Wikipedia talk:Sockpuppet investigations/Archive 14

Sockmaster Kalki going for sysop at en.wikiquote
Sockmaster Kalki going for sysop at en.wikiquote:


 * 1) Prior history by at https://en.wikiquote.org/wiki/User:FloNight/Kalki
 * 2) Chronology and restrictions noted at https://en.wikiquote.org/wiki/User:Kalki/Restrictions
 * 3) Current ongoing RFA at https://en.wikiquote.org/wiki/Wikiquote:Requests_for_adminship/Kalki_(3rd_request)

Notifying here as it is directly relevant when a sock master with over 200 plus sock farm seeks rights of trust such as sysop.

Thank you for your time,

&mdash; Cirt (talk) 17:08, 20 January 2014 (UTC)
 * I see this was collapsed. I've got no objections to that. I respectfully defer to the judgment by . :) Have a great day, &mdash; Cirt (talk) 18:03, 20 January 2014 (UTC)
 * I once again must thank User:Ajraddatz for a notification of the cross-wiki canvassing Cirt has begun doing against me, and his objections to it at Talk:CheckUser_policy where he states "A vote for local adminship should be up to the local community and not the meta one." I believe that anyone who looks into matters thoroughly will discover that Cirt has had a long history of cross-wiki harassment and defamation of me in various deceitful ways. Anyone interested in a few of my impressions of things can find some of them at User:Kalki/Chronology. This is not yet anything close to a completed work, and I intend to add to it extensively in the coming year, detailing some of the very unfortunate abuses and truly malicious deceptions I have witnessed in my many years of serving the honorable Wikimedia projects, as well as the notable and inspiring forms of progress. Blessings to all. ~ ♞☤☮♌Kalki·†·⚓⊙☳☶⚡ 21:15, 20 January 2014 (UTC)

Notification
Notification appears to be discretionary and the template for notification optional but If an editor decides to leave a comment on the talk page of the person for whom a Sock Puppet Investigation has been requested, should that editor mention this in one of the comment sections on the page for the open case in question? That seems appropriate to me, especially if the editor is involved in such a case as Clerk, CheckUser, and/or patrolling admin. Verso.Sciolto (talk) 04:15, 21 January 2014 (UTC) — Berean Hunter   (talk)  15:44, 21 January 2014 (UTC) — Berean Hunter   (talk)  04:52, 22 January 2014 (UTC)
 * Why? Anyone who is looking into the case will be aware of it by default.
 * For the same reason links are provided to specific entries / differences from articles, contribution lists and talk pages. Ease of reference and direct access to pertinent materials via one centralised location, for those reading about a case. A note in the comments will provide a link with a timestamp for a notification that may already have been archived. Do not know what you mean by default - there is no reference to such a notification that I can see, not when looking at the list of open investigations nor when looking at the page for a specific investigation either. Verso.Sciolto (talk) 04:29, 22 January 2014 (UTC)
 * By default, anyone who is looking at the case will have discovered such talk page notices themselves so there would be no need to state the obvious.
 * Thank you for your clarification but I disagree with your assessment. If I had thought it was obvious I wouldn't have left this suggestion. Leaving a notification or comment on a talk page is not the default. Since leaving notifications on the talk pages of editors for whom an investigation has been initiated is not done in all cases, and is in fact strongly discouraged by sock puppet investigators in most cases, a reader can't therefore expect that a comment will always be present on talk pages of those involved. It therefore seems appropriate to me, especially for a Clerk, CheckUser, and/or patrolling admin, to make note in the case record when they have left a comment on the talk page of the person(s) under investigation. A note in the comments for a specific investigation will lead directly to a specific entry in a talk page history/archive and will also inform those who don't have the talk pages on watch that there has been some activity in the public portion of an investigation and it will provide guidance for those who may check a closed case in the future after it has been archived. Verso.Sciolto (talk) 05:34, 22 January 2014 (UTC)

IP users
If one suspect a IP user to actually be an user under a different IP number which has also edited the article (without linking the accounts), whats is the appropriate action? Assume that the IP changed from being dynamic and talk to the user on their talk page and try get them to link the account, or is it better to let the administrators take care of it so the user do not feel accused by an other editor? I found that together with identical editing style, the geo-ip resolve to the same location and same ISP. Belorn (talk) 21:48, 27 January 2014 (UTC)

LanguageXpert IP rangeblock
I requested a range block on the IP range (39.32.x.x) used by the LanguageXpert in the last report I filed, but I am not sure if it was done as I still see his IP sock edit warring. This user edits a large number of articles so it is a cumbersome process to request semi-protection of each article separately and presenting a new case every time that is reviewed by a different admin. The issue is actually the edit wars LanguageXpert socks and IP socks get into, on most of the articles it is with Bhural socks (182.x.x.x) and possible meat puppets (41.x.x.x). So can someone please review it. -- S M S   Talk 05:06, 28 January 2014 (UTC)
 * , the range he uses is very busy, and far too many innocent editors would be inconvenienced if we blocked it. I'd like to be able to block it, but sadly, it won't be possible. ​—DoRD (talk)​ 13:12, 28 January 2014 (UTC)
 * Thank you for reviewing it. Seems like the semi-protection is the only way forward. -- S M S   Talk 18:40, 28 January 2014 (UTC)

Leoesb1032
Sockpuppet investigations/Leoesb1032 has not been processed in two weeks. Could a checkuser please take a look? Thanks. -- King of &hearts;   &diams;   &clubs;  &spades; 10:27, 29 January 2014 (UTC)

ACC backlog
Just a poke, ACC has 69 waiting requests, if anyone is available. Thanx   Mlpearc  ( open channel ) 18:36, 7 February 2014 (UTC)

Socks and masters
Hi, I have recently met a new account which is obviously a sockpuppet. However, connecting the account to a specific sockmaster is difficult because there has been some attempt to conceal the persona (the account is more interested in stalking adversaries than in inserting specific content), so I can see overlaps with two different well-established editors - and I'm sure those two are different people. So, this doesn't quite fit into the standard SPI approach where you name the sockmaster upfront - and I am always wary of falsely accusing people. What's the best approach to take here? bobrayner (talk) 15:01, 15 February 2014 (UTC)
 * , if you send me an email message with the account name and your suspicions, I'll try to advise you as to how to proceed. ​—DoRD (talk)​ 15:14, 15 February 2014 (UTC)
 * Thanks. I think there is a storm brewing offsite, and I expect more sockpuppets to appear in the Balkans soon - sorry for keeping you guys so busy! bobrayner (talk) 16:12, 15 February 2014 (UTC)

Scholarscentral
Any idea what the delay is on getting this one dealt with? Thanks. --JBL (talk) 14:48, 25 February 2014 (UTC)
 * It looks dealt with now. We're just extremely backlogged. NativeForeigner Talk 18:13, 26 February 2014 (UTC)
 * Yep, thanks! --JBL (talk) 19:53, 26 February 2014 (UTC)

