do - you could combine the two allegations above and say that I am a sockpuppet of a fellow stalker at the Foundation.) If this is all your method of initiating private conversations, you may want to hone your diplomacy skills a little. —Wknight94 (talk

) 03:34, 18 November 2006 (UTC)

You have to be kidding me, right? Go ahead, make a request. I'll even support your request to do a checkuser on me. -- Ned Scott 04:39, 18 November 2006 (UTC)

• Oh, and here's my current IP address 69.252.129.142. Comcast doesn't change it often, maybe once every four or five months. I'll see if I can find any other IPs in my records. -- Ned Scott 04:51, 18 November 2006 (UTC)
• There's also User:NedBot. -- Ned Scott 04:59, 18 November 2006 (UTC)

The misunderstanding that checkuser-people can't initiate requests unless they are first listed here has become a perennial one. While there may be arguments for changing the way we do things, the policy is and has been that checkusers may make checks at their discretion as long as they follow the privacy policy and refrain from making checks without reason. Many checks are performed in the course of arbcom proceedings, as a result of informal requests, or in the course of dealing with problems reported to the foundation via

Makes sense to me. --Elonka 04:15, 21 November 2006 (UTC)

Good that we got that on file, and from a checkuser to boot. /me saves diff for future reference.

T · C

 ] 04:26, 21 November 2006 (UTC)

It has always been that way, this is a page to request a checkuser be preformed, it is not a listing of all checkuser cases. Prodego ^talk 04:27, 21 November 2006 (UTC)

Indeed, although many a troll have tried to wikilawyer their way out of blocks using this reasoning. Now admins have a diff to shove down their throat when they add that fantastic "decline=" parameter :)

T · C

 ] 04:29, 21 November 2006 (UTC)

Would like to point out, however, that it is useful while not required to have the results of such a check logged here, as it provides records which can be used by later checkusers if the issue comes up again. Essjay (Talk) 03:48, 23 November 2006 (UTC)

I know that we generally don't just run checkuser to see who posted certain comments, but came across this death threat and thought I would bring up the issue. Should checkuser be used to identify and block vandals that perform specific eggregious acts. For example:

• posting user's name address phone number and children names (in the edit summary as well)
• death threats
• threatening lawsuits against Wikipedia

My view is that we should in some cases - i.e. we shouldn't have to identify potential socks if there are multiple instances of any of the above. I know a "I'm going to kill you" said in haste (or as an excited utterance) is probably not a true threat. But wikistalking followed by a threat to kill - we should treat as a potential threat and deal with the user more harshly. --Trödel 20:37, 21 November 2006 (UTC)

List it in the IP check section and let the checkusers decide. At the very least the IP (or associated user account if there is one) could be communicated privately to the Foundation for further action, or it may be an open proxy.

Thatcher131

20:40, 21 November 2006 (UTC)

Ok thx - the sock was already indef banned. I'm not sure I think it is worth it so I will ponder :) --Trödel 21:44, 21 November 2006 (UTC)

One would think if the one making the threat were serious, s/he would have picked a better username than "Dongless". —Wknight94 (talk) 22:36, 21 November 2006 (UTC)

That elicitated a good chuckle - I hadn't noticed that or said the name out loug --Trödel 22:56, 21 November 2006 (UTC)

Death threats are legally considered assault (not to be confused with battery), which could be a felony in some jurisdictions. List them in the IP check section and ask for the results to be forwarded to the appropriate law enforcement agency. Failure to do this could be considered misprision of felony. Jesse Viviano 20:21, 22 November 2006 (UTC)

Before this creates a frenzy of mass-requests related to the above, please get a ruling on this from Foundation Counsel Brad Patrick, who can be found at User:BradPatrick. Essjay (Talk) 03:51, 23 November 2006 (UTC)

Serious threats to cause physical harm to another editor should result in a checkuser being run, among other things. In many instances, it may be better not to handle such requests on-Wiki. Note that flippant and stupid remarks are not the same thing as real threats, although it can be a fine and sensitive line and one should err on the side of caution. The concern about misprision of felony (a crime that the article correctly reports has been abolished in most jurisdictions) I believe is fanciful. Newyorkbrad 03:58, 23 November 2006 (UTC) Note: I'm definitely not Brad Patrick, the name "Brad" is just a coincidence.

I am not sure that all jurisdictions have abolished misprision of felony. Alan Ralsky, the most infamous spammer on the Interent ever, was convicted of misprision of felony in 1999. See this link to one of Ralsky's ROKSO files for evidence. Jesse Viviano 17:06, 23 November 2006 (UTC)

I still think misprision is pretty remote as an issue here ... but I was not aware of the incident you cite, so thanks. Newyorkbrad 01:28, 24 November 2006 (UTC)

I will communicate with Brad Patrick as Essjay directly states the concern I have (and the reason I brought it up on the talk page first): unless we establish clear guidance, reporting every I'm going to kill/hurt you type idle threat could overwelm the checkuser volunteers. --Trödel 18:36, 23 November 2006 (UTC)

This is the first time this theory has been brought to my attention. A couple of quibbles - first, Ralsky pled guilty to the charge against him, he was not "convicted" in the sense of being found guilty by a jury, as the link you provided shows. Second, it was not in 1999, as you said here, he was initially charged in 1994. The internet world has changed a lot; at the time, there were very few statutes relating to internet crime that could have been applied to Ralsky, so consider it creative research on the part of the prosecution to have come up with this as a charge (and making it stick).

