Wikipedia:Arbitration Committee/CheckUser and Oversight/May 2010 election/CheckUser/Amalthea

Amalthea
Hi everyone, I'm offering to help with the CheckUser tool.

About me: I have an account since September 2005, became an active editor in June 2008, an administrator in February 2009. I am a relatively recent active editor, but do not foresee my activity on this project to change in the near future. I've always only worked on the maintenance part of Wikipedia, in recent times mainly on technical things like templates or maintaining Twinkle and Friendly.

I am a computer scientist, am familiar with the MediaWiki Checkuser extension, and have prior work-related experience with web server log analysis and investigation of multiple account abuse therein, so I know I have the required technical and investigative skills. I believe myself to be an upright, serene, and communicative person and editor, am familiar with the WMF's privacy policy and the CheckUser policy, and have a good understanding of when CheckUser should and should not be used. I only have limited experience with pure contributions-based sock analysis or SPI clerking. Nonetheless, I believe I can be useful at the CheckUser part of SPI.

Amalthea 15:27, 7 May 2010 (UTC)

Comments and questions for Amalthea
Noting in advance that I will only have limited Internet access this weekend (read: via analog modem), so I will probably only be able to respond to questions late on UTC Sunday. Amalthea 15:27, 7 May 2010 (UTC)

Questions from Deskana: (five questions, so I'm only looking for brief answers)
 * 1. What are the key differences between the checkuser policy and the privacy policy?
 * A. The WMF privacy policy formulates principles about gathered private data, access to that data, and circumstances that can prompt release of that data to third parties. That gathered private data far exceeds what can be queried through the CheckUser extension, and CheckUser queries are only one aspect of the privacy policy, so its principles are more far-reaching than CheckUser queries. CheckUser policy mainly spells out specifics when queries may be used and may not be used, based on the principles from the privacy policy. In addition it details access to the right and gives some specific guidance and best practices, again building on the privacy policy. Amalthea  01:02, 10 May 2010 (UTC)


 * 2. What conditions does the checkuser policy require to be met in order to use the checkuser tool on an account?
 * A. Most important condition is, I believe, that there needs to be a "good and specific cause" to use it. Checkusers have a range of discretion to use CheckUser queries if there is such a legitimate purpose. Explicitly and most typically, it may be used to prevent damage to the project, i.e. to fight vandalism/bad faith editing, to check for sockpuppet abuse, and to limit disruption of the project. It may not be used to pressure or threaten editors (quite like admin tools in a dispute), and is not normally used to prove innocence on en-wiki (which the privacy policy wouldn't restrict). Amalthea  01:02, 10 May 2010 (UTC)


 * 3. What conditions does the privacy policy require to be met in order to use the checkuser tool on an account?
 * A. Essentially the same thing, in a more general sense. Principles applying would be that the collected data may be used to "serve the well-being of its projects", by countering "certain kinds of abuse and counterproductive behavior", like "suspected use of malicious “sockpuppets” (duplicate accounts), vandalism, harassment of other users, or disruptive behavior", and minimal access (which translates, in part, to the "good and specific cause" from above). Amalthea  01:02, 10 May 2010 (UTC)


 * 4. What conditions does the checkuser policy give on the release of data from the checkuser tool?
 * A. It generally defers to the conditions from the privacy policy (see below), and stresses again that disclosure of IP information should be avoided, if possible. Amalthea  01:02, 10 May 2010 (UTC)


 * 5. What conditions does the privacy policy give on the release of data from the checkuser tool?
 * A. Either of: Compulsory request by authorities, with permission by the user, when necessary for abuse investigations, certain technical issues with bots/spiders, message to ISP complaint department following vandalism/persistent disruption abuse, or in response to certain threats. Brief answers, as asked for, and in parts simply taken from the policy pages. Feel free to ask follow-up questions.  Amalthea  01:02, 10 May 2010 (UTC)

Just one question from HJ Mitchell
 * 6. If you are granted CU access, how do you think that will affect you as an editor and an administrator and do you think that will (or should) affect the way that other editors interact with you?
 * A. Checkusers are comparatively rare since the right is (and should be) given out sparingly, so my focus will certainly shift to SPI. I remember that when I was a very new editor comments from editors with additional user rights seemed to carry more weight. It obviously shouldn't and doesn't, by itself. Was that your question? Amalthea  01:02, 10 May 2010 (UTC) ( 09:13, 10 May 2010 (UTC))

One last minute question by Buggie111
 * 7. When do you think your definition of "the near future" will be?
 * A. Counted in years. Amalthea  01:02, 10 May 2010 (UTC)

Really last minute question from Spitfire
 * 8. Imagine a scenario where a user has created a vandalism page, which was tagged for speedy deletion, and they then then tried to remove the tag, but upon being stopped by a bot, they appeared to log out and remove the tag that way. The page was later deleted but an SPI case was opened on the user, you preform a check which reveals that the user is related to the IP, what action do you take, and why? (or would you not have preformed the check, and if not, why?)
 * A. Unless there are circumstances that suggest a wider pattern, there's no need for a checkuser, in particular considering the behavioral evidence, so I would not have performed one. Potential actions range from talking to the user to an indefinite block, depending on other edits by the user, the type of vandalism, and the user's reaction, but that's independent of the SPI case. Amalthea  01:02, 10 May 2010 (UTC)

Question from User:zzuuzz
 * 9. What actions would you consider taking if you found an editor was using one or more open proxies to edit? Under what circumstances would you reveal this discovery to the community?
 * A. Depends extremely on the circumstances. The IPs of the open proxies will almost always need to be blocked right away (see WP:PROXY), if they aren't already. If the editor used the proxies in violation of WP:SOCK or other policies the violating accounts will be blocked indefinitely, and possibly the master as well. There are circumstances where no action needs to be taken at all, editing through open proxies or Tor is not forbidden per se and we explicitly grant exemptions for that (e.g. for users from Mainland China). If the editor I found was using Wikipedia legitimately and the open proxy was still unblocked, I might contact the editor privately. If the proxy is open and used by only one editor, it might be a misconfiguration and he should be notified privately and urged to quickly rectify it. In all such legitimate uses, the community should not be notified. If an open proxy was used abusively, a note of that on the respective SPI case can be useful for the future. Amalthea  01:02, 10 May 2010 (UTC) ( 09:13, 10 May 2010 (UTC))

Question s from User:7 (ignore the struck question)
 * 10. What is an analog modem?
 * 10. One of the less documented areas of CU work is to help out at WP:ACC when a CU rangeblock has been applied to an IP requesting a new account. This can be done directly in the ACC interface, or by responding to emails sent to the functionaries list or to a Quick SPI request.  Do you have an account with ACC or would you be willing to setup one to help there too?
 * A. I do not have an account with the account creation tool. If I find that such requests are more efficiently processed in the ACC tool then sure, I'll ask for an account. I won't seek involvement beyond that, though. Amalthea  09:13, 10 May 2010 (UTC)

Question from Happy-melon
 * 11. All CheckUsers and Oversighters are members of the functionaries-en mailing list, a forum for discussion and co-ordination of privacy-related issues which affect any and all areas of Wikipedia. What qualities and perspectives would you bring to such discussions?
 * A. Hmm. Probably no perspectives that aren't already there. I believe I am calm, neutral, and objective, don't hold any grudges, and hope that I can be a reasonable voice there. I tend to investigate a lot of background before I write any conclusions. I'd say that my views on privacy are comparatively conservative. Another quality might be that I'm very available throughout the day (UTC+2, currently), and can give input quickly if an issue is pressing. Amalthea  16:30, 12 May 2010 (UTC)