Wikipedia:CheckUser

The CheckUser tool is used by a small group of trusted Wikipedia users (called checkusers). The tool allows its users to determine from Wikipedia's servers the IP addresses used by a Wikipedia user account, as well as other technical data stored by the server about a user account or IP address.

Wikipedia's checkuser team uses the tool to establish whether two or more accounts are being operated by one individual or group of people, and to protect Wikipedia against disruptive or abusive behaviour.

Checkusers are able to view a list of all IP addresses used by a user account to edit the English Wikipedia, a list of all edits made by or from an IP address or range (which includes edits by accounts while on the IP address or range), or a list of all user accounts that have used an IP address or range. They may also view a log of CheckUser actions at Special:CheckUserLog.

CheckUser data is never accessed or released except in accordance with the Wikimedia Foundation's (WMF) privacy policy and the additional restrictions placed by this policy. After completing an investigation with the CheckUser tool, most checkusers release their findings in generalised form (such as with a statement that "account A is, is not, or may be the same as accounts B or C"); on the English Wikipedia, the release of actual private data (like "account D is connecting through IP address 0.1.2.3") is exceptionally rare. Conclusions derived from CheckUser data have limited usefulness, and a negative finding by a checkuser rarely precludes obvious sockpuppetry.

On the English Wikipedia, CheckUser access is entrusted to a restricted number of trusted users who can execute CheckUser inquiries at their own discretion. The permission is granted by Wikipedia's Arbitration Committee, after community consultation and vetting of the editor by the committee's members and the functionary team. While there is no formal requirement that checkusers also be administrators, the Arbitration Committee has traditionally restricted applications to users who are currently administrators. Checkusers must be 18 years of age or older and have signed the Wikimedia Foundation's confidentiality agreement for nonpublic information before being appointed. The use of the CheckUser tool on the English Wikipedia is monitored and controlled by the Arbitration Committee, and checkusers may have their permissions revoked by the Arbitration Committee for misuse or abuse of the tool.

This policy supplements the global checkuser policy and applies only to the English Wikipedia.

Policy
The CheckUser tool may be used only to prevent disruptive editing on the English Wikipedia or to investigate legitimate, credible concerns of bad-faith editing or sockpuppetry.

Grounds for checking
CheckUser data may be used to investigate, prevent, or respond to:
 * 1) Vandalism;
 * 2) Sockpuppetry;
 * 3) Disruption (or potential disruption) of any Wikimedia project; and
 * 4) Legitimate concerns about bad-faith editing.

The tool may never be used to:
 * 1) Exert political or social control;
 * 2) Apply pressure on an editor; or
 * 3) Threaten another editor into compliance in a content dispute.

The primary purpose of CheckUser is the prevention of sockpuppetry, but community policy provides for several legitimate uses of alternative accounts where the alternative accounts are not being used to violate site policy (such as by double voting or by giving the impression there is more support for a position in a discussion or content dispute).

On some Wikimedia projects, an editor's IP addresses may be checked upon their request, typically to prove innocence against a sockpuppet allegation. Such checks are not allowed on the English Wikipedia and such requests will not be granted.

Notifying the account that is checked
Checkusers are permitted, but not required, to inform an editor that their account has been checked. The result of a check may be disclosed to the community (on a community process page like Sockpuppet investigations).

CheckUser and the privacy policy
The CheckUser feature facilitates access to non-public information. The Wikimedia Foundation takes the privacy of its users extremely seriously, and there may at times be tension between protecting Wikipedia from damage and disruption, and protecting the privacy of users (even disruptive ones). Checkusers must perpetually weigh these opposing concerns. In order to reach the optimal result, checkusers on the English Wikipedia are required to adhere to the following conventions and practices:


