Wikipedia talk:Identity verification

This essay is a mess
This essay is a mess but I have to start somewhere. I looked at other essays and do not see anything quite like this.

I tried to collect what exists and put it here for anyone to consider.  Blue Rasberry  (talk)  18:26, 9 February 2019 (UTC)\


 * Seriously, ? This is a personal essay, not a "Wikipedia" essay. How about you create this in your personal userspace before sticking it with a tag that implies this page has some kind of authority? It disturbs me no end that longtime participants of this project push newbies to build their work outside of the "main" space and then do things like this.  Build it, get consensus for it, then bring it into Wikipedia space. If you need help moving it to your userspace let me know.Risker (talk) 19:54, 9 February 2019 (UTC)
 * You said that my actions disturbed you. When interaction becomes negative and emotional my default response is to offer communication by voice or video. I do not immediately understand what you want but of course I would talk it through in the way you choose. I just sent you an email with my phone number and appointment calendar. If you want to voice talk then we can voice talk; otherwise we can continue here but I anticipate more misunderstanding and a longer exchange in wiki text.  Blue Rasberry   (talk)  20:07, 9 February 2019 (UTC)
 * You're trying to start a discussion, from what I can see on this page. An essay is not the way to do this. A discussion at one of the village pumps, perhaps. A discussion at an existing policy or process page that directly relates to this, maybe. It's probably not going to be appreciated at all at Commons that there might be a discussion on enwiki about their existing policy; and the logical place to talk about OTRS policy is on the OTRS wiki, or with OTRS admins and teams. It's a re-creation of an already deleted essay (i.e., one that was formally rejected by the community at an MFD). You've indicated in your first post in this section that this page is "a mess", which leads me to think you realize yourself it is not really ready for discussion with the community. So...why not work on it in your userspace until it's no longer a mess? If anything, it looks like your objective is to develop kind of process that will be accepted by a range of projects, and this isn't the place to have that discussion; Meta, maybe.  Risker (talk) 20:27, 9 February 2019 (UTC)
 * Okay, I emailed you and we had a little exchange. I interpret the exchange as meaning you are not so upset about this to want off-wiki communication to resolve this more quickly. I am going to respond to your points below in other sections because any of them could be long conversations. Here are the issues I see you raising, repeated in my own words:
 * Venue of this discussion: English Wikipedia, Commons, Meta-Wiki, or elsewhere
 * Sorting of this in Wikipedia: space versus userspace, and sorting it as an essay
 * Required clarify and development before publishing something like this
 * Merging this into the existing documentation which already covers the issue
 * Some other social context for anyone joining this conversation: Risker and I have known each other for years and are collegiate, and we are both aware that the other gets involved in wiki policy. I expected that someone like Risker would speak out because the introduction of this kind of documentation is disruptive, and routine Wiki patrol seeks to challenge anything disruptive with a case for its need.  Blue Rasberry   (talk)  23:45, 9 February 2019 (UTC)
 * I just discovered the template Draft proposal and re-tagged this page as that rather than essay.  Blue Rasberry   (talk)  15:22, 5 April 2019 (UTC)

Wikimedia account verification for public figures
Since 2007 account names which match the names of public figures have been getting this template. I do not know how to count how many times this has been used, but I will guess at least 10,000 times. Here is the process which that template recommends:
 * Uw-ublock-famous
 * 1) User writes email to WP:OTRS
 * 2) In private email conversation, OTRS agents use an identity verification process to confirm that the public figure is actually the operator of the Wikimedia account
 * 3) Following that private email conversation, the OTRS agent either authenticates the account with a badge or leaves it blocked if authentication fails

The problem with this is that OTRS agents have neither a consistent identity verification process nor a badge system to report an authentication.

In practice, some OTRS agents verify identity by matching the email address of the sender to an official website, or by accepting identity documents like a national identification or passport, or by requesting a signal through another confirmed account like posting a password in a twitter feed. There is wide variation in the quality of these processes and in general the entire system is shaky. Despite its problems, I do not think it is worse or more prone to harm or problems than what is common practice elsewhere, and for other reasons, I think that despite the problems this is a safer system for all involved. Still - we are approaching the time to modernize this. Modernization could start with documenting what happens now, what the user need is, and what our technical options are for a different way. If we had that information then we could convene a discussion. Without that information it is challenging to have a discussion.  Blue Rasberry  (talk)  18:41, 9 February 2019 (UTC)

About this document
I started this page, Identity verification, to publish and establish as common knowledge that no practical documentation on identity verification exists. I wanted to list what documentation exists on certain fringe cases, and to create a hub for the eventual creation of documentation, but I have no conscious agenda to guide the documentation to any particular end except development.