Ironically, you are suggesting that WMF assume responsibility for precisely what has been repudiated by the chorus of CDA Section 230 cases, most recently Barrett v. Rosenthal, in stark terms, which I don't believe is either required or prudent. WMF deals with all such situations brought to our attention on a case by case basis. As our privacy policy indicates, we/I willingly provide information to law enforcement when the situation calls for it. "Death threats" is not susceptible to such blythe characterization, in my view. I believe each situation calls for its own scrutiny, and for purposes of this discussion, in my experience, admins who encounter such things are always on safe footing bringing such things to the attention of the WMF office, since we are likely to be the point of contact for law enforcement.

The other part of the equation, which seems to be overlooked or at least not discussed above, is the willingness of the victim to go the distance in moving forward with a criminal complaint itself. Myriad circumstances may or may not compel a person to want to make such a complaint public, invite investigation of his/her internet activity, and the like. I would not presume to act in the face of a borderline complaint without the clear mandate and insistence of the victim, and, I am at pains to say, such a situation is decidedly not the role of WMF, or me in my role of General Counsel. The project answer is, the threatening individual is not contributing to an encyclopedia, we are a civil community, and this user is thus nuked. That should not be controversial to anyone. Here, checkuser rights entail responsibilities, which in my view, include acting reasonably in the community to investigate such claims, not for the purpose of investigating crime, as you suggest, but to confirm the (somewhat) obvious evidence that this user is in need of a permanent vacation away from our projects. That is the customer service we intend to provide.

Finally, I would like to state - unequivocally - that the essence of the projects is not to try to replicate the pain and suffering which demonstrates itself every day in the real world. We oppose wikilawyering, legal threats, etc. in the projects because it undermines the spirit and strength of purpose which trust and respect foster. Someone who is using our space to convey hurtful, hateful (up to and including criminal) speech needs to find another website to mess around with. There is no room for such people here, and they won't be tolerated. That is a common sense project view, not a legal one, and one which most of the admins and checkusers I know and work with would agree with in a heartbeat. Our primary goal is to move projects forward, not serve as an extension of the sovereign.

My two cents. ;-) --Brad Patrick 23:36, 24 November 2006 (UTC)

Well said. HighInBC ^{(Need help? Ask me)} 23:43, 24 November 2006 (UTC)

It appears that you should be allowing him to change his name in order to remove his personal details from the site. Also, revert warring is not the answer - that is not really becoming of a sysop.-Localzuk^(talk) 00:05, 29 November 2006 (UTC)

Thanks. --

Zacheus

00:09, 29 November 2006 (UTC)

Not only is it permitted for him to change references to his name, it is better for the checkusers. In the (hopefully unlikely) event that a future check is run, it makes more sense to list the case under the renamed account, rather than an old name with zero edits. It would have been better for Zacheus to ask a clerk to do it through the link on the front page, but that's a minor thing.

Thatcher131

03:29, 29 November 2006 (UTC)

Thank you for your statement. I wished not to bother others with this boring work, that's why I did by myself. If I knew it would be controversial, I would ask somebody else. --

I don't know if this is me, but this looks wrong:

On

I confirm this for Wikipedia:Requests_for_checkuser/Case/Iasson; I suspect the section number for the link needs to be changed. Septentrionalis 23:52, 3 December 2006 (UTC)

Essjay redesigned the page layout so that pending requests are listed on a separate page

Thatcher131

00:22, 4 December 2006 (UTC)

I suggest that the user requesting that the "check user" function should be used, should be required to inform the involved parties about the request being made. Not long ago, Mr. Cool Cat made the rather silly request that the check user function should be used in order to determine whether or not I am using the "Igiveup" account on Commons (I have never denied or made any secret of this, and I have mentioned it on my Wikipedia userpage: [1] and on the talkpage of my Commons account: [2]).

I find it strange that I was never notified about this, and that I would first discover it now as a result of a pure coincidence. I believe it is wrong and strange that such issues are apparently being resolved behind people's back, and that their private information is being examined without any attempts to notify them about this. -- Karl Meier 01:42, 5 December 2006 (UTC)

If there is consensus to do so, and it can be done in a manner that prevents RFCU from being turned into the battleground that is ANI, then that's fine. However, if it is going to cause every checkuser request to become a 300KB argument about the merits of the check, it isn't going to happen. Checkuser requests are pretty straight forward: Either there is cause to run one, or there isn't. If there is, then it will be run, regardless of the amount of debate, if there is not, then it will not be run, regardless of the amount of discussion. Essjay (Talk) 02:24, 6 December 2006 (UTC)

Per Essjay, defense and argument before the check is run is largely irrelevant, and I believe the number of cases where notification would make a difference (for example, a request filed under false pretenses) is rather small, as the clerks and natural skepticism of the checkusers derail most of them. Defense after the check is run (it was my brother, someone else at my school, etc) does not belong here anyway.