 * 1) Checkusers are given discretion to check an account, but must always do so for legitimate purposes. Broadly, checks must be made only in order to prevent or reduce potential or actual disruption, or to investigate credible, legitimate concerns of bad faith editing.
 * 2) Checkusers often receive requests from non-checkusers that they check an account (though many checks are also initiated by the checkuser without direction, for instance because the checkuser has noticed a suspicious account). Where a check is initiated as a result of a request from a non-checkuser, that request may be received in public or in private. Requests received privately may be directed by the checkuser to be made publicly if the checkuser so desires, and vice versa.
 * 3) Unsubstantiated requests will be declined and a check will not be run (typically using the slogan "CheckUser is not for fishing"). On their own cognisance, checkusers may nonetheless privately make any check that falls within the bounds of CheckUser policy; this might include a check that they have elsewhere or earlier declined to make.
 * 4) The disclosure of actual CheckUser data (such as IP addresses) is subject to the privacy policy, which requires that identifying information not be disclosed except under the following circumstances:
 * With the permission of the affected user;
 * Where the user has been vandalising articles or persistently behaving in a disruptive way, data may be released to non-checkusers to allow the making of IP blocks or rangeblocks, or to assist in the formulation of a complaint to relevant Internet Service Providers or network operators; and
 * Where it could reasonably be thought necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public.

These conventions arise out of practice that has emerged in the years since the checkuser tool was created, and in some cases out of rulings or "statements of best practice" by the Audit Subcommittee (now disbanded) and the Arbitration Committee.

IP information disclosure
Checkusers may state that different named accounts are operated from the same IP or range, so long as the actual IP address(es) are not specified, or if only non-specific details are given (such as the name of the country, region, or large ISP associated with the IP address). If the checkuser's statement could not lead to another person divining the personal identity of the user accounts in question, such disclosure would be permissible. However, on the English Wikipedia, checkusers are discouraged from making a public statement that connects one or more IP addresses to one or more named accounts, since an IP address is often much more tightly linked to a specific person. (In the case of larger IP ranges, this discouragement is not as great because larger ranges mean a less specific connection can be drawn.) When announcing the results of their checks, checkusers will employ a variety of means to avoid connecting a user to an IP address, but in some cases it is hard to avoid doing so. This policy encourages English Wikipedia checkusers not to allow such connections to be made from their results, but the global privacy policy allows them to do so in the case of serious disruption, and this policy allows checkusers to prioritise compliance with Wikipedia policy over the personal privacy of a user who has abusively edited the encyclopedia.

In some situations, while checkusers can endeavour to avoid explicitly connecting an account to an IP address, they will find it difficult or impossible not to do so. For instance, when a user edits disruptively using multiple IPs, or a mixture of IPs and accounts, the checkuser will find it difficult to block the accounts and then the IP addresses without an obvious inference being drawn by onlookers from the series of blocks being made in a short period of time. When a user abusively uses several accounts and it is reasonably plausible they will create more accounts, the underlying IP range must be blocked so further abusive accounts cannot be made. The IP addresses and user accounts must therefore be blocked together.

Users who engage in problematic conduct to the point that requests for administrative action or blocking are raised and considered valid for CheckUser usage—and where a checkuser then determines the user probably has engaged in such conduct—must expect the protection of the project to be given a higher priority than the protection of those who knowingly breach its policies.

IP information retention
Information about users (like their IP address) is retained for a limited period on Wikimedia Foundation sites. Data retention is limited in this way because incidents or actions that are not current rarely require investigation.

Guidance given to checkusers
CheckUser policy advises that even if the user is committing abuse, personal information should if possible not be revealed. Checkusers are advised as follows:


 * Generally, don't reveal IP addresses when announcing their results. Only give generalized results, such as that one account uses the same network (or a different network) to another account. If detailed information is provided, make sure the person you are giving it to is a trusted person who will not reveal it. Typically, such information should not be given to people who are not functionaries or experienced administrators; it would be best to deal with the abusive accounts with other checkusers.
 * If the user has said they're from a certain region and their IP address confirms that, you are permitted to declare that CheckUser verifies they are.
 * If you're in any doubt, give no detail – and "answer like a Magic 8-Ball"!