I do wiki policy writing. Some relevant sectors in which I am active and where identity verification is an issue are in user misconduct, where I promote research and write policy; WP:OTRS, where I am an agent and participate in community governance; medical media, where I advise about when and how patient photos can appear as Wikipedia's medical illustrations; and institutional partnerships, where I train organizations to appoint Wikimedians in Residence / Wikimedia staff and have these people do identification on behalf of their organization for media uploads.

I am saying all this to share that clarity in the documentation would be useful for me on several fronts. Getting clear policy and guidance is not as important to me as being able to recognize what guidance exists. In lots of cases, the answer is none, and it is helpful for me to be able to state that as a way of orienting conversations and technical writing for process.

The really strange part about all of this is that identity verification is a routine practice in English Wikipedia, meaning that in a range of circumstances some Wikimedia administrative process requests that someone match their off-wiki identity to their wiki user account. This happens every day and has happened thousands of times and we have plans to continue this. However, there is no documentation about this, including discussion of whether we should do this, and if so how, and what to do with personal identifying information that is sensitive.  Blue Rasberry  (talk)  23:45, 9 February 2019 (UTC)

Venue: English Wikipedia, Commons, Meta-Wiki?
This documentation affects practices on various Wikimedia projects including English Wikipedia. Typically cross-wiki discussion happens at Meta-Wiki. Probably the biggest single stakeholder for this policy is Commons, so Commons could be a venue for this.

The reason why I posted this at English Wikipedia is because the English Wikipedia community is a major stakeholder in this. I made the claim on this talk page in the Uw-ublock-famous that I think at least 10,000 users have been recipients of that template since 2007. With that size of concerned users, I think I am justified in starting a discussion here. Besides those users, I think that English Wikipedia processes the most user misconduct cases and identity verification is a big part of that, even though those cases are private and challenging to count. I imagine there is another 10,000 of those cases in the past 10 years.

If policy were formed on Commons or Meta-Wiki then that would not settle the matter here, as policy for English Wikipedia has to be discussed here. I am advancing that conversation here with this documentation. Will anyone counter argue that this discussion should not happen in English Wikipedia?  Blue Rasberry  (talk)  23:45, 9 February 2019 (UTC)

Sorting as an essay rather than in userspace
I started this page in Wikipedia: space with an essay tag on it. I am indifferent about what tag label goes on top just so long as this documentation and talk page are discoverable if someone looks for them. In user space they would not be discoverable.

"Essay" is not the right fit, but it is the best label I thought to use. I actually originally labeled this with Information page by accident - that might have alarmed Risker - but I also tagged it as an essay. I am not trying to force any particular policy on anyone, but rather set a place to discuss this issue and be a hub for whatever related policies exist. Again, userspace is not right to build out documentation collaboratively.  Blue Rasberry  (talk)  23:45, 9 February 2019 (UTC)

Need for clarity
Currently this documentation says that no practical documentation exists. If I am mistaken then someone can show the existing documentation.

I made an attempt to link to existing similar documentation and discussion. Other people can add and sort more.

I expect that it will take years to develop this documentation to a usable form because this issue is complicated and because there must be hundreds of people willing to argue about this. Reasons why there is no practical documentation on this issue include the following:
 * Touching identity is a legal issue. WMF lawyers govern parts of this but not all of it, and it is challenging to separate the difference.
 * We have very little technical able to manage identity verification, yet we are in the weird position of doing it often and continually on a scale of tens of thousands
 * Identity verification is often entangled with investigations of user misconduct, which many people find unpleasant to examine

I assert that there is no clarity to be found right now on this issue. I expect that if anyone convened a conference to address this then the documentation would advance but still have big unresolved issues to work on for years. I am comfortable posting all this now, even without clear instructions, to identify what we know and advance the discussion.  Blue Rasberry  (talk)  23:45, 9 February 2019 (UTC)