Request for sock puppet data
I am a computer science Ph.D. student. Is there a list of sock puppets that have been identified? Srijankedia (talk) 23:42, 26 February 2014 (UTC)
 * I don't know of any specific list of sockpuppets, but you can find a list of cases here. ​—DoRD (talk)​ 17:32, 1 March 2014 (UTC)
 * Also, this category is a partial list of sockpuppets. ​—DoRD (talk)​ 17:36, 1 March 2014 (UTC)

Not sure who registered first but I know it is a sock puppet.
The user Shabir ali khan and Shabirdop are indeed the same user-but can't do a report as I don't know who registered first. Wgolf (talk) 06:57, 1 March 2014 (UTC)


 * Wgolf, Shabirdop was created on 28 August 2012 and Shabir ali khan on 3 January 2014. But have they violated the Sock puppetry policy? -- S M S   Talk 17:28, 1 March 2014 (UTC)

Thanks-and yes since the user Shabirdrop made a bio page for himself with the name Shabir ali Khan as well as edited that users page. It seems likely. Wgolf (talk) 17:29, 1 March 2014 (UTC)

Tagging IPs
You are invited to join the discussion at Wikipedia talk:Sockpuppet investigations/SPI/Administrators instructions regarding tagging IPs that are sock puppets.—Bagumba (talk) 07:12, 24 March 2014 (UTC)

Reminder to clerks
Please make sure that there is enough evidence that is clearly outlined before endorsing checks. If the CU has to go reading through the archives or contributions to determine if there is enough evidence, that is not a good use of their time, especially as we are quite short on CUs this week. --Rschen7754 07:35, 25 March 2014 (UTC)

Two SPIs that may need merging
Sockpuppet investigations/Turgeis/Archive is about copyvio from a book by Charles Esdaile. The latest round of Sockpuppet investigations/-Ilhador-/Archive is about pushing concepts from the game Europa Universalis into our articles and was seen as overlapping with Turgeis at the time. I can confirm that there is a clear overlap from editors and two IP ranges (at least). Dougweller (talk) 16:14, 30 March 2014 (UTC)

Staleness
I have seen several requests for CheckUser at SPI declined because the diffs have become "stale". When would a case become "stale" for a CheckUser to make an adequate check? There's been quite the backlog at SPI lately (with some cases unattended for almost two weeks), and what I don't want to have happening is a case to go stale because of it. Thanks, Mz7 (talk) 01:20, 6 April 2014 (UTC)
 * Generally, data used by CUs is only retained for a few months ("This information is only stored for a short period (currently 3 months), so edits made prior to that will not be shown via CheckUser." - CheckUser policy). That's generally what stale means in the CU context.--Bbb23 (talk) 01:31, 6 April 2014 (UTC)
 * I see. Thanks! Mz7 (talk) 02:17, 6 April 2014 (UTC)

Public record of log-in/log-out times
A public record of log-in/log-out times for all registered accounts would be a great tool for sock-hunters. This would discourage socking with proxy servers because SPI clerks could look for any suspicious log-in/log-out behaviors. I.e., Editor A is accused of socking with Sock B, but the log-in record shows that either both were commonly logged-in at the same time or that they were never logged-in at the same time. Editor A logs-in for 15 minutes and makes some edits, then they log out and 2 minutes later Sock B logs-in, causes some disruption, then logs out. Editor A then logs back in and resumes editing. If editors showed a pattern of this it could be one more tool for SPI clerks. Any thoughts? GabeMc (talk&#124;contribs)  17:32, 4 April 2014 (UTC)
 * That would have serous privacy issues, and be useless if different browsers are used. Werieth (talk) 17:36, 4 April 2014 (UTC)
 * Why would there be more privacy issues then keeping a public record of my edits? GabeMc  (talk&#124;contribs)  17:40, 4 April 2014 (UTC)
 * One can log in and have a profile, preferences and such without ever editing. It also may provide far more detail than editing. A user may login daily, check their watchlist and read stuff, but make only 1 edit per week. The logs of login/logoff would provide a very detailed guide to where the person lives. Also the remember me option would mean that A user could "login" once a month, and never log out. It can also be easily spoofed by using multiple browsers and logging in within seconds of eachother. It would provide very little concrete proof while exposing quite a bit more. Werieth (talk) 17:53, 4 April 2014 (UTC)
 * I guess you're right, but what about making these available only to SPI clerks and/or CUs? GabeMc  (talk&#124;contribs)  18:00, 4 April 2014 (UTC)
 * Given how un-reliable and easy to spoof this would be, its useless as a reliable tool. Werieth (talk) 18:15, 4 April 2014 (UTC)
 * Not completely useless (e.g. for dealing with sockmasters who aren't as...technologically inclined); the results just need to be taken with a grain of salt. I don't know exactly what CUs have access to, but I wouldn't be surprised if they could see this sort of info. 206.117.89.4 (talk) 19:15, 16 April 2014 (UTC)
 * They cannot. Someguy1221 (talk) 08:53, 18 April 2014 (UTC)
 * Yep, from my understanding, only stewards who check login.wikimedia.org would be able to see that sort of information. Is that right ? Callanecc (talk • contribs • logs) 12:31, 18 April 2014 (UTC)

Unsure if I should open an SPI
I'm kind of concerned over the edits by some editors. I've noticed a lot of various different hoax articles about Beyonce, usually under the name "Mrs. Carter". I can't remember all of them, but they've all sort of been along the same lines, such as The Mr. & Mrs. Carter World Tour ‎, The Mrs. Carter Show World Tour starring BEYONCÉ LIVE!, Beyoncé: Mrs. Carter, The Flawless World Tour, and so on. I'm not entirely certain that they're the same person, but I've noticed a specific trend lately and many of them will have the same MO, where they make a few edits, introduce a hoax article about Beyonce and then sort of skedaddle. Other than most of them sharing the term "Mrs. Carter", I'm not entirely sure that they're the same person, so I don't entirely feel comfortable making a SPI about them since I don't really have a lot of tangible proof that they're the same person, especially given that Beyonce is so publicly recognizable and thus likely that several people might want to create a hoax about her. (Which is why I'm not listing their usernames here.) Anyone have any opinion about this? I could swear that there are a few more out there, but I can't for the life of me remember which ones they are. Tokyogirl79 (｡◕‿◕｡)   08:10, 20 April 2014 (UTC)


 * The worst thing that could happen with a SPI in a case like this is that it is closed as inconclusive. The best thing that could happen is that you've busted up a sockfarm. It seems that you have reasonable cause to file one. If you need help filing it, throw me some names and I'll be happy to volunteer some assistance. Doc   talk  09:08, 20 April 2014 (UTC)
 * Can do! I'll start compiling a list. I just get this feeling that there's one or two people behind this. Tokyogirl79 (｡◕‿◕｡)   09:15, 20 April 2014 (UTC)