Thatcher131

02:49, 6 December 2006 (UTC)

I agree completely with Essjay. By all means, fill up the talk page with argumentation if you like, but it'll be in vain. Mackensen (talk) 12:14, 6 December 2006 (UTC)

Suppose we have sockpuppet A. We are fairly sure that it is editor B, who is not actually blocked. Sockpuppet A is disrupting things, so is blocked. But puppeteer B is still able to continue activities. We request checkuser under what code? Guy (Help!) 20:13, 10 December 2006 (UTC)

Well, any could. Is the puppeteer evading some kind of ban (for example, an article ban)? Are they using the sockuppet to disrupt AFD? Etc. Etc. ad nauseam. The best thing to do is make the case for why you think the two are sockpuppets, then read the list of codes to see which one fits best. I don't know about others, but I put far more weight on the merit of the request, rathter than which code has been selected. If there is good cause to believe a blocked user (even if it's the "sockpuppet") is evading a block, then we will take a look. Essjay (Talk) 01:45, 11 December 2006 (UTC)

Sorry for the IP but I'm at a public terminal in a mall while my wife shops. After due consideration I have removed the Lotuslander check as a fishing expedition. If the Lotuslander account contiunued to act disruptively on

Indeed. A reminder to all clerks: Please do not make decisions on checks, that is for a checkuser to do. We need to be very careful about blurring the lines between the assitance tasks the clerks perform and the judgment calls the checkusers make. Essjay (Talk) 04:23, 30 December 2006 (UTC)

I rolled back that users edit (just before you left this message), I am not sure that is Thatcher. Prodego ^talk 04:24, 30 December 2006 (UTC)

It was, but I will leave it to others from here in.

Thatcher131

04:31, 30 December 2006 (UTC)

Dave702 sounds a lot like Warren Kinsella who is based in Toronto. He writes a column for the National Post, a cross town rival, and has a political consulting biz in Toronto's Yorkville district. He's also been feuding with Mark Bourrie and would be going after Rachel as a way of getting under his skin. He also dissed Rachel recently on his blog. 64.230.75.43 08:16, 29 December 2006 (UTC)

This is a fishing expedition and should be dismissed. Marsden has lived and worked in Toronto for several years and has made friends and enemies at both of the Toronto newspapers she's worked at as well as at the Star and Globe (and probably tv and radio). Proving that someone who's edited the Marsden article is from Toronto doesn't prove that person is Warren Kinsella - it could be anyone from a disgruntled co-worker to a professional rival to an unimpressed reader or an ex-boyfriend. 74.12.83.146 19:31, 29 December 2006 (UTC)

I'm hoping this isn't too strange of a question. I'm trying to determine if User:2Cold06 is another sock of the indef-blocked user User:Mykungfu, who always logs in via AOL, making checkuser almost worthless. (I do know that 2Cold06 is an AOL user, as he's only edited one article and made one edit to that article without logging in.) McGrandWizard. is an obvious sock of Mykungfu's, and it turns out that when 2Cold06 logged off tonight (last edit), McGrandWizard magically appeared minutes later (last edit), and I'm wondering if they might have used the same address. I'll file the format request if I'm told it's possible, but I figured I'd ask first if this was in fact feasible. Thanks. | Mr. Darcy talk 02:59, 7 January 2007 (UTC)

There is no way to check login tokens (which would not be too helful anyway). See this[3]; with AOL's XFF header sending cooperation such things may be tracked in the future, and changes to blocking behavoir may allow blocking the client's IP of an AOL user. For now, you will have to compare edits more so than rely too much on data, other than "two AOL users".

Voice-of-All

03:59, 7 January 2007 (UTC)

OK, thanks for the reply. I am 95% certain that they're the same user, but I thought if I could get a CU it would take the uncertainty out. | Mr. Darcy talk 04:32, 7 January 2007 (UTC)

I put a checkuser request into the text box on this page, and it created it here. Do I have to do anything else? Was I supposed to stick it under the "Outstanding requests" header of this page? Thanks, Sprocket 19:25, 14 January 2007 (UTC)

Don't worry, a bot will do that part of the listing for you. the wub "?!" 19:33, 14 January 2007 (UTC)

Hi there. I'm currently dealing with a repeat vandal who has created a multitude of accounts that are being used for spamming. See Wikipedia:Suspected sock puppets/Irub Man for more information. Is this a case that this process can assist with? If not, where should I look? Thanks for your assistance. --Brad Beattie (talk) 21:39, 20 January 2007 (UTC)

Subject to correction, I believe this qualifies under code letter A and possibly others as well. In your checkuser submission you should include evidence that the spamming has been disruptive. If this is the person who's been adding videos containing hundreds of thousands of bytes to places like the help desk it definitely is. Brad Cabal Regards and advance congratulations. Newyorkbrad 21:52, 20 January 2007 (UTC)

At the top of the Requests for checkuser page appears the phrase

Checkuser is a last resort for difficult cases. Use other methods first.

It would be very helpful if a person knowledgeable about these "other methods" could wikilink the phrase Use other methods first so that it takes the uninformed person to a page that describes those other methods. Thanks! —SaxTeacher (talk) 17:35, 25 January 2007 (UTC)

Hi, I'm aware of an IP, currently blocked for a week for repeated 3RR violations. I'm pretty sure I know of a registered account that is the same person. The registered account is still editing, though not in a distruptive way. (POV, but short of disruptive.) It's not an arbcom or community ban, just an admin ban. It has been discussed on ANI. Is a check user appropriate in this case? Regards, Ben Aveling 22:58, 27 January 2007 (UTC)

That would probably constitute fishing.