Merging this into the existing discussion
I linked a lot of existing discussions in the first draft of this documentation. I am unable to find existing documentation on the general process and circumstances of "identity verification". If someone sees that kind of hub already in existence then a merge might be necessary. I do not think this concept already exists in English Wikipedia, especially for documenting the many circumstances in which the Wikimedia community is already practicing identity verification. Can someone demonstrate otherwise?  Blue Rasberry  (talk)  23:45, 9 February 2019 (UTC)

Discussion about this information elsewhere

 * Village_pump_(policy)
 * Wikipedia_talk:Harassment
 * Wikipedia_talk:WikiProject_LGBT_studies

 Blue Rasberry  (talk)  22:19, 17 February 2019 (UTC)

Cases

 * Talk:Jussie_Smollett


 * 2019060310006433
 * 2019031910009513
 * 2019061010007982
 * 2019062710006531
 * 2019080110008217
 * 2019080110007334 - unusual, because no template on user talk page
 * 2019091210006812 - not sure why this person asked
 * 2019120210005201
 * 2020011610008931
 * ticket:2020011510000637
 * ticket:2019110310003293
 * ticket:2020011510000637 - an academic requests that Wikipedia call them only by one name. The argument is that global publishing databases pull data from Wikipedia and if Wikipedia has various versions of their name then their professional reputation would be harmed. Their fear of algorithmic bias is warranted, but personally, I think the multi-billion dollar academic publishing industry has more responsibility and control here than Wikipedia. Still - many, many academics as bad to use and good to blame.
 * ticket:2020022310004232
 * ticket:2020021010002241
 * ticket:2020041710010895 user asked to post to twitter to verify identity on a Wikipedia account
 * ticket:2020060110008996
 * ticket:2020061110009351
 * ticket:2020061610009001
 * ticket:2020062410004723
 * ticket:2020062310010316
 * ticket:2020070110004149
 * ticket:2020070310007179
 * ticket:2020071310005732
 * ticket:2019121710006066
 * ticket:2020072310000094
 * ticket:2020072710007017 -- identity verification not necessary.
 * ticket:2020083110000988
 * ticket:2020090210007104
 * ticket:2020092910019631
 * ticket:2020100510010646
 * ticket:2021010810008196
 * ticket:2021012010001535
 * ticket:2021012310006776
 * ticket:2021020910007077
 * ticket:2021030110014287
 * ticket:2021040810010089
 * ticket:2021040810010089
 * ticket:2021041910012995
 * ticket:2021050310003639
 * ticket:2021070310002145
 * ticket:2021121510011013
 * ticket:2022011210008882
 * ticket:2022022810011515
 * ticket:2022022810008789
 * ticket:2022082610005855

In these tickets, someone writes in to attempt to do identity verification.  Blue Rasberry  (talk)  20:58, 14 June 2019 (UTC)


 * Seeking support from others
 * User_talk:Someguy1221
 * User_talk:Dave_Stockwell

Seek documentation from template management talk page
I think that Uw-ublock-famous is the origin of most Wikipedia community requests for wiki account holders to perform identity verification to the Volunteer Response Team. That template does not have its own talk page, and just redirects to Wikipedia talk:Template messages/User talk namespace.

The only prior discussion that I find for this template is
 * Templates_for_deletion/Log/2008_June_20

I recognize "Wikipedia talk:Template messages/User talk namespace" as the current jurisdiction for discussing this template because currently, this is the template's talk page. However, I think the community there is more interested in user namespace template mechanics and not social issues like identity verification. For that reason, I would like to move identity verification policy discussion to here.

I am cross-posting at that forum to ask if anyone knows of prior discussion on this issue and to get opinions about moving all discussion on identity verification to here.  Blue Rasberry  (talk)  11:41, 4 June 2019 (UTC)
 * I agree with your analysis, conclusions, and proposal. I can also confirm that there are confused recipients of that template/block, and that the current docs on this project page are very confusing. Quiddity (WMF) (talk) 23:02, 2 August 2019 (UTC)

Better advice for editors
I'm not sure how I stumbled across this page, but I would like to discuss how I can help improve it.