 * Actually... upon some really, really deep searching, I think that these might be socks of User:GagsGagsGags, who seems to be the one I was thinking of that was making similar pages. I'll make a page under that username. I have a feeling that they might be the same, so it's a good thing you encouraged me! Tokyogirl79 (｡◕‿◕｡)   09:25, 20 April 2014 (UTC)

Pirelli Brasil?
Hello, I've found this, but I don't know any edits to prove that it happened. Any suggestions? --NaBUru38 (talk) 00:29, 1 May 2014 (UTC)
 * Seems fake. I looked at some of the files they show in en-wiki (where they claim to have done this), pt-wiki (which all the shown pages were in), and Commons. No sign of any corporate conspiracy. Given that, I'm not sure of the intent of the video... 206.117.89.5 (talk) 04:08, 2 May 2014 (UTC)

Possible SPI header refactor
I think the SPI header has a few issues, from where I stand, and I'd like to improve it a little. So this post is to get a bit of feedback on possible changes.


 * Issues with current page
 * 1) Two key points are bulleted; a third bullet is crucial to state: some evidence must not be posted on public wiki pages. Even good-faith users often don't know.
 * 2) Not clear enough that in most cases behavioral evidence is enough, hence technical is extra. Makes it sound like 2 investigations.
 * 3) Disproportionate space taken for CheckUser info. CU is 1/2 of header - it's both too much, and also still omits key points.
 * 4) Omitted crucial point that sock decisions do NOT mean we magically "know" they are the same, or allege fraud took place - a very common and much-resented complaint we could completely avoid! It means  for Wikipedia purposes we treat them as if under common direction
 * 5) Poor/very limited information on basic SPI stuff, mostly left as "look it up" rather than summarized in brief.

We have "open a new case" in a collapse box. Using collapse boxes works well here. I'd like to add 2 more, one about privacy, one about CU, and thenmove most of the CU info to the collapse box, which cuts down the main text and anyone interested in CU can read more below.


 * Current header


 * Draft rewrite to consider

Feedback welcome. FT2 (Talk 22:11, 3 May 2014 (UTC)

Thank you for thinking of this FT2, but your proposal is making things more complex rather than simpler. The only direction I'm willing to move at this point is "simpler". Risker (talk) 02:57, 4 May 2014 (UTC)
 * A collapse box labeled "privacy issues" is not going to confuse people. If you believe WP:OUTING matters then you might consider where else a user will learn of this upon visiting SPI, if they visit to report socking based on - unknown to them and apparently quite reasonably - material from a forum or facebook page they follow, or email they saw.


 * If non-admins can navigate the arcane click-throughs and forms to report a sock and the technical skills to collate diffs and behavioral evidence of socking, I'm sure a collapse box explanation that says "don't post these things on the wiki, report them by email" is valid and pretty darn simple. "Simple" is indeed helpful but so is balance with actual crucial needed-by-visitors information. I'd like to hear from people who aren't admins and CheckUsers first, before judging if we can do better, if that's okay. FT2 (Talk 12:10, 5 May 2014 (UTC)
 * To your last sentence: no, I don't think we should. Admins and checkusers are precisely the people that have observed, day in and day out, what works in this process and what does not. AGK  [•] 12:24, 8 May 2014 (UTC)
 * I'm sorry to see that attitude AGK, while you  may not be interested in the opinions of mere editors, the community as a whole disagrees. All the best: Rich Farmbrough, 13:47, 8 May 2014 (UTC).
 * I'm sorry you struggle to understand what I write. I said it is worth hearing from both checkusers and editors. You surely don't propose that checkusers are to be ignored and suppressed, do you? AGK  [•] 14:39, 8 May 2014 (UTC)


 * Absolutely not. We rewrote the header because it was so full of bloat and poorly-written prose that users of this process were completely ignoring what it said. This proposal completely overturns this effort and puts us back to the days when SPI and SSP were full of complex instructions comprehensible to nobody. TL;DR still counts for something, in our book. AGK  [•] 12:22, 8 May 2014 (UTC)
 * I'm not sure it's an improvement. I would like something to the effect that checkusers will not checkuser obvious socking, as this is something that has become lost in the last few years. All the best: Rich Farmbrough, 13:49, 8 May 2014 (UTC).


 * Let me work on an alternative draft for a bit. All the best: Rich Farmbrough, 13:55, 8 May 2014 (UTC).

I have re-drafted the top section of FT2's draft. It is comparable in length with (slightly shorter than) the version we currently use. All the best: Rich Farmbrough, 14:19, 8 May 2014 (UTC).

Backlog
I submitted a request at 01:17, 1 May 2014‎ and the request was endorsed at 14:02, 5 May 2014‎. And now awaiting a Checkuser. This does not seems to be working properly. Any thought?―― Phoenix7777 (talk) 08:44, 7 May 2014 (UTC)
 * Either more admins willing to block in more circumstances without CU confirmation but mainly more active CheckUsers. Callanecc (talk • contribs • logs) 14:06, 7 May 2014 (UTC)
 * Callanecc, what is the process of being approved as a checkuser? Are there still checkuser clerks? Liz  Read! Talk! 22:29, 7 May 2014 (UTC)
 * We appear to be down a couple of CUs due to RL commitments at the moment. Although has been doing the majority of the clerk heavy lifting and  has been helping out a lot on the admin side as of late, SPI would certainly benefit from having a few more active clerks and admins. Breakdown:
 * 47 cases requiring archiving (handled by clerks or willing admins)
 * 4 cases requesting CU (to be reviewed and endorsed/declined by clerks)
 * 5 checked cases (requiring follow-up and closure by clerks)
 * 26 open cases not requesting CU (can be handled by any willing admin)
 * 2 cases requiring further info from OP
 * Therefore out of 94 cases, only 10 require immediate CU attention. Information regarding Checkuser elections can be found here and information regarding clerking can be found here.--Jezebel's Ponyo bons mots 23:11, 7 May 2014 (UTC)
 * Thanks for the link, Jezebel's Ponyo . I didn't realize how much of the work here was done by clerks. Liz  Read! Talk! 16:19, 8 May 2014 (UTC)

Morning277 pattern?
Article New Relic: http://en.wikipedia.org/w/index.php?title=New_Relic&dir=prev&action=history August 10 2013 to September 10 2013. One suspected Morning277 sockpuppet involved. Account A adds lots of text. Changes lightly with the edit „make more neutral” after it was tagged. Account B removes advertisement tag two days later. Account C (banned: suspected Morning277) „cleans up” to make this version survive? Looks like Wiki-PR coordinated editing to me and matches their silicon valley client preference, too. — Preceding unsigned comment added by 188.104.94.195 (talk) 22:57, 7 May 2014 (UTC)