Neutrality Project

) 23:05, 27 January 2007 (UTC)

I have clear and compelling reasons to believe the two accounts are one and the same which I can email you, except that you don't have email enabled.  :-). I'm not fishing. I'm asking if the act of evading a admin ban alone is worth a checkuser. I could be wrong, but I don't think a discussion on ANI constitutes a community ban? Shall I post the evidence here with identifing information struck? Cheers, Ben Aveling 23:30, 27 January 2007 (UTC)

• If they are not being disruptive, we do not have a compelling reason to check. ✎
  Neutrality Project
  ) 23:32, 27 January 2007 (UTC)
  • Also: if they're blocked for 3RR, and the possible sockpuppet isn't continuing the 3RR behavior, then 3RR has done its job -- stopping the edit war in question. 3RR isn't punitive, it's result-oriented. --jpgordon^∇∆∇∆ 23:41, 27 January 2007 (UTC)
    • Agree and agree. The registered account isn't being disruptive. And when I look further, I can find reasons to believe that what I have seen is a coincidence arising from both having a similar world view. Thanks, Ben Aveling 23:52, 27 January 2007 (UTC)

A few minutes ago, I brought up the use of terms "inconclusive" and "unrelated" on checkuser Jpgordon's talk page; he suggested I take the issue here, so I have. The question centers around whether checkusers should declare the results of IP checks as "unrelated" or "inconclusive" in the presence of no technical evidence to suggest sockpuppetry. I brought up the point that the check-requester and/or the enemies of the checked editors (oftentimes the same person) could use the result "inconclusive" as a way of creating the impression of an aura of guilt around checked editors; meanwhile, the result "unrelated" would make it much harder to reasonable hold such a cloud over the heads of the editors who might have otherwise been declared as "unrelated." What are other people's views over the use of the two when their is no IP evidence to suggest a relation between those who were being checked? Picaroon 00:26, 26 January 2007 (UTC)

• It depends on the evidence. If the check is such that there isn't enough evidence either way, then it should likely be "inconclusive". If there is sufficient evidence, and the evidence does not show a degree of confidence where "Confirmed", "Likely" or "Possible" would be applied, then it should probably default to "Unrelated" and notes be made if neccesary. Cheers, ✎
  Neutrality Project
  ) 00:30, 26 January 2007 (UTC)

In general, I would say that the decision of how to report a finding should be up to the individual checkuser, based on how familiar they are with the tool and how confident they are with the findings. There may be times when "Unrelated" is more appropriate than "Inconclusive." For example, one editor on a stable residential IP in the US and another on a stable residential IP in England, where there is no evidence to even suggest proxy use or dynamic IP addresses. However, it should always be understood that "checkuser is not magic wiki pixie dust" (David Gerard, I think). Technical confirmation of sockpuppetry is the icing on the case and should not override determination made by human judgement (similarity of contributions, etc.) There are ways of tricking checkuser, and wikilawyering by suspected sockpuppets over an "unlikely" or "unrelated" finding does not trump the plain evidence of his contribution history, attitude and idiosyncracies.

Thatcher131

00:51, 26 January 2007 (UTC)

Yes, that was DG's famous quote :) Other than that, I endorse Thatcher's statement fully and eagerly await Mackensen/Essjay/Dmcdevit's input, if they feel it is needed.

Daniel.Bryant

01:06, 26 January 2007 (UTC)

• My point is simply that saying "unrelated" is an interpretation. Checkuser can prove the presence of sockpuppetry. It cannot prove its absence. Perhaps, though, we might want a different label, to satisfy my programmer soul? I'm really reluctant to give an outright "unrelated". I am willing to say the underlying IPs do not show any relationship. I am willing to say "Not proven". Maybe someone can come up with a better idea? --jpgordon^∇∆∇∆ 06:11, 27 January 2007 (UTC)

Okay, I see where you're coming from. How about:

CheckUser determines that IP's are unrelated; assume no sockpuppetry unless proven by contributions.

This is the closest wording I can get to emphasize that one is not to view them as guilty in any way, but still doesn't flat-out claim they are unrelated, which you've explained to be nearly impossible to guarantee. How does it sound? Picaroon 22:23, 27 January 2007 (UTC)

I'd really not say anything about "guilt" or "innocence" in any way. I'm not here to evaluate guilt or innocence. I'm here to determine presence or absence of certain patterns of IP usage. --jpgordon^∇∆∇∆ 23:07, 27 January 2007 (UTC)

• It is, of course, up to the presiding checkuser's judgement. Explaining things in trikcy situations is helpful, but remember what we can say is limited by the
  Neutrality Project
  ) 22:47, 27 January 2007 (UTC)

Inconclusive means "I can't say one way or another." It occurs where the ISP in question is one that makes results difficult (like AOL), where there is ambiguity in the finding, and otherwise where there are results that demonstrate neither a relation or a lack of relation between the users in question. Historically, it was also used in situations where a determination could not be made, for example, where there were no records for a given user because of age since last edit; that practice has been discontinued in favor of rejecting such requests. Unrelated is a strong, definite statement, introduced (by me, I beleive) to say "These two users are not related in any way." It is intended to be the opposite of "Confirmed" to say definitively that the two users are absolutely not related by technical evidence. Where one user is on an Australian residential IP and the other is editing from California, the result is not inconclusive, it is unrelated, and should be designated as such. Unless my memory is failing me, it was intended as a gentle clubatting of those who find it necessary to whinge about the specificity of results; it has been quite common for users to say "No, you must be wrong." when the IP evidence is quite obvious. Essjay (Talk) 11:38, 31 January 2007 (UTC)

Before I write an unsuccessful checkuserrequest can someone check if Code F would apply to Wikipedia:Suspected_sock_puppets/Captaindansplashback - see User_talk:NawlinWiki#User:Captaindansplashback for my request for clarification from the blocker. Agathoclea 09:37, 5 February 2007 (UTC)

