Notification of some checks would always have to be withheld to allow complex investigations to be completed without "tipping off". There is public information that suggests there have been complex abuse cases (real abuse, like harassment, not vandalism). To notify parties suspected of involvement while these long running investigations are underway is broadly analogous to receiving an automated email when your name is searched on the FBI national computer: the innocent want an explanation that wastes police time; the guilty realise they are being investigated and are tipped off to adapt their behaviour. As soon as there is an option to suppress the alert you are back to square 1: CUs may suppress the notification to "hide" what they are doing.
End of the day, the communities elected the CUs knowing they'd be able to secretly check private data - so you have to trust them to do what you ask them to do or elect someone else you do trust. Neil / QuiteUnusual@Wikibooks -----Original Message----- From: Nathan <nawr...@gmail.com> Sender: wikimedia-l-boun...@lists.wikimedia.org Date: Thu, 14 Jun 2012 22:10:33 To: Wikimedia Mailing List<email@example.com> Reply-To: Wikimedia Mailing List <firstname.lastname@example.org> Subject: Re: [Wikimedia-l] CheckUser openness On Thu, Jun 14, 2012 at 8:06 PM, Dominic McDevitt-Parks <mcdev...@gmail.com>wrote: > I think the idea that making the log of checks public will necessarily be > a service to those subject to CheckUser is misguided. One of the best > reasons for keeping the logs private is not security through obscurity but > the prevention of unwarranted stigma and drama. Most checks (which aren't > just scanning a vandal or persistent sockpuppeteer's IP for other accounts) > are performed because there is some amount of uncertainty. Not all checks > are positive, and a negative result doesn't necessarily mean the check was > unwarranted. I think those who have been checked without a public request > deserve not to have suspicion cast on them by public logs if the check did > not produce evidence of guilt. At the same time, because even justified > checks will often upset the subject, the CheckUser deserves to be able to > act on valid suspicions without fear of retaliation. The community doesn't > need the discord that a public log would generate. That's not to say that > there should be no oversight, but that a public log is not the way to do it. > > > Dominic > The threat of stigma can be ameliorated by not making the logs public, which was never suggested. A simple system notification of "The data you provide to the Wikimedia web servers has been checked by a checkuser on this project, see [[wp:checkuser]] for more information" would be enough. En Pine's reply to my queries seems calibrated for someone who is unfamiliar with SPI and checkuser work. I'm not - in fact I worked as a clerk with checkusers at SPI for a long time and am quite familiar with the process and its limitations. I know what's disclosed, approximately how frequently checks are run, the general proportion of checks that are public vs. all checks, etc. I still am not clear on how disclosing the fact of a check helps socks avoid detection, and I still believe that it's worthwhile for a transparent organization like Wikimedia to alert users when their private information (information that is, as Risker has mentioned, potentially personally identifying) has been disclosed to another volunteer. Nathan _______________________________________________ Wikimedia-l mailing list Wikimediaemail@example.com Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l _______________________________________________ Wikimedia-l mailing list Wikimediafirstname.lastname@example.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l