The following pages may need attention

 * 1) Sockpuppet investigations/Lilkunta/ I have moved this to Sockpuppet investigations/Lilkunta.  I believe the redirect could be speedied as  housekeeping if nothing links there. The investigation shoudl probably be archived as stale
 * 2) Sockpuppet investigationsAlexBrownGarcia should probably be deleted or hist merged to Sockpuppet investigations/AlexBrownGarcia and archived
 * 3) Sockpuppet investigationsChaosname should probably be histmerged to Sockpuppet investigations/Chaosname and archived
 * 4) Sockpuppet investigations Gareth Griffith-Jones I have moved to Sockpuppet investigations/Gareth Griffith-Jones should be archived as stale.  It may need a little tidying too.
 * 5) Sockpuppet investigation/NVanMinh I have moved to Sockpuppet investigations/NVanMinh. I don't believe any action is required.
 * 6) Wide surge 7 should probably be histmerged with Sockpuppet investigations/Wide surge 7 and archived as stale

The following SPI pages are on talk pages, and should probably be histmerged to Wikipedia space and archived as stale.


 * 1) Wikipedia talk:Sockpuppet investigations/Mukukv
 * 2) Wikipedia talk:Sockpuppet investigations/Richard Daft
 * 3) Wikipedia talk:Sockpuppet investigations/Jnc
 * 4) Wikipedia talk:Sockpuppet investigations/Himesh84
 * 5) Wikipedia talk:Sockpuppet investigations/78.144.236.198
 * 6) Wikipedia talk:Sockpuppet investigations/Thesomeone987

The following SPI pages are on talk pages, and should probably be moved to Wikipedia space and archived as stale.


 * 1) Wikipedia talk:Sockpuppet investigations/108.170.85.234
 * 2) Wikipedia talk:Sockpuppet investigations/Mankiw2

I have moved the following page from talk to Wikipedia space. It should probably be simply archived as stale.
 * 1) Wikipedia talk:Sockpuppet investigations/RussellHill 2013

Of course, feel free to revert the page moves I have made if you think it appropriate. All the best: Rich Farmbrough, 21:41, 11 May 2014 (UTC).


 * This page is a very old draft SPI in user space. I believe we have criteria for speedy deleting this sort of thing. All the best: Rich Farmbrough, 22:16, 11 May 2014 (UTC).


 * I have blanked the page, which seems both appropriate and sufficient. All the best: Rich Farmbrough, 08:29, 12 May 2014 (UTC).


 * (ec) Thanks, Rich. I deleted the redirects in the first section. I also deleted one of the cases because there wasn't anything to investigate there. I'll try to do something with the rest of them when I have some spare time. ​—DoRD (talk)​ 22:22, 11 May 2014 (UTC)

Missing SPI report?
I was looking into Danton's Jacobin and the accounts that were accused of being his socks (see Category:Wikipedia sockpuppets of Danton's Jacobin). But I searched the archives and can find no documentation on the investigation that was done. Can you direct me to the correct page? There must be some record, just in case future socks appeared, so they could be added to the report. Liz <sup style="font-family:Times New Roman;"><b style="color:#006400;">Read!</b> <b style="color:#006400;">Talk!</b> 15:22, 11 May 2014 (UTC)
 * It doesn't appear that a formal investigation was done, but that isn't particularly unusual. There are is an archived ANI discussion regarding the editor, though. ​—DoRD (talk)​ 22:03, 11 May 2014 (UTC)
 * I didn't realize that, DoRD. It seems like it would be useful to have a page listing all of the socks, for future reference. Thanks for the link. Liz  <sup style="font-family:Times New Roman;"><b style="color:#006400;">Read!</b> <b style="color:#006400;">Talk!</b> 20:35, 16 May 2014 (UTC)


 * Ironically, a page listing all the suspected and proven socks is usually not all that helpful at all after a year or so, particularly if it includes IP addresses. As an ever-increasing percentage of non-institutional IPs are dynamic, and the geographic ranges covered by IP ranges expands in many countries (US and UK in particular), it is rare that a non-institutional IP address is not reassigned at least every few months.  I really wish people would stop including IP addresses in the "Category:Socks of xxxx" pages, and would love to see someone come up with a bot to remove the tags and categorizations from IP user pages after, say, six months.  By that time, even when it's an institutional, truly static IP, it is almost guaranteed that if someone is editing from that IP, it is not the person who caused the trouble.  Risker (talk) 03:09, 21 May 2014 (UTC)


 * That's been tried recently (a bot IP sock tag remover), and it was met with some... resistance. It would probably take a RfC to approve such a thing. I know I'd oppose it again: as it would remove my ability to track pests like, who only uses IPs now and was recently active using an IP that only he has used since October of last year with  Doc   talk  03:50, 21 May 2014 (UTC)
 * Of course we are short of people to run such bots. A related (and consensus) proposal (old IP warning) struggled to find an implementer at BOtreq recently. All the best: Rich Farmbrough, 03:39, 22 May 2014 (UTC).

Table
The existing table has some odd entries for status, that actually reflect an action taken for example close. Also run-together statuses like cudeclined and cumoreinfo. I propose the following status strings.


 * Declined
 * Declined (CU)
 * Endorsed
 * On hold
 * On hold (CU)
 * Requires more info
 * Requires more info (CU)
 * In progress
 * Relisted
 * Completed
 * Closed
 * Awaiting checkuser
 * Awaiting administrator
 * Open

These are implemented in and an example is at Template:SPIstatusentry/testcases. I also propose to ask Amalthea to use the phrase "Time stamp" for the time columns instead of "timestamp".

All the best: Rich Farmbrough, 22:13, 21 May 2014 (UTC).


 * Just as a summary, what would the difference be in terms of viewing the table on the main SPI page? Callanecc (talk • contribs • logs) 08:09, 22 May 2014 (UTC)
 * The entries in the "status" column would be made of real English words, with spaces in between them, that reflect the status. All the best: Rich Farmbrough, 13:07, 22 May 2014 (UTC).


 * Thanks just wanted to check that that's all would change. Sounds like a good idea. Callanecc (talk • contribs • logs) 13:12, 22 May 2014 (UTC)
 * As I have been used to the existing statuses for a long time, and so have the other checkusers and the SPI clerks and sysops, I oppose removing them (if that is what is proposed here). Otherwise, more failsafes are always a good thing. AGK  [•] 14:47, 22 May 2014 (UTC)
 * As long as the current parameters are grandfathered in I don't have a problem. Callanecc (talk • contribs • logs) 15:06, 22 May 2014 (UTC)
 * It doesn't affect what you put in the SPI reports at all, it simply makes the table more readable. All the best: Rich Farmbrough, 16:01, 22 May 2014 (UTC).