Yes, the request would be legitimate. Essjay (Talk) 11:05, 5 February 2007 (UTC)

Did a bit more digging - and put a request up, I hope the extra names don't throw the balance. There has just been too much attacking at Brokkies's talkpage lately with all the same pattern. Agathoclea 00:48, 7 February 2007 (UTC)

Two questions:

1. If the
   Uninsureddriver
   21:47, 12 February 2007 (UTC)
2. Do all conclusive requests end in a block?
   Uninsureddriver
   21:48, 12 February 2007 (UTC)

While assigning Checkuser privileges is an ArbCom function, it's handled administratively rather than on-wiki. Virtually all of the people with Checkuser access are either bureaucrats and/or current or former arbitrators. As for your second question, how to handle the response is up to administrators, rather than part of the checkuser policy, but if a situation is serious enough to warrant a checkuser run, there will often be grounds for blocking at least one of the accounts involved. Newyorkbrad 21:53, 12 February 2007 (UTC)

There are 14 checkusers currently on the English language wikipedia. All of them are bureaucrat level or higher, and all but two are current or former members of the arbitration committee. It is extremely unlikely that requests for access would be granted to anyone of less than bureaucrat status. The checkusers have different attitudes toward blocking; some will block and some will leave it up to the users who made the complaints to deal with. Often it is not a simple matter—claims of shared IPs or roommates and such—and that sort of evaluation is often left to the general population of admins to decide how to deal with.

Thatcher131

22:15, 12 February 2007 (UTC)

My request seemed to fall under the heading "other disruption of articles", which indicated that I should ask at

So far, I have made four requests for checkuser regarding the "vandal with a grudge" engaging in racist vandalism of Wikipedia articles and harassment of Czech editors. Two were at their subpages [4] [5], two other at the IP check section [6] [7]. I'd like to ask how to deal with the vandal in the future (which of the two mechanisms to use), and what other actions, if any, should be taken. It has been suggested several times to coordinate the check with other Wikimedia projects (the user seems to be also active on Czech Wikipedia and has made at least one appearance at German Wikipedia and at the Commons) - did anything like that happen? And could a complaint to his Internet provider be made? - Mike Rosoft 13:47, 14 February 2007 (UTC)

Does a WP policy exist for dealing with situations where user pages exist solely to be idiotic? I reverted a change on

Not a checkuser issue. Post to the

Thatcher131

15:47, 15 February 2007 (UTC)

I have deleted all the user pages and posted several warnings, let's see what happens. - Mike Rosoft 19:00, 16 February 2007 (UTC)

... Why the sudden change of SVG icons? As far as I can tell, only the colors are different. ... What happened to the IP/open proxy check for Account creation benefits (

I've noticed that sometimes cases are submitted both to Checkuser and to SSP; e.g. Wikipedia:Requests for checkuser/Case/Verdict and Wikipedia:Suspected sock puppets/Verdict (2nd). Sometimes there are perfectly understandable reasons for this (one being the ginormous backlog at SSP), but it often seems to be unnecessary duplication of effort. Many times I've closed an SSP case because all the accounts had been blocked after a checkuser request. Is there a way of discouraging users from creating cases in both pages, perhaps by adding some text to the header or something? --Akhilleus (talk) 19:19, 23 February 2007 (UTC)

The two are complimentary. For obvious reasons, SSP can only analyze the suspects' behavior. By deliberate choice, RFCU only analyzes the technical IP evidence. RFCU can sometimes refute a denial at SSP; on the other hand, RFCU will not decide what to do when two accounts with the same IP claim to be different people editing from the same large company.

Thatcher131

20:26, 27 February 2007 (UTC)

Contributors here may wish to see/comment on

This statement should be removed, there is a consensus at WP:CN against this being a requirement (remaining debate is between those who say it is the case and should be abolished, and those who assert it is not currently the case.) --Random832 19:47, 27 February 2007 (UTC)