On the English Wikipedia, checkusers asked to run a check must have clear evidence that a check is appropriate and necessary. The onus is on an individual checkuser to explain, if challenged, why a check was run. The CheckUser log is regularly examined by arbitrators. All actions associated with the CheckUser tool, especially public or off-wiki actions, are subject to public view and can result in a complaint being filed with the Arbitration Committee, the Wikimedia Foundation Ombuds Commission, or both. Checkusers who run checks based on an unsubstantiated accusation may be cautioned or subject to sanctions, up to and including the revocation of their permissions; for a previous example of this, see this 2009 investigation by the Audit Subcommittee.

Fishing
"Fishing" is to check an account where there is no credible evidence to suspect sockpuppetry. Checks are inappropriate unless there is evidence suggesting abusive sockpuppetry. For example, it is not fishing to check an account where the alleged sockmaster is unknown, but there is reasonable suspicion of sockpuppetry, and a suspected sockpuppet's operator is sometimes unknown until a CheckUser investigation is concluded. Checks with a negative result do not mean the check was initially invalid.

Contacting a checkuser
Checkusers are seasoned, experienced users, who are thoroughly vetted and highly trusted to handle sensitive and private matters, as well as other user issues. Routine sockpuppet and editing issues requiring checkuser review are handled at Sockpuppet investigations. In keeping with WP:NOTBUREAUCRACY, checkusers are authorized to receive contact by other means, like on their user talk pages, by email, on IRC or a mailing list, and so on. If an incident is of a private or sensitive nature, you should never use public means of contact. If an incident is of an urgent nature, you should contact a checkuser you know to be online, or contact multiple active CheckUsers. If an incident is an emergency, you should contact the Wikimedia Foundation. If you require an editor with checkuser access, you may contact:


 * 1) An individual checkuser who will either advise, deal with the matter, or (especially if asked) forward it on to other checkusers for wider discussion. [ A list of recently active checkusers] is available.
 * 2) The English Wikipedia checkuser team, which can be suitable if you need other checkusers to be aware or you do not know any checkusers personally to judge which individual to contact. You may do so by emailing the English Wikipedia checkuser VRT queue at . Not all checkusers are subscribed to this list. If it is sensitive beyond that, then it may instead be sent to the Arbitration Committee mailing list or any arbitrator.
 * 3) The interwiki checkuser team, which co-ordinates between checkusers on all WMF projects (and stewards, for small wikis with no local checkusers) in the checkuser-l mailing list. The inter-project team is ideal for matters concerning prolific vandals or sock users, privacy-related incidents or harassment, and other global matters of interest beyond English Wikipedia. The Wikimedia-wide checkuser mailing list does not receive mail from non-subscribers, so you will need to contact a checkuser by other means (like IRC).

Usage
A user with CheckUser access will get an extra "CheckUser" option under Special:SpecialPages, "check IP addresses" and "recent user checks" options on Special:Contributions, and access to the Special:CheckUser and Special:CheckUserLog special pages, along with other similar functions. On the English Wikipedia, checkusers also receive access to the checkuser-l global mailing list, are subscribed to the functionaries-l mailing list, and receive access to the private IRC channels at their request.

Several scripts exist for English Wikipedia checkusers, including User:Amalthea/culoghelper.js, User:Amalthea/cufilter, MediaWiki:Gadget-markblocked.js, and User:GeneralNotability/spihelper.js, among others.