Arbitration Committee review of procedures (CU & OS)
By resolution of the committee, our rules and internal procedures are currently being reviewed with the community. You are very welcome to participate at WT:AC/PRR. Information on the review is at WP:AC/PRR. The current phase of the review is examining the committee's procedures concerning advanced permissions (and the appointment and regulation of permissions holders). AGK [•] 11:22, 24 May 2014 (UTC)


 * Participate in this review

Time for non-CU investigation
A request for checkuser was declined at Sockpuppet investigations/ChildofMidnight, with the CU in question saying that it would have to be determined by behavior. How long does one of these generally go on? I can't remember previously participating in a behavior-based SPI, so I'm not clear if it will go for several days until a time limit, or if it's eligible to be closed now, or if it will keep going until an uninvolved admin comes along to close it. Nyttend (talk) 00:58, 24 May 2014 (UTC)
 * All SPI cases are behavioral based, actually. Even with CU, you have to pin behavior, not just technical link.  The problem is that this is a very complicated case involving two accounts with 25k plus edits. I looked at it myself, but I'm not fully objective here.  The behavioral work doesn't require a CU or clerk.  Any admin (or multiple) can and if they find a link, make the block.  Or pipe in and say "I don't think they are linked" if that is the case.  Dennis Brown &#124; 2¢ &#124;  WER  01:06, 24 May 2014 (UTC)
 * You can have all the "behavioral evidence" in the world, but if the sockmaster knows how to use proxy servers – like all the good ones do – you are just wasting your time with SPI and CU.  GabeMc  (talk&#124;contribs)  22:12, 25 May 2014 (UTC)
 * Not really relevant. With blocks to names, admin don't know the underlying IP, and regular IP addresses are easier to get than open proxies.  If a CU finds an open proxy (or an admin if the user is editing as an IP) then the proxy server is blocked for a year. If the behavior clearly matches, they are blocked, regardless of whether they use a proxy or not.  Dennis Brown &#124; 2¢ &#124;  WER  22:20, 25 May 2014 (UTC)

Kumioko archive
I have unblanked this page - the page is of interest, NOINDEXED and in an archive with a label saying "beware of the tiger". Another level of indirection does not help WP:DENY, it merely shows we are according the editor special attention. Moreover it is an invitation to fall into NPA traps. Describing an editor as "a minor banned, abusive user." is pretty silly on several levels. First it is engaging with the user. Secondly "minor" is calculated insult to the user, especially coming from an editor with less than 3% of the article edits. Thirdly calling them "abusive" is not helpful - we look to the archive for that information, not a blanking notice. Fourthly the status of the user (blocked, banned, in good standing) is dynamic, and documenting it in a blanking message smacks of personal involvement. All the best: Rich Farmbrough, 16:47, 16 May 2014 (UTC).


 * I have once again reverted a user blanking this page. I can see no consensus that archives should be blanked, except (rarely) as courtesy, and, as far as I know (and I have checked the current version of all archives,as of yesterday) we have never blanked per WP:DENY.  The implications of such a new procedure are far reaching, and should we decide to go down that route, a full community discussion is probably required.  Is  there any support here for the concept of blanking, per DENY, or is the archiving (which, if I remember correctly, became universal at least partly for DENY reasons) sufficient. All the best: Rich Farmbrough, 10:54, 18 May 2014 (UTC).


 * You clearly require a review of WP:BRD, because you quite obviously misunderstand it. When your Bold edit has been Reverted by another editor, the next step, if you continue to think the edit is necessary, is for you to Discuss it on the article talk page, not to re-revert it, which is what you did, and which is the first step to edit warring.  During the discussion, the article remains in the  status quo ante , which is what I returned it to.  Your additional revert is yet another step into edit warring.  BRD puts the onus on you to start the discussion and to build a consensus for the version you prefer. Thanks, BMK (talk) 11:10, 18 May 2014 (UTC)
 * Hmm. The real Bold edit was here. The Revert of that bold edit was supposed to lead to the Discussion, but it was just Reverted again less than an hour later without any explanation or discussion. DENY is not in itself a good enough reason to claim that the edit should stand without any further discussion, or that the revert becomes the "B" because some time has passed before the revert. Edit warring does not help either.  Doc   talk  11:40, 18 May 2014 (UTC)


 * Yes, Rich's action was the Revert not the Bold. It shouldn't have been rereverted without discussion. Liz  <sup style="font-family:Times New Roman;"><b style="color:#006400;">Read!</b> <b style="color:#006400;">Talk!</b> 14:52, 18 May 2014 (UTC)


 * There is certainly a "temporal" gray area when it comes to BRD and a previous status quo consensus. There's additionally the IAR factor in this case regarding DENY. IMHO, the BRD cycle on any page begins with the bold edit that changes the previous status quo consensus. Now, if an editor who legitimately objects to such an edit (a very key point) does not catch this bold edit "in time", and reverts it later, it's still just a revert; and not the starting point of the BRD cycle. To revert the revert of the bold edit without discussion, as was done in this case, is not quite in the spirit of BRD or consensus-building. Doc   talk  02:43, 19 May 2014 (UTC)

I can't think of any other time for a user like this that blanking is used so the full history should definitely be restored. In my opinion BMK is out of line to blank the page without discussion or at least checking with a clerk or CU first. Callanecc (talk • contribs • logs) 07:47, 19 May 2014 (UTC)
 * It's quite forgivable from BMK, a hapless non-admin like myself. And it's also very forgivable from . But as a admin and checkuser, AGK could best explain how DENY should trump consensus on this one. Doc   talk  10:31, 19 May 2014 (UTC)
 * I missed those edits from AGK, sorry BMK. This doesn't seem to be an appropriate use of rollback so an explanation would be even more necessary I think. Callanecc (talk • contribs • logs) 11:34, 19 May 2014 (UTC)
 * I checked that policy before rollbacking, and used it at the SPI in question under the provision for edits "by a misguided editor … provided that an explanation is supplied in an appropriate location, such as at the relevant talk page". Checking again, I see that that provision is reserved only for "widespread edits", which I confess is news to me. In any case, yes, an explanation is necessary: although I immediately commented at length on the talk page, I should have pointed to my comments in an edit summary before doing so. Sorry if my edit confused anyone. Thanks for your question and for pinging my talk page. AGK  [•] 11:22, 20 May 2014 (UTC)

So, then, what do people propose to do now? There is a closed SPI page for Kumioko, but any attempt to archive it right now would just mess up the archive page. I'm inclined to support restoring the archive page's content, and if edit warring continues, protect the archive page indefinitely against edits by non-admins. Comments? — Rich wales (no relation to Jimbo) 21:09, 22 May 2014 (UTC)
 * There seems to be consensus to restore the content. I doubt either of those who want it blanked would be foolish enough to re-blank it at this stage, and one of them is an admin anyway, so I see no point protecting it. All the best: Rich Farmbrough, 19:17, 26 May 2014 (UTC).


