Notification of some checks would always have to be withheld to allow complex 
investigations to be completed without "tipping off". There is public 
information that suggests there have been complex abuse cases (real abuse, like 
harassment, not vandalism). To notify parties suspected of involvement while 
these long running investigations are underway is broadly analogous to 
receiving an automated email when your name is searched on the FBI national 
computer: the innocent want an explanation that wastes police time; the guilty 
realise they are being investigated and are tipped off to adapt their 
behaviour.  As soon as there is an option to suppress the alert you are back to 
square 1: CUs may suppress the notification to "hide" what they are doing. 

End of the day, the communities elected the CUs knowing they'd be able to 
secretly check private data - so you have to trust them to do what you ask them 
to do or elect someone else you do trust. 

Neil / QuiteUnusual@Wikibooks

-----Original Message-----
From: Nathan <>
Date: Thu, 14 Jun 2012 22:10:33 
To: Wikimedia Mailing List<>
Reply-To: Wikimedia Mailing List <>
Subject: Re: [Wikimedia-l] CheckUser openness

On Thu, Jun 14, 2012 at 8:06 PM, Dominic McDevitt-Parks

> I think the idea that making the log of checks public will necessarily be
> a service to those subject to CheckUser is misguided. One of the best
> reasons for keeping the logs private is not security through obscurity but
> the prevention of unwarranted stigma and drama. Most checks (which aren't
> just scanning a vandal or persistent sockpuppeteer's IP for other accounts)
> are performed because there is some amount of uncertainty. Not all checks
> are positive, and a negative result doesn't necessarily mean the check was
> unwarranted. I think those who have been checked without a public request
> deserve not to have suspicion cast on them by public logs if the check did
> not produce evidence of guilt. At the same time, because even justified
> checks will often upset the subject, the CheckUser deserves to be able to
> act on valid suspicions without fear of retaliation. The community doesn't
> need the discord that a public log would generate. That's not to say that
> there should be no oversight, but that a public log is not the way to do it.
> Dominic

The threat of stigma can be ameliorated by not making the logs public,
which was never suggested. A simple system notification of "The data you
provide to the Wikimedia web servers has been checked by a checkuser on
this project, see [[wp:checkuser]] for more information" would be enough.

En Pine's reply to my queries seems calibrated for someone who is
unfamiliar with SPI and checkuser work. I'm not - in fact I worked as a
clerk with checkusers at SPI for a long time and am quite familiar with the
process and its limitations. I know what's disclosed, approximately how
frequently checks are run, the general proportion of checks that are public
vs. all checks, etc. I still am not clear on how disclosing the fact of a
check helps socks avoid detection, and I still believe that it's worthwhile
for a transparent organization like Wikimedia to alert users when their
private information (information that is, as Risker has mentioned,
potentially personally identifying) has been disclosed to another

Wikimedia-l mailing list
Wikimedia-l mailing list

Reply via email to