• I wasn't aware the community noticeboard had jurisdiction here, and I see no reason to alter a well-tuned and functioning machine. Furthermore, it says "should," not "may," an important semantic distinction. Mackensen (talk) 19:57, 27 February 2007 (UTC)
  • I retyped it from memory, but I don't really see the distinction. Can you explain what exactly the position is on non-clerks doing those actions? And, as for the community noticeboard... were you under the impression the operation of this page was not subject to community consensus? A permission flag does not confer
    OWNership. --Random832
    20:33, 27 February 2007 (UTC)
• The reason behind this as I understand it is that they do not want people expressing opinions on cases other than the CheckUsers. This is for good reason - the people that are given the CheckUser flag by the WikiMedia Foundation are those trusted and charged with the duty of making judgements on these cases and taking appropriate action. The clerks here just make sure that requests are formatted properly, contain information supporting an investigation request, and on occasion respond to requests from the CheckUsers. We're here to make life easy for them, not to replace them. If you or someone else understands the role and wants to jump in, then that is fine so long as you accord your actions appropriately, however, the notice is there as a safeguard against those that would damage the page or try to play checkuser when they are not a checkuser. Cheers, ✎ Peter M Dodge (Talk to Me) 20:43, 27 February 2007 (UTC)
  • I thought that the reason they're given the checkuser flag is that they are trusted with access to personal data - access which is not required to determine that a case is {{fishing}}. --Random832 21:04, 27 February 2007 (UTC)
  • P.S. " If you or someone else understands the role and wants to jump in, then that is fine" - um, no it's not - you have to be specifically made a clerk by a checkuser to do these things. Or, anyway, that's what the page says. If this is in fact not presently the case, the page should be changed to reflect that. --Random832 21:05, 27 February 2007 (UTC)
    • And how do you know if it's fishing if you have no experience with checkuser? You don't. What seems obvious fishing to you has more than once had a checkuser going "not another sock of so-and-so" I'm sure. (Cplot is up to what? 200 socks and counting?) ✎ Peter M Dodge (Talk to Me) 21:06, 27 February 2007 (UTC)
      • Obvious fishing would be, for example, a request naming only one IP or username, which does not even go so far as to allege that it is the sockpuppet of anyone else in particular, but is instead a simple "get me a list of (accounts this IP has logged in as / other accounts that have been logged in from IPs this account has logged in from)". Can you name a circumstance in which such a request would possibly not be fishing? --Random832 21:14, 27 February 2007 (UTC)
        • I've had OTRS inspired requests that looked like that. Mackensen (talk) 21:19, 27 February 2007 (UTC)
          • If such requests are to be permitted (I'm not even saying they shouldn't be), then, the conclusion to be drawn is that checkuser IS for fishing, not that those requests are not fishing. --Random832 21:28, 27 February 2007 (UTC)
            • No, the conclusion to be drawn is that checkuser is not for fishing, but that you don't know what fishing is. Mackensen (talk) 21:34, 27 February 2007 (UTC)
              • So how about you explain how that's not fishing? If such requests are useful, it hardly makes sense to discourage people from making them by not clarifying this. --Random832 21:43, 27 February 2007 (UTC)
                • Because it isn't fishing, but the things that we would discourage are fishing. There's a reason that the decision concerning what is and what is not fishing is left to the judgement of the checkuser. Mackensen (talk) 21:49, 27 February 2007 (UTC)
                  • Do you have any interest at all in actually explaining the difference to me, or should I just stop asking? --Random832 21:56, 27 February 2007 (UTC)
• (undent) Only checkusers should judge the merits of a case - after all, this isn't a forum for someone to ask anyone to checkuser the people - not everyone can - it is a forum to ask for a checkuser to checkuser the users. There is, of course, a difference between saying "This isn't going to be run because its fishing" and "I don't think the checkuser should run this, it looks like fishing" - the first seems to assert some sort of authourity on the matter you don't have, whereas the second acknowledges the authority of the presiding checkusers. Generally clerks try to avoid either, but the first is simply unacceptable whereas the second lies more in a grey area. ✎ Peter M Dodge (Talk to Me) 22:37, 27 February 2007 (UTC)

And another thing - You say "If you or someone else understands the role and wants to jump in, then that is fine", but the very existence of the title of clerk implies that there is to be no "jumping in" without prior approval. How do you reconcile these two views? --Random832 21:17, 27 February 2007 (UTC)

• It's easy. Any editor can help in these pages - it's what I did for quite some time before Essjay appointed me as a clerk. Editors who consistently help out and are deemed to be trustworthy are added to clerks, and are given less oversight than those that aren't as they have been deemed trustworthy. The only other difference is that clerks may be trusted with private information because they are deemed trustworthy, whereas normal editors would not. ✎ Peter M Dodge (Talk to Me) 22:05, 27 February 2007 (UTC)

Plain and simple "no". I'm sorry, but only clerks should perform these actions. When a case is marked as "fishing" or otherwise closed/archived by a clerk, these cases are then, in most cases, never reviewed by a check user. If we have incompetent people marking cases as "fishing" that clearly are not, the process will break, plain and simple. This is why the clerk was ordered, to save the checkusers more work by giving them the authority to close cases and make decisions without every case having to go through a checkuser. Do away with that power or give that power to everyone, and this page will return to the horendously backlogged state it was a few months ago.

• Clerks shouldn't even be labelling cases! Only checkusers should. The only label that clerks should be using is {{
  clerknote}}. Plan and simple. ✎ Peter M Dodge (Talk to Me
  ) 22:05, 27 February 2007 (UTC)

Uggg, I apologize -- my head is really not screwed on today. Please disregard my above comments.

AmiDaniel (talk

) 06:15, 28 February 2007 (UTC)

Since the long discussion about clerks that happened earlier this week I've been wondering about something, do clerks have access to private information? I ask because Peter Dodge wrote this: [8]: " CheckUser clerks are trusted members of the community chosen by the checkusers because they trust these users with sensitive private information that sometimes is necessary to discuss in a checkuser investigation." It seems to have come from a project page somewhere, but none of the ones I've looked at have that wording. And at least one page (the checkuser clerk page) says that they do not have that kind of access. I also noticed that the clerks IRC channel became invite only, so I was wondering if that happened because private info was being passed there? (if not then I'm not sure why it would need to be invite only). In any case, do they have access to private info, and if so is it passed in part on the clerks IRC channel? Thanks!

No. That would be a huge Foundation issue. (I think Peter is sometimes over-enthusiatic in defending the position.) There is really nothing checkuser clerks do that other editors can't if they can figure out the system. Mainly I think, it's easier for the checkusers to feel comforatble working with a smaller group of steady volunteers rather than dozens of part-timers. I'm trying to clarify and harmonize the various clerk pages. Regarding the IRC channel, Mackensen or Daniel.Bryant would have to answer that one.