Guide to checkusers
The Meta checkuser help page gives checkusers the following information:
 * CheckUser is a technical tool, and requires a significant degree of familiarity with IPs, IP ranges, and related principles, to be correctly used.
 * CheckUser is not magic wiki pixie dust. Almost all queries about IPs will be because two editors were behaving the same way or an editor was behaving in a way that suggests disruption. An editing pattern match is the important thing; the IP match is really just extra evidence (or not).
 * Most dialup and many DSL and cable IP addresses are dynamic, meaning they might change every session, every day, every week, every few months, or hardly ever. Unless the access times are immediately before and after each other, be cautious in declaring a match based on IP address alone. Experienced check users will learn to recognise if an ISP changes frequently or occasionally. Proxy IP addresses might not be a match, depending on the size of the organisation running the proxy (per whois output). If it's an ISP proxy, it is not so likely to indicate a match. (Note – some users, particularly those involved in technical matters, can help identify whether an IP is likely to be a proxy, or is likely to be static, fast, or slow changing.)
 * There is both a checkuser mailing list, and a checkuser irc channel , providing means to consult and get advice on checks and their interpretation, especially in the case of more complex vandalism. Both are used by checkusers on all Wikimedia Foundation projects; they are not just for the English Wikipedia. Access to the IRC channel is by invitation only and the checkuser mailing list does not accept correspondence from non-members – users seeking assistance of a local checkuser should see the above. Checkusers also have access to a private wiki where they can share data with other members of the global checkuser team. It can also be used to store historical CheckUser data, typically in cases of long-term or complex sockpuppetry.
 * Checkusers also have access to the channel, as do oversighters.
 * Checkusers who are executing a CheckUser query should remember that anonymity tools can spoof headers, including the useragent, which may make it appear that a good-faith editor with IPBE is actually a sock of a disruptive editor.

Reasons and communication
Checkusers must be able to provide a valid reason to another checkuser (or the Arbitration Committee) for all checks they conduct.

Checkusers should clearly mark as a "checkuser block" any block based on findings that involve checkuser data. The templates checkuserblock, checkuserblock-wide and checkuserblock-account may be used for this purpose. However, in the case of such blocks, checkusers are not required to explain to non-checkusers the specific evidence at play (and are prohibited from doing so by the privacy policy).

CheckUser blocks
Checkusers can block accounts based on technical (checkuser) evidence. They will make clear in the block log summary that they have blocked as a "checkuser action", usually by including the checkuserblock, checkuserblock-account, or similar templates. These blocks must not be reversed by non-checkusers. Administrators must not undo nor loosen any block that is specifically called a "checkuser block" without first consulting a checkuser or the Arbitration Committee. However, all checkuser blocks are subject to direct review and significant scrutiny by the other checkusers and the Arbitration Committee. Users whose block log summary indicates a checkuser action may appeal the block, and are expected to do so on-wiki using the unblock template.

Log of checks


CheckUser queries cannot be executed on the English Wikipedia without the initiator entering something into the "Reason for check" field, which is akin to the edit summary feature for page-editing. All queries are logged at Special:CheckUserLog, which is visible to other checkusers through Special:CheckUser. Each entry in the log will show who ran the check, when, the check reason, and what type of data was called (the tool can be used to get IPs, edits from an IP, or users for an IP). The log does not display, nor allow for the retention of, data returned from a check.

Assignment and revocation
Checkuser permissions are assigned by the Arbitration Committee. While many users with checkuser permissions are or were members of the Arbitration Committee, the Arbitration Committee also appoints a number of editors as checkusers, typically around once a year. Users interested in obtaining access should add the ArbCom noticeboard to their watchlists for an announcement or should contact the Committee. Appointments that are confirmed by the Arbitration Committee will be posted on Requests for permissions on Meta-Wiki; a steward will assign the permission once the user has completed and signed the necessary non-public information confidentiality document.

Checkuser permissions can be revoked for not meeting the minimum activity level or for cause. If the Committee feels that an editor has abused CheckUser, such as by inappropriately performing checks or needlessly disclosing privacy related information from a CheckUser inquiry, they will request a Steward to remove the permission from the editor. This may be done by any of the usual ways, including e-mail or a request on requests for permission on Meta. Emergency requests based upon clear evidence may also be made in exceptional circumstances, the same way. In an exceptional case, and for good cause, a steward may temporarily remove the permission, pending a decision by the Committee. The steward should check that the matter is well-founded, and make clear immediately that it is a temporary response only, since such an action could lead to controversy.

Complaints and misuse
The Wikimedia Foundation policy on revocation of CheckUser access states in part that:

Complaints involving the release of personally identifying information or other potential violations of the WMF's Privacy Policy should be made to the Ombuds commission.

Other complaints or inquiries about potential misuse of the checkuser tool should be referred to the Arbitration Committee.

Users with checkuser permissions
There are currently users with the CheckUser permission on the English Wikipedia. A complete listing is available at Special:Listusers/checkuser.