Re: [Wikimedia-l] CheckUser openness
Hi Nathan, For a moment, let's suppose that there is a global policy that all CU checks must be disclosed to the person being checked, with the information disclosed in private email, and only consisting of the date of the check and the user who performed the check. What benefit does this have to the user who was checked? This information doesn't make the user more secure, it doesn't make the user's information more private, and there are no actions that the user is asked to take. Perhaps there is a benefit, but I am having difficulty thinking of what that benefit would be. I can think of how this information would benefit a dishonest user, but not how it would benefit an honest user. If there is a valuable benefit that an honest user receives from this information, what is it? Thanks, Pine ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] CheckUser openness
Nathan, I’d like to respond to all three of your recent comments. > Can you explain how this is so? I did a fair amount of work at SPI as a > clerk, and I'm not sure I understand how the mere fact that a check was > performed is giving sockpuppeters a roadmap for how to avoid detection. If > you mean they could test the CU net by running a bunch of socks on > different strategies to see which get checked and which don't, that seems > like a lot of work that a vanishingly small number of abusers would > attempt... and also basically the same information as they would receive > when those sock accounts are ultimately blocked or not blocked per CU. > > ~Nathan I think you might be amazed that the persistence and sophistication of some individuals. I personally haven’t dealt with them much on-wiki, but I’ve certainly seen them on IRC. > Here are some problems with that rationale: > > 1) If a sock confirmation results from a CU check, the person is blocked, > which is a pretty big tip off all its own. If a case is filed at SPI, then > tons of evidence is submitted, then a CU check is performed in public, then > a block is or is not imposed. That whole process is a pretty big tip off > too, but we haven't shut it down for providing a road map to abusers. > You are correct that the start of the CU case is public at the time of filing at WP:SPI. The identity of the CU is also public when it is run for those filed cases. I believe that we are discussing in this thread are instances of the CU tool being used, or data from the tool being used and shared among functionaries who are permitted access to private data, when that use or sharing is not made publicly known at WP:SPI. I am not a Checkuser but perhaps someone who is a Checkuser can give some examples of situations when this happens. I personally know of at least two scenarios. > 2) You can't dispute the use of CU on your information if you don't know > that it was used. It's kind of like secret wiretapping with a FISA warrant; > if you never know you've been wiretapped, how are you supposed to challenge > it or know whether it was used improperly? As for "various groups can > investigate", to some extent that's true. Most of them are checkusers, > however, and they still tend not to disclose all relevant information. I'm > not saying that any CU is doing anything improper or that it's likely, but > such allegations have been made in the past, and it seems like a pretty cut > and dried case of people having a right to know how their own information > is being used. If Wikimedia were based in Europe, it would most likely be > required by law. > > Nathan When you use Wikipedia, information about what you do is logged. The same is true for other websites. In most cases on the internet in general, it’s impossible for the average user to know if their information has been used or disclosed in a way that is contrary to the site’s privacy policy. Sometimes misuse or preventable, improper disclosure of private data is made publicly known, as has happened with many online services being hacked for credit card or password information. The reality on the internet is that generally the information you provide can’t be guaranteed to remain private and secure. It is true that there can be abuses of investigative tools like CU, search warrants, and almost anything else. The best that can be done is to take reasonable precautions and to be careful about what you disclose in the first place, for the people who are trusted with special investigative tools to be honest and competent, to have sufficient “separation of powers” to help as much as possible to verify that the investigators are honest and competent, and for there to be penalties for investigators who misuse their authority. Regarding the investigative use of private information, as I think others have said also, sometimes there may be a good reason to keep an active investigation from being known to the individual who is being investigated. Like you, I value accountability and transparency, and I would gladly listen to suggestions that enhance accountability and transparency while maintaining reasonable safeguards for active investigations. There needs to be a balance. I prefer transparency, but sometimes there are good reasons for information to remain private. Pine ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] CheckUser openness
I do see where folks are coming from. To the best of my knowledge, for the past few years on English Wikipedia anyone who has asked the Audit Subcommittee if they have been checked has been told the correct response, and I think this is a good thing. On the other hand, what's being proposed here is essentially providing sockpuppeters or otherwise disruptive users (such as those under certain types of sanctions) a how-to guide so they can avoid detection in the future. Risker I'm inclined to agree with Risker here. Telling someone that a CU has been performed on their account, at the time that a CU is performed, might alert a disruptive user that some part of their recent activity has triggered the attention of SPI. This information could be used to the advantage of the disruptive user. If someone believes that CU may have been used improperly, various groups can investigate the use of CU. John, you said in your original email, "See the Rich Farmbrough ArbCom case where I suspect obvious fishing, where the CU'ed user was requesting information and the CU claimed it would be a violation of the privacy policy to release the time/reason/performer of the checkuser." Can you provide a link to the relevant diffs? I would be interested in reading the diffs to get a fuller understanding of what was said, particularly regarding the Wikimedia-wide Privacy Policy. Thanks, Pine ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
[Wikimedia-l] Wikipedia Education Program Metrics and Activities Meeting - Monday, April 23
Hi everyone, I thought that participants on this list might like to know that the April “Wikipedia Education Program Metrics and Activities Meeting” will be Monday, April 23, at 20:00 UTC / 13:00 (1 pm) PST. The meeting should be under one hour long and will happen over Webex. Information is at https://outreach.wikimedia.org/wiki/Wikipedia_Education_Program_Metrics_and_Activities_Meeting including notes from past meetings and information on how to get into the Webex meeting. I’ll be chairing the April meeting. Several WMF staff will be present. Agenda: * Welcome * Country updates: U.S., Canada, Egypt, Brazil, and possibly others * U.S./Canada student survey results from fall 2010 * Working Group information * Q&A For those who haven’t heard about the new Working Group, you can find more info about it at https://en.wikipedia.org/wiki/Wikipedia:Education_Working_Group. A good place for questions about the Working Group appears to be https://en.wikipedia.org/wiki/Wikipedia_talk:Education_Working_Group. Hopefully we’ll also learn useful information at this meeting and have sufficient time for questions during the Q&A. Regards, Pine ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
[Wikimedia-l] Wikidata opinion piece in The Atlantic
Here's an opinion piece, "The Problem with Wikidata", by Mark Graham, who "is a Research Fellow at the Oxford Internet Institute," which appears on The Atlantic's website. I'm not personally supporting or opposing his views but I found this to be an interesting read. http://www.theatlantic.com/technology/archive/2012/04/the-problem-with-wikidata/255564/ ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l