Thatcher131

20:26, 2 March 2007 (UTC)

Sometimes during the course of a CU investigation the CheckUsers will share privileged information with clerks. I myself am not usually one of these peoples, but administrators the CheckUsers have IP block these people obviously need to know the IPs, which are indeed private bits of information. ✎ Peter M Dodge (Talk to Me) 20:29, 2 March 2007 (UTC)

Hmm. Are you sure about that? Now, as a matter of reality, if someone asks for an IP block on a vandal who has been making attack user names (such as this), and the checkuser answers, "IP blocked," then is it is trivially easy for anyone to look in the checkuser's block log and find the IP. This is not really personal information as it is not tied to a user's identity. And sometimes users give away their own location and IP by editing while logged out to avoid 3RR limits and so forth, such as

Thatcher131

20:47, 2 March 2007 (UTC)

From the topic in the CheckUser clerk channel: Checkuser Clerk Private Coordination Channel | Congrats to James F, the newest Checkuser! | Please don't invite non-clerks or non-checkusers, as limited personal information may be discussed. ✎ Peter M Dodge (Talk to Me) 20:55, 2 March 2007 (UTC)

What kind of personal information is shared specifically?

RxS

21:06, 2 March 2007 (UTC)

I've never said anything there that I'd be unwilling to say on-wiki. Thatcher correctly characterizes the appropriate limits. Mackensen (talk) 21:15, 2 March 2007 (UTC)

I agree those are the appropriate limits, but I seem to be getting mixed messages. What personal information does the IRC topic refer to specifically?

RxS

23:16, 2 March 2007 (UTC)

Basically nothing.

Daniel Bryant

00:00, 3 March 2007 (UTC)

I'd take it as an appropriate caution--checkusers are about, and they might talk about things not meant for general consumption. To be honest, I never gave it much thought. Mackensen (talk) 03:09, 3 March 2007 (UTC)

Regarding in the invite-only, that was Essjay's decision, so I'm not going to assume anything on his behalf. Other than that, really, there's nothing terribly interesting; I appreciate your concern, however rest assured that it'd be more than we're all worth to start breaching foundation guidelines regarding private info. I believe you may have misunderstood the intention of Peter's comment, which has led to this. Cheers,

Daniel Bryant

03:49, 3 March 2007 (UTC)

Fair enough, then shouldn't the topic say something like "Please do not discuss any personal information in channel that is not meant for general consumption?" etc? I think a pretty bright line should be drawn around access to personal/private information. If clerks are around, checkusers shouldn't be talking about anything not meant for general consumption right?

RxS

18:40, 3 March 2007 (UTC)

In light of recent events, its fair to say that that will get a fresh look at some point.

Thatcher131

23:51, 3 March 2007 (UTC)

I see that the possibility of discussion of some personal (on the clerks IRC channel) been added to the clerk project page (ratified?) [9]So I guess the question comes back to what kind of information not meant for general consumption is being shared outside the Checkuser group? I don't mean to be going on about it, but as I know everyone understands it involves some pretty important foundation policy. Thanks,

RxS

03:08, 5 March 2007 (UTC)

For one, the habits and trademarks of banned users. Mackensen (talk) 03:14, 5 March 2007 (UTC)

That wouldn't really fall under a description of "limited personal information" though would it? Or a small, closed IRC channel I suppose?

RxS

03:22, 5 March 2007 (UTC)

The only info clerks might get is

WP:BEANS info about why a check couldn't be run, that anyone with enough time could find, since it is nearly always the same reason. (after all the Special:Checkuser code is open). It is not as if checkusers are saying User:Essjay's IP is... to clerks. I agree with Thatcher. Prodego ^talk

03:23, 5 March 2007 (UTC)

Good enough, there seems to be some mixed messages, but Checkusers should be able to limit what info is shared there, thanks.

RxS

03:27, 5 March 2007 (UTC)

I think EssJay explained it once probably along the same lines as above but essentially the checkuser process is an open secret meaning that it's not hidden but it's not advertised. Part of the "security through obscurity." The secrecy isn't because personal information is being shared, but rather the process and limitations are not being advertised. --Tbeatty 03:32, 5 March 2007 (UTC)

Ten wikipedians will have 12 different opinions on something. To give a somewhat related example, I have been active in blocking the socks of a particular banned user. Periodically, another admin, who has been in an editing conflict with this person, will email his suspected new socks to me. He doesn't want to post a public request because that would mean revealing the person's "tells" which (if he stopped doing them) would make him harder to spot. That's also why the channel is invite-only. Wouldn't want to be discussing Lightbringer's tells while Lightbringer was lurking in the room. Tbeatty also has a point. We don't want to say, "that user can't be checked because he is doing X," because then all the smart sockpuppeteers will start doing X too.

Thatcher131

03:36, 5 March 2007 (UTC)

That's understandable, and I wasn't really too concerned about that. I was wondering more along the lines of server logs and data derived from page logs...which I'm under the impression are used in checkuser audits. That's the "bright line" I was talking about...but it sounds like that's something that would never be shared in this manner.

RxS

03:43, 5 March 2007 (UTC)

If it was, I would quit.

Thatcher131

03:51, 5 March 2007 (UTC)

I probably got hung up on the term personal information (IRC topic), when someone says that I hear server logs.