 * I propose to unblank the Kumioko archive page (restoring its pre-blanked content). The page is currently unprotected (the full protection expired a little over a day ago), and I propose to keep it unprotected (for the time being at least).  Does anyone object to my doing this?  —  Rich wales (no relation to Jimbo) 03:20, 27 May 2014 (UTC)


 * Just do it. Doc   talk  05:23, 27 May 2014 (UTC)


 * ✅. AGK  [•] 06:53, 27 May 2014 (UTC)

Enforcing requirement for diffs
Hello everyone.

Due to the frequent backlogs that arise here, which are caused by people filing requests that do not include the required evidence, we will be enforcing the requirements for checks appropriately. This means that all requests for checkuser need: So that's at least as many diffs as accounts, and around one sentence of prose. That's all. If you cannot provide diffs for some reason (e.g. the relevant edits are deleted and you're not an admin), explain why so that we know. Any requests not meeting this format will be summarily declined until such time that this evidence is provided, even if a clerk has endorsed it, as clerk endorsements do not negate the need to provide evidence.
 * 1) At least one diff is from the sockmaster (or an account already blocked as a confirmed sockpuppet of the sockmaster), showing the behaviour characteristic of the sockmaster.
 * 2) At least one diff per suspected sockpuppet, showing the suspected sockpuppet emulating the behaviour of the sockmaster given in the first diff.
 * 3) In situations where it is not immediately obvious from the diffs what the characteristic behaviour is, a short explanation must be provided. Around one sentence is enough for this.

Thank you.

--(ʞɿɐʇ) ɐuɐʞsǝp 03:22, 20 May 2014 (UTC)
 * What does "requests or checkuser" mean? Does it mean that you'll be strictly enforcing the requirements for both checkuser requests and non-checkuser SPI reports, or was this a typo for "requests for checkuser"? —Psychonaut (talk) 21:11, 20 May 2014 (UTC)
 * It would be the latter.--<b style="color:Navy;">Jezebel's</b> Ponyo <sup style="color:Navy;">bons mots 21:17, 20 May 2014 (UTC)
 * Sorry, that was a typo. I've fixed it. --(ʞɿɐʇ) ɐuɐʞsǝp 00:13, 21 May 2014 (UTC)

Notification of accused users

 * As a note, I'd like to also see evidence, at least on initial SPI, that the users involved have been notified and provided with a link to the SPI. Risker (talk) 05:27, 21 May 2014 (UTC)
 * Users should rarely, if ever, be notified of SPI investigations. Amplifies the drama and does nothing to help resolve the investigation.&mdash;Kww(talk) 05:42, 21 May 2014 (UTC)
 * I dunno. I've been doing a fair number of SPIs in the past several months, and there were several occasions where the basis for accusation was shaky at best. It's not to the project's benefit that "experienced" users can bring their opponents here to this little hidden location, and start brandishing "suspected sockpuppet" tags on some occasions; that's every bit as dramatic. It's really not that hard to come up with diffs that show two accounts are "editing the same" on any reasonably active article, sufficient to meet the minimal criteria as described by Deskana.  Risker (talk) 06:08, 21 May 2014 (UTC)
 * I didn't oppose diffs, but I certainly oppose routine notification. An accusation with a shaky basis should fail whether the accused is notified or not.&mdash;Kww(talk) 06:22, 21 May 2014 (UTC)
 * Required notification? I'd certainly oppose that. Our guidance is "(Notification is courteous but isn’t mandatory, and in some cases it may be sub-optimal. Use your best judgement.)" - if it can be sub-optimal it shouldn't be required. I agree that we generally need diffs, although there will always be exceptional circumstances where that's not possible or even perhaps desirable. Dougweller (talk) 13:44, 21 May 2014 (UTC)
 * Risker's "initial SPI" qualification is key. It should take exceptional circumstances for notification not to occur for the initial SPI. -- Neil N  <sup style="color:blue;">talk to me  14:14, 21 May 2014 (UTC)
 * Nope, not even then. &mdash;Kww(talk) 14:22, 21 May 2014 (UTC)
 * I don't think forced notification is a good idea at all. Typically, clerks or admin are able to quickly throw out the obviously bad faith stuff and delete the page.  Having the person there just asks for more drama.  Dennis Brown &#124; 2¢ &#124;  WER  18:05, 21 May 2014 (UTC)
 * Hm... I agree that it would be cool if a bad faith nom was rejected without the victim having to even know about it. But on the other hand having a consensus form before the victim can respond can lead to bad things happening.  The IP that appeared to sign his posts with the user name of a suspected sock just a few days ago is a case in point.  If I hadn't happened across it it might have been a behavioural shoe-in.  The IP should certainly have had the chance to explain.
 * We require notification in most places where an actionable complaint can be made, why not here? All the best: Rich Farmbrough, 18:46, 21 May 2014 (UTC).


 * When this topic was raised at AN, my response was: "Mandatory notification of SPI listings is akin to waving a red cape in front of a bull. The disruption a group of socks can generate in an investigation is a time-suck for clerks and CUs and only serves to provide the attention some of the sock masters crave. Will some socks show up at an SPI regardless of notification? Yes. Should we invite them there? No. Editors opening cases are given the latitude to use their best judgement to decide whether informing the potential socks of an open case is prudent. Making it mandatory only serves to add more bureaucracy to an already complicated process with minimal benefit and possible detriment. Would editors requesting CU assistance via IRC or email also be required to provide a mandatory notice to the suspected sock/master? The modus operandi of sockpuppeting is subterfuge, yet you are endorsing shining as much light as possible on those trying to limit the disruption quickly and quietly. If it's not apparent, I would oppose any mandatory notification." My opinion on the matter hasn't changed.--<b style="color:Navy;">Jezebel's</b> Ponyo <sup style="color:Navy;">bons mots 18:52, 21 May 2014 (UTC)

, accidental logout edits are pretty easy to spot and any admin would close the case quickly. That isn't socking. If user Bob1 is edit warring and gets blocked, then a new user Bob2 shows up and picks up where Bob1 left off, then an explanation isn't really required or even helpful, and only serves to slow down or add drama to the process. Most socking abuse is so obviously damaging that no explanation is needed. Other cases, a clerk will notify the user and ask for an explanation, maybe it was an ugly freshstart, etc. When I clerked, I notified the accused from time to time, other clerks do as well. You have to rely on admin and clerks using good judgement. Same for editors when they make the report. In the end, it is easier to figure out that someone is innocent if there isn't 10 pages of back and forth bickering and drama on the page, and the environment is calm. What you don't want is for SPI to look like ANI, but with CUs. Dennis Brown &#124; 2¢ &#124; WER  21:07, 21 May 2014 (UTC)
 * The case in question wasn't editing logged out, it was actually a cut and paste, that was misinterpreted. Sockpuppet_investigations/Eracekat/Archive  Both the reporting editor and the clerk who endorsed are respected, intelligent and experienced.  Of course my intervention made little effective difference, just saved an out of process check-user from being done, but it does show that there exist good faith, superficially convincing cases which the "accused" could quash with a word.
 * Your arguments about drama etc. are well founded. They apply equally well to AN/I though.
 * I am against making anything compulsory - but traditionally the community has always opted for notification on this type of board. We do have Echo now which renders the "bureaucracy" argument moot.
 * All the best: Rich Farmbrough, 21:56, 21 May 2014 (UTC).