My motivation is twofold:
 * 1) I handle a lot of such requests at OTRS (I'm currently involved in two at the moment) and it is my opinion that the general advice of editors to send people to OTRS ought to be modified.
 * 2) Given our policy of not permitting scans of typical identity documents such as drivers licenses and passports, verifying identity is challenging and I'd like to see us sort through acceptable approaches in an organized way so that those cases that legitimately belong at OTRS can be handled by knowledgeable agents

I see you've gotten some pushback on this proposed guideline, and if I'm reading the history correctly, you were actively working on it but have taken a pause.

It's my observation that many inquiries to OTRS occur when someone creates a username matching the name of the person about whom we have a biography, and someone believes that the best next step is to send them to OTRS. it is my opinion that this advice ought to be modified, so one of the early steps is for you and I and other members of the community to determine whether my view on this is valid.

It is my guess that 90% of the time that Jane Doe creates the username "Jane Doe" and edits the article with the same name, that person has created the username for the sole purpose of editing that article and is unaware of Autobiography. My experience is that once they become aware of this limitation, they are much less likely to be interested in going through the verification process.

It is my speculation that Jane Doe wants the username "Jane Doe" (as opposed to a pseudonym) because she presumes that this will carry more weight when editing the article "Jane Doe". If she knew that this were not the case and in fact should not be directly editing the article about her, the interest in verifying her identity drops considerably. We are wasting the time of editors and potential editors and OTRS agents when we give such advice.

If we are on the same page, I'd like to figure out how to make that point to editors, which might include making it prominent in this potential guideline.-- S Philbrick (Talk)  19:19, 18 January 2020 (UTC)
 * As follow-up, item 2 ought to be carried out in OTRS documentation probably not here, although some discussion about acceptable forms of identity probably does belong somewhere in Wikipedia. S Philbrick (Talk)  19:21, 18 January 2020 (UTC)
 * Yes, I agree, we have no special privilege for anyone who wishes to edit Wikipedia articles which feature them as a subject. Many people are under the misconception that, for example, a person has overriding editorial control of the Wikipedia article which features them. Anything we can do to communicate that is beneficial.
 * However, why not dissuade people entirely from confirming their identities? Why is identity verification a service which Wikipedia should offer and mediate at all? I can understand that some people may wish for this service to be available, but the Volunteer Response Team as a community decides what to offer. What use is it for the VRT to offer this service in any routine context?  Blue Rasberry   (talk)  20:08, 18 January 2020 (UTC)
 * , Talk about thinking outside the box! That is one option, maybe after I let it percolate I will support it. At the moment, I'm thinking we could solve roughly 90% of the problem by informing them that is the subject of an article, that not only don't have special authority, they have some limitations.
 * My slightly less the than nuclear option is to change the template we use when we identify a problematic username, tell them about autobiography and/or COI or both then tell them if they'd still like to edit, they should choose a pseudonym, and we can help them with that, and if they still think they'd like to register their real name, we can identify a list of acceptable identification options (verified twitter account, email address associated with an organization known to vet their email addresses, verified control over a website registered to them etc.) and if they aren't on the list, then pseudonym is the only option; we shouldn't tear our hair out to come up with another solution. S Philbrick  (Talk)  20:42, 18 January 2020 (UTC)
 * Hmmm... a few thoughts: yes, we could likely be upfront with people about how little they can edit their articles per COI... but, there are many cases where people create accounts of famous people's names (sometimes being that person) and the only way to ensure we aren't allowing impersonation (a rather important thing) is to have them verify their identity. The only way I know of right now to do this is to have them email us from an official address, or for them to email us from a gmail type address but then also ensure that email is listed somewhere they own publicly. For most people who are current or recent past notable, these types of ID verification are pretty simple (people notable before things like twitter or personal websites existed however is where it gets a little rougher). I also think that there is some benefit to our community when they can know what level of COI editor they might be dealing with, so there is the unmentioned benefit of saving some of our editors' time and ensuring our COI policies are properly enforced. So, even though the article subject might lose interest in the verification process if they know the limitations... it is technically a thing that benefits our editorial community (especially on articles that aren't watched that much). To User:Bluerasberry, I will note there is one thing that people can request as an article subject that otherwise cannot be requested: WP:BLPREQUESTDELETE... so technically there is at least one "special privilege" that such people have. Of course, those requests can also be handled directly by OTRS instead of requiring the article subject create their own account... but, I'm more referring to the cases where they create those user accounts before ever contacting OTRS. And on a final note, I don't think that most such people are going to be looking through our policies to find such stipulations before they create an account with their name... so I also don't know that it would help even if we decide to explain some of this in policy. As all I see coming from informing people after they contact OTRS, is a lot of blocked accounts that just linger around... then the person who ended up blocked just editing from an IP address or creating another account and not using their name... which then creates a blind spot for our editors. In short: decent ideas, but I think they would create more hassle for our editors then they would save for our VRT members. (As far as overall making the rules clearer for our agents to deal with such issues: I'm always for that, and that stands separate to my overall reply to the idea of lowering the amount of ID verification conducted.) — Coffee  //  have a ☕️ //  beans  // 20:58, 18 January 2020 (UTC)
 * Hmmm... a few thoughts: yes, we could likely be upfront with people about how little they can edit their articles per COI... but, there are many cases where people create accounts of famous people's names (sometimes being that person) and the only way to ensure we aren't allowing impersonation (a rather important thing) is to have them verify their identity. The only way I know of right now to do this is to have them email us from an official address, or for them to email us from a gmail type address but then also ensure that email is listed somewhere they own publicly. For most people who are current or recent past notable, these types of ID verification are pretty simple (people notable before things like twitter or personal websites existed however is where it gets a little rougher). I also think that there is some benefit to our community when they can know what level of COI editor they might be dealing with, so there is the unmentioned benefit of saving some of our editors' time and ensuring our COI policies are properly enforced. So, even though the article subject might lose interest in the verification process if they know the limitations... it is technically a thing that benefits our editorial community (especially on articles that aren't watched that much). To User:Bluerasberry, I will note there is one thing that people can request as an article subject that otherwise cannot be requested: WP:BLPREQUESTDELETE... so technically there is at least one "special privilege" that such people have. Of course, those requests can also be handled directly by OTRS instead of requiring the article subject create their own account... but, I'm more referring to the cases where they create those user accounts before ever contacting OTRS. And on a final note, I don't think that most such people are going to be looking through our policies to find such stipulations before they create an account with their name... so I also don't know that it would help even if we decide to explain some of this in policy. As all I see coming from informing people after they contact OTRS, is a lot of blocked accounts that just linger around... then the person who ended up blocked just editing from an IP address or creating another account and not using their name... which then creates a blind spot for our editors. In short: decent ideas, but I think they would create more hassle for our editors then they would save for our VRT members. (As far as overall making the rules clearer for our agents to deal with such issues: I'm always for that, and that stands separate to my overall reply to the idea of lowering the amount of ID verification conducted.) — Coffee  //  have a ☕️ //  beans  // 20:58, 18 January 2020 (UTC)

Propose to suspend checks of identity cards
Wikipedia volunteers, including WP:Volunteer Response Team agents should suspend all processes which require the private examination of a personal identification card. I am not sure how often this happens. There is an existing user demand, mostly from people who do not understand Wikipedia, that they would like to email copies of their ID cards to us. I propose to discourage this practice and suspend any process which depends on a Wikipedia volunteer's private examination of an ID card. Identification cards include Reasons for not allowing this include
 * passports
 * government-issued ID
 * school or employer ID
 * 1) These documents are private, sensitive, and require security
 * 2) There is no training in place for volunteers to do this
 * 3) We do not have secure software in which to view these documents

Unless someone argues that Wikipedia volunteers need to see private documents, I would like to set a default practice that we do not ask for these and do not use them if people submit them in private. If someone wants to perform and document and extraordinary exception, then that might be okay, but anyone doing this should mark that they have transgressed a norm. If an individual service user really wants to show their identification, then they themselves can upload it to Wikimedia Commons or a similar public repository.

Is there anyone who will defend the need to scrutinize ID cards in private, if this even happens?  Blue Rasberry  (talk)  19:38, 18 January 2020 (UTC)


 * To 's list I'd add a fourth:
 * 4. We have no way to verify that the scan of the ID was sent by the subject of the ID.
 * - Cabayi (talk) 12:34, 6 July 2021 (UTC)

Reconsider Wikimedia Commons permission verification
In Wikimedia Commons sometimes Wiki volunteers seek additional verification that a copyright holder has applied a free copyright license to a file. Examples include media collections from institutional partners, previously published photos, and works of professional individuals.

By default, we developed a practice of withholding the identity of the individual copyright holder. The permission process considers two classes of uploaders in Wikimedia Commons: uploads from Wikimedia account holders who are logged in, and uploads from third parties whose files enter commons through a Wikimedia account holder. If a file has no label indicating otherwise, then the system reports that the Wikimedia account holder who uploaded the file is the copyright holder. Wikimedia account holders get certain rights, including the right to use their account name as a pseudonym, and no one is proposing to modify the way that works.

If there is an upload from a third party, then anyone can upload that file, but we require email or other sort of permission from the copyright holder in a special document and process described at commons:Commons:OTRS. By default, and for reasons which I think exist in no public record, when we do third-party verification, we are currently withholding the information from the identity verification process we use to confirm permission from the copyright holder.

I propose to have a new default in this process, which is that instead of keeping the identity of the copyright holder private by default in the permission verification process, we instead make it public by default. If we did this then the public could scrutinize the validity of the copyright permission. Also, we would shift the thin process for identity verification from private volunteers to the crowdsourced community.

Here are some problems with the current system:
 * 1) A user wishes to double-check that a copyright license is valid. This person simply has no recourse except to ask an agent to check it again in private, and get a yes/no answer. We will not tell anyone who is claimed to have granted copyright permission, and how we verified their identity, and whether they had an agent represent them or whether we talked with them directly, or any measurement of certainty that our documentation is true.
 * 2) Suppose that a museum of other institution donates a photo collection. Someone wants to know who to contact at the museum to ask about rights to the photos. Right now, our process is that we will not reveal the identity of the person who applied a free copyright license, not to the museum itself, or to archivists or researchers, or anyone in the Wiki community. No museum or institutional partners has ever requested identity security, yet we practice this by default for no apparent reason. Instead of reporting, "permission verified", we should say "Jane Doe at Art Museum verified by the standard form", or similar.
 * 3) The email process is antiquated anyway. People can edit the email permission to change things and we do not do version control on the forms we receive. By having this private system of verification, we get blocked to innovate and change for example to automated forms with standard language. Having humans look at our pseudo-legal forms which the user can modify is not a scalable practice. If instead copyright holder and parts of the verification process could be public, then we could use forms which put the information we collect in the metadata. This should include the identity of the copyright holder by default. We could invite people to verify some things with email address and publish that, because that works for many museums, schools, governments, and other institutions with a domain address which they should like to share publicly on their media.

If we advance this conversation we have to go to Commons. For now, here, I want to check thoughts of others about reducing our identity verification practices. Thoughts?  Blue Rasberry  (talk)  20:03, 18 January 2020 (UTC)

Reverse situation
This page is about people showing identification to Wikipedia.

Here is the opposite situation, where someone named John Torode uses Wikipedia as proof of identity.

I suppose there is no relationship between the two practices, but I thought I would drop this here.  Blue Rasberry  (talk)  21:38, 6 February 2020 (UTC)

Ping to Unblock Ticket Request System

 * Wikipedia_talk:Unblock_Ticket_Request_System

 Blue Rasberry  (talk)  12:33, 24 June 2020 (UTC)

Questions on your draft (and the process in general)
and others, I was looking to various website's "verification" processes for any other verification processes that we could add. Unfortunately, all of them seem to be quite cryptic or boil down to providing some form of identity:
 * Twitter has shut down it's verification program (when it was functional it required an ID)
 * Youtube uses a cryptic verification program that it hasn't released
 * Facebook and Instagram require an ID
 * Interestingly, Spotify requires no form of identity for a "blue checkmark" on artists. Don't know why this is.

The problem I see (and I presume the point of this draft proposal is) is that Wikipedia doesn't want "popular" users to be verified: it's about new editors with the usernames of famous people, or confirming identity via OTRS to trigger BLPDELETE.

On regards to identity verification, here are some of my thoughts:
 * 1) Not currently listed in the essay are some of the current practices. I think these should be listed so other editors not on OTRS can give input. Specifically, that is having a verified social media account (in any form), or having an email address associated with a credible domain. That is, .edu, .gov (or any government domain), or a website that seems to be credibly associated with the person.
 * 2) Following that, I suggest we make it a new practice to check the whois data on the website associated with the person. Any website very recently created (say, in the last year) should be suspicious and a tell-tale sign of a possible hoax. It is quite easy to create impersonation websites, just as it is easy to create impersonation social media accounts (which preventing is the whole point of verification).
 * 3) It would probably be necessary (and at some point we should, I suggest sooner rather than later) ask for WMF-legal's opinion on the legality of processing legal IDs. Currently, the highest level of user trust for solicited private information for non-employed staff is oversight (and I suppose whatever goes through the stewards queue), as they can view any personal information that was added in oversighted edits. But in my opinion legal IDs go a step beyond that, because real, lasting damage can be inflicted to someone with possesion of those IDs. If such a system was created, I think the IDs should be deleted after a certain point in time. Indefinite storage of such IDs is just begging for a rogue user to leak everything.
 * 4) On that point, there exists non-legal IDs, such as university cards (that still have photo identification), that are linked to a public authority. Could these be viewed as a valid form of indentification in the face of not being able to process legal IDs? My opinion on the matter is yes, as long as along with the ID they provide has some sort of numerical ID which could, upon controversy (by that I mean tangible doubt that the user is actually who they say they are), be queried to the authority for verification.
 * 5) For academics, I like the idea of using ORCID (as linked on the essay). On one's ORCID profile, one can add a "social link," under which a Wikipedia profile could be posted. The only thing is that most academics already have institutional emails, so this is kind of a moot point.

These are just my thoughts when I read this essay. , you wrote this essay over a year ago. I see that very little people have participated in the discussion, but I'll try to in the future. Hopefully, this process can reach some sort of resolution, and not die out. Sam-2727 (talk) 03:17, 29 June 2020 (UTC)
 * Thanks yes you understand the situation.
 * About documenting best practices - as you found, the other major websites decline to document their best practices. After all these years and so many websites doing this, the lack of public documentation itself seems like a best practice adopted by experts.
 * Checking Whois data or any other details of identity verification follow the confirmation of best practices. I am not sure what would happen if we had that discussion.
 * About asking WMF Legal - increasingly, a lot of Wikimedia community answers are converging to "involve the WMF". When the WMF gets involved, they hire 3 non-wiki people @ US$100k/year each to interview volunteers from an outsider perspective of what should happen. The WMF has a place but my preferred role for them is inviting them in to an established community discussion which already has some consensus. Eventually I would like for the Volunteer Response Team to have regular online meetings, which I think people would join and would be popular (1 hour, every 1-2 months for English language?) but it takes capacity to set these things up. I support legal involvement but an outcome which I do not want is WMF taking over the volunteer leadership roles. If there are no documented best practices confirmed, legal does not have more to review than we do. I have the idea that 5 volunteers talking for an hour would get more progress at this point than bringing in legal or new consultants in several months.
 * Same as #2 - if agreed to confirm a process then this would be a detail in it. I think confirming the existence of a process will be more difficult than any of its details.
 * I think this issue can sit for some years. It is important but not urgent, as it has been pending since 2007 when identity verification first began.  Blue Rasberry   (talk)  11:07, 29 June 2020 (UTC)
 * , thanks for the quick response. To expand on your case studies, I found quite a few verified accounts on Wikipedia and documented their practices: otrswiki:User:Sam-2727/Verified accounts. That's fair at this point legal isn't needed. I just think at some point it will be necessary, particularly if bringing in identification verification. Do you think the next step, before creating an official enwiki policy, would be to create an easy to follow guide/list of steps on verification on OTRS wiki (following current practice with checking email addresses)? From the accounts I studied, it seems that one of the major problems is either agents asking for too little or agents asking for too much information. In some cases, a legal ID was still asked for even though this isn't supposed to be asked for. Sam-2727 (talk) 17:13, 29 June 2020 (UTC)
 * Also with respect to identification, it seems that some people send such identification unsolicited. I think the block template could be modified to reflect more of what people will be asked to provide (i.e. not a legal I.D. but just some sort of official email address/account). Sam-2727 (talk) 17:15, 29 June 2020 (UTC)

Wikipedia as the authority for identity verification


 Blue Rasberry  (talk)  20:10, 8 December 2020 (UTC)