RxS

04:02, 5 March 2007 (UTC)

I have e-mailed a letter of complaint to administrators of networks used by the vandal with a grudge. (For the text of the complaint, together with the contact e-mails, look here.) Today I received a response from Czech On Line a.s., requesting IP addresses used by the vandal, with exact date and time of edits. Of course, I don't have this information available; could you please send follow-up e-mails to them, to allow them to continue the investigation? (According to the privacy policy, "where the user has been vandalising articles or persistently behaving in a disruptive way, data may be released to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers".) - Mike Rosoft 19:13, 5 March 2007 (UTC)

Looking over the checkuser requests I believe are associated with this, it looks like Dmcdevit did most of the checking -- you might want to get in touch with him off-wiki, if possible. – Luna Santin (talk) 21:41, 5 March 2007 (UTC)

AFAIK, Dmcdevit, Mackensen, and Jpgordon all ran checks against this vandal. I suggest that you contact them off-wiki since this issue seems a little too sensitive to be discussed on-wiki.

TML

06:25, 7 March 2007 (UTC)

Hello, I'm

The sending IP is: 12.119.119.186 (talk⁺ · tag · contribs · filter log · WHOIS · RBLs · proxy check · block user · block log · cross-wiki contribs · CheckUser (log))

The harassment clearly references Wikipedia. Is it possible to cross reference from the IP address 12.119.119.186 to Wikipedia user activity on or about 1 March 2007 03:13 UTC. If it is not possible or an outcome is achieved please notify either:

• Dfrg.msc (talk · contribs)
• talk · contribs
  )

And we will take the necessary steps. Regards, Dfrg.msc 05:40, 8 March 2007 (UTC)

Hi Dfrg - I doubt that this will be possible for two reasons. One: it infringes on Wikimedia Foundation Privacy policy, whether abusie or not, and whether related to Wikipedia or not. Two: The abuse was, in any case, made off Wikipedia, so it isn't really for Wikipedia Dispute Resolution to swing into action unless the user in question is identifiable by recent on-Wiki conflicts. Your best course of action is to continue with the abuse report, and perhaps contact the abusive user asking him to identify himself - checkusers probably won't be allowed to do this.

inp23

19:47, 8 March 2007 (UTC)

I suggest contacting Mackensen, Jpgordon or UninvitedCompany directly for this unusual request.

Thatcher131

19:52, 8 March 2007 (UTC)

Yes, you could contact a checkuser directly as Thatcher suggested, but barring a clear ID (which may not be technically feasible),

That's probably worth checking out and should be technically feasible. You may want to email a checkuser directly, or post on WP:RFCU. MastCell 21:33, 8 March 2007 (UTC)

There is a vandal who creates accounts and then gets two or three warnings on them and moves onto another account before being blocked, so she has never been blocked. I am fairly sure that it is the same person (at least for some of the accounts), but the sock-puppet process seems too complex to me. What can I do? JRSpriggs 09:04, 20 March 2007 (UTC)

I have her IP address (or at least one of them) namely, 74.103.19.52 (talk · contribs · deleted contribs · filter log · WHOIS · RDNS · RBLs · http · block user · block log). What I need is a list of all user-ids associated with that address and whether there are any other IP addresses used by those users. Then I could ask to have her IP address and all users who use it blocked, assuming that I am correct and their aggregate number of acts of vandalism is way over the threshold. JRSpriggs 07:08, 22 March 2007 (UTC)

Sounds like a job for

WP:RFCU/IP. – Luna Santin (talk

) 22:08, 7 April 2007 (UTC)

Why do we require, Do not specify more than one summary letter? So far, the only disadvantage I've seen when more than one summary letter is entered is that some or another clerk complains about there being more than one summary letter. It doesn't make my job any harder to have more than one. --jpgordon^∇∆∇∆ 20:42, 21 March 2007 (UTC)

I agree. I've been ignoring it recently, as it only adds to the loads of instruction creep that makes up RFCU. PTO 20:48, 21 March 2007 (UTC)

I removed that, it seems useless. Prodego ^talk 20:57, 21 March 2007 (UTC)

But it was re-added by

Here is the reason. Prodego ^talk

21:09, 21 March 2007 (UTC)

Wouldn't it make more sense to store checkuser data on long-term blocked users? After all logs expire after a month. -- Cat ^chi? 20:51, 24 March 2007 (UTC)

I think there may be privacy implications, although I suspect it's done unofficially anyway.--

Domitius

21:05, 24 March 2007 (UTC)

I do not believe privacy is an issue. The ips and other info will not be published to public. All info will still be for arbitrators' "eyes only" -- Cat ^chi? 09:58, 26 March 2007 (UTC)

Cool Cat, do you have a specific incident in mind? Many of the checkusers do keep records, but they may not always have the foresight to keep the right records in the right case.

Thatcher131

14:57, 26 March 2007 (UTC)

Yes and no. I had difficulties on a very old case that resurfaced a wile back ago. Checkuser data wasn't available so a second arbitration case had to be started for the (new) individual. But that specific thing isn't important right now.

My concern is future and current disputes. Personal logs of any checkuser can disappear for simple reasons such as virus infections and stuff. A centralized location where all en.wiki checkusers can access (such as a private mailing list or some hidden archive) is what I have in mind. I think it would be beneficial to have such a thing.

-- Cat ^chi? 16:30, 26 March 2007 (UTC)

There is a CheckUser mailing list already, I believe. This comment should probably be moved to Wikipedia talk:Requests for checkuser, though, since it doesn't deal explicitly with arbitration and we have some non-Arbitrators that serve as CheckUsers. Thanks! Flcelloguy (A note?) 16:48, 26 March 2007 (UTC)

I'll copy paste there now. -- Cat ^chi? 16:53, 26 March 2007 (UTC)