 * I don't think Echo is triggered by opening an SPI. AGK  [•] 14:45, 22 May 2014 (UTC)
 * I was surprised to see the IP added. I didn't want to remove it but should have commented., I appreciate your comments there and your kind words about me above. But I agree strongly with Dennis's post above. Dougweller (talk) 16:07, 22 May 2014 (UTC)


 * If the template is used it does the trick the way we have default echo set up for new accounts (see picture). All the best: Rich Farmbrough, 18:20, 22 May 2014 (UTC).


 * Echo notifications aren't triggered due to the signature requirement and how the Echo parser works. Legoktm (talk) 09:13, 27 May 2014 (UTC)
 * Can you explain that in more detail? This edit successfully alerted me, and most SPI's are signed. All the best: Rich Farmbrough, 12:05, 27 May 2014 (UTC).


 * It depends on how you sign it. The default SPI template should not trigger notifications last I checked. Legoktm (talk) 19:16, 27 May 2014 (UTC)

A different approach
Every time an SPI is filed it empowers the sockmasters by teaching them what sock hunters look for. recently opened an SPI that included no evidence, so closed it summarily. Indopug was; however, correct that the user was a likely sock, and in fact anyone familiar with this SM knows what to look for even if others, like AGK, do not.

Maybe Wikipedia should consider a new approach. What if we designated a class of admins as "sock hunters". Editors could e-mail the SH with evidence, and when the SH feels that a case is strong enough they request a CU. This would eliminate the SPI "training course" that does little more than teack them how to not get caught. SPI also seems to violate the principle of WP:DENY, since the attention that they gain through SPI might even encourage their behaviours. Any thoughts? GabeMc (talk&#124;contribs)  19:38, 25 May 2014 (UTC)
 * Sounds like a great way to create superadmin with no oversight that can block anyone without proving anything ;) But seriously, most of the real connection methods are kept secret, the investigation shows only the most obvious stuff.  Clerks and admins discuss cases offwiki and don't disclose their more fancy methods here, only enough to establish a link.  WP:ADMINACCT kind of requires that enough info is provided to show they are linked.  Accountability is more important than any single sock. As for CUs, they quietly make blocks all the time, but they have oversight from Arb and are held to a pretty strict standard for using the CU tool.  Because they can connect names and IPs with the tools, WP:OUTING demands they do some things quietly.  I think the main problem is a shortage of people patrolling rather than methods.  Of course, that is just my singular take. Others may feel differently.Dennis Brown &#124; 2¢ &#124;  WER  20:52, 25 May 2014 (UTC)
 * Well, admins already block without reason or explanation and without concern for recourse, of which there is none, and this is beyond one person and one sock. MrWallace05 has been disrupting the project under various forms for more than two years. But, there is always someone to say that everything here is good and fine and nothing needs improvement. Here's to protecting the disruptive vandals and making good-faith editors "deal with it". GabeMc  (talk&#124;contribs)  21:14, 25 May 2014 (UTC)
 * Of course there is recourse and accountability, as imperfect as it is via WP:AN and WP:ADMINACCT. And your characterization of my reply is inaccurate. Dennis Brown &#124; 2¢ &#124;  WER  22:22, 25 May 2014 (UTC)
 * I didn't mean to misrepresent you, Dennis, but you seem to have taken up the role of "Defender of the Status Quo". Dennis, can you link me to the most recent example/s where an admin was held accountable – at AN – for a bad block? GabeMc  (talk&#124;contribs)  22:26, 25 May 2014 (UTC)
 * Yes, Dangerous Panda about two weeks ago, the editor was unblocked. Other issues regarding admin acct. have been debated around here over the last week.   These happen regularly.  You are the only person that has ever called me a "defender of the status quo", it's kind of funny actually, but I don't want to labor the details.  I want more change than you can imagine, but having admin operate in even more secrecy isn't the best option.  Having more CUs and more admin working SPI would mean faster reaction time, and that discourages socking.   Dennis Brown &#124; 2¢ &#124;  WER  22:44, 25 May 2014 (UTC)
 * Granting an unblock is not at all the same as holding the admin accountable. You bailed on the admin reform right as it was taking shape; what "reforms" have you worked on since then? This isn't about you, but it must have been nice to work on Wikipedia before so many entrenched attitudes made change virtually impossible. AGK could have trusted Indopug and looked into it - they didn't even request a CU, but essentially at SPI the filer is treated with disdain and mocked for being embarrassingly wrong until they are proven not wrong, when I'll bet 80% or more of the accounts that are brought here are in fact socks. FTR, I've identified at least 20 socks that were eventually proven, but nobody believed me until other people proved it. I've never had one successful SPI, but I've only been wrong a couple of times. I knew MrWallace05 was a sock/sockmaster after their 5th day editing, but nobody believed me and SPI is too discouraging to bother with most of the time. GabeMc  (talk&#124;contribs)  23:00, 25 May 2014 (UTC)
 * I didn't "bail", the community didn't approve of the policy and after months of no interest to implement it, I marked it as historical. Actually, I've had dozens of conversations offwiki on that very subject, and dozens onwiki as well, so it wouldn't be accurate to say I've given up on it.  As for AGK "trusting" someone and running a CU....policy doesn't allow that, it is flatly forbidden to run a CU without a threshold being met, and it is up to YOU to provide the links to meet that threshold.  As for rude, I didn't see a link but that isn't really the point here.  While I don't work as a clerk anymore, I did for over a year and have way over 1000 sock blocks, so I'm moderately familiar with the process.  I have had several CUs refuse my for checkuser until I provided better info, via two links. I also understand the restrictions they have to operate under, which are there for a reason, although I would love to see CU have just a bit more flexibility to check users.  Right now they don't and they must follow existing policy. If you KNOW the sockmaster, of course you are more likely to see the sock before an admin or CU, but it is up to you to provide evidence.  We can NOT just block because we "trust you", it will never happen, and any admin that did that regularly would be bit stripped. Honestly, if you want changes, complaining here won't get you anywhere.  You need to change the policies that regulate what happens at SPI.  CUs, clerks and admin simply follow them.  And again, the biggest problem is a lack of manpower.  Dennis Brown &#124; 2¢ &#124;  WER  23:12, 25 May 2014 (UTC)
 * Seemed like there was plenty of interest, but you wouldn't budge from requiring three admins to certify the complaint, and that's what killed the policy, naturally. I never said AGK should have jumped to a CU or a block; Indopug didn't even request one, but is CU really the only tool at AGK's disposal? How did I know that Mrwallace was a sockmaster after 5 days if my instincts are bad? There is a level of familiarity that ones gets when they regularly interact with a personality for more than two years, but that's not evidence, which is time consuming to gather and present, especially when its usually unimpressive to clerks. At any rate, Indopug disclosed how he knew this was a MW sock, so he was CUed and there is something rotten in Denmark, confirming that Indopug's instincts are good enough to be trusted. Also, SPI is a stage for these clowns; you seem to forget that they might enjoy this attention. GabeMc  (talk&#124;contribs)  23:29, 25 May 2014 (UTC)
 * This isn't the right place to debate it, but that isn't accurate. The current version doesn't reflect that as well.  I'm also not the only person who wrote that policy, so there is more than meets the eye.  Dennis Brown &#124; 2¢ &#124;  WER  15:02, 26 May 2014 (UTC)
 * , if an editor finds a suspected sockpuppet, but doesn't want to divulge too much information, they are always welcome to email an individual SPI clerk or active CheckUser. ​—DoRD (talk)​ 16:08, 26 May 2014 (UTC)
 * Right you are; I agree. I guess my point here is that maybe all such communications should be private and the drama board of SPI closed to the general public. I can see several good reasons why this is not feasible, but after 4 years watching SPI I think it little more than a stage for attention and a training ground on how to not get caught. GabeMc  (talk&#124;contribs)  16:11, 26 May 2014 (UTC)
 * WP:BEANS is certainly a valid point. But I don't like private accusations with no right to reply.  I don't see SPI as a drama board.  It would be interesting to compile some statistics on how many contributors there are to the average SPI, in the "other editors" section. All the best: Rich Farmbrough, 21:00, 26 May 2014 (UTC).


 * In terms of Deny recognition, SPI is a disaster. GabeMc  (talk&#124;contribs)  21:07, 26 May 2014 (UTC)
 * Just to chime in as an inactive clerk. There may be a centralized mailing list for CUs to discuss but clerks don't (or at least I'm aware of). <b style="color:#0000FF;">OhanaUnited</b><b style="color:green;">Talk page</b> 22:36, 26 May 2014 (UTC)

Combating abuse from proxy servers
Another idea that would help combat socks editing via proxy is to ask the Wikimedia foundation to purchase subscriptions to corporate proxy services for use by CUers and anti-vandalism editors. These editors could then log-in to the proxy servers and determine exactly which IPs they make available and then block those IPs. Any thoughts GabeMc  (talk&#124;contribs)  16:29, 26 May 2014 (UTC)
 * Paid proxy services account for a small fraction of the abuse we see. User:ProcseeBot blocks some open proxies, but there are many more out there that we don't see until abuse occurs. ​—DoRD (talk)​ 16:44, 26 May 2014 (UTC)
 * I'm not sure that's accurate, DoRD. Have you ever tried getting on Wikipedia with a free proxy versus a paid one? There are very few workable free proxies and numerous paid ones that work. GabeMc  (talk&#124;contribs)  16:46, 26 May 2014 (UTC)
 * If the paid proxy isn't open, then there isn't a problem. We don't prohibit closed proxies, they are perfectly legitimate.  Also note that running nmap to test open servers is legal grey area in the US.  Some jurisdictions will flatly call it "cyber attack", so the Foundation won't endorse it and all CUs/Clerks/Admin do so at their own risk. Dennis Brown &#124; 2¢ &#124;  WER  16:51, 26 May 2014 (UTC)
 * Wow, I'm so surprised to hear you say that there is absolutely nothing to be done with open proxies; what a surprise! Are you seriously saying that if an admin went to hidemyass.com and blocked some of the 78,000 available IPs the company would see that as a cyber-attack and sue the Wikifoundation? Are you serious? GabeMc  (talk&#124;contribs)  16:58, 26 May 2014 (UTC)
 * That's not at all what he's saying. Nmap is a tool to scan IP addresses, and as Dennis said, its use can be seen as a cyber attack. ​—DoRD (talk)​ 17:02, 26 May 2014 (UTC)
 * Okay, but what does nmap have to do with buying subscriptions to open proxy services? I never mentioned nmap, all I said was get a subscription to these services and block the IP addys they make available. GabeMc  (talk&#124;contribs)  17:08, 26 May 2014 (UTC)
 * Again, paid proxy services are not the problem, and paid proxies are not the same as open proxies. ​—DoRD (talk)​ 17:10, 26 May 2014 (UTC)
 * Is it at all possible that you are at least slightly wrong about that? Have you ever tried socking on free proxies? Aren't some paid proxies also open? Define open. GabeMc  (talk&#124;contribs)  17:12, 26 May 2014 (UTC)
 * Paid proxies are by definition closed. There is no such thing as a paid open proxy.  Open means anyone can use, without registering, just point your browser to that port and use.  Closed proxies (paid or free) require registration and signing in.  They are perfectly legal here.  As for "open" proxies, I have written some scripts specifically to identify them, and run that on remote servers, to isolate my location, so I'm familiar with how to catch them.  Trying to test massive numbers of IPs would be considered an attack by that ISP, however, as you would be hammering 100s of thousands of ports on their networks.  You don't really test for one until there is abuse. Dennis Brown &#124; 2¢ &#124;  WER  17:20, 26 May 2014 (UTC)
 * (ec) Really? I run several hundred checks every month, so I do think I am more familiar with the sources of abuse than you apparently think I am. Also, please see Open proxy. ​—DoRD (talk)​ 17:22, 26 May 2014 (UTC)
 * Well, I meant no disrespect, DoRD, but I think paid proxies are more common on Wikipedia than you do, but as Dennis points out, there is nothing against operating dozens of paid proxy accounts, so once again we are back to "everything is fine the way it is, and no improvements are needed", otherwise known as stock admin response #142. GabeMc  (talk&#124;contribs)  17:36, 26 May 2014 (UTC)
 * Im a non-admin, and would have to agree with DoRD and others. Most sockmasters are not willing to pay for access to an IP that will be blocked rather quickly. As for proxies, paying for the needed information wont get you much, at best you will get a couple percentage points of the total proxies and be out a large amount of money. Given any halfway competent CU, which I happen to be on a different wiki, spotting these are easy and quickly handled if there is any evidence to go on. Second mass CU would probably violate our privacy policy. If you really wanted to end socking the method would be to use two factor authentication tied to a phone number. Anything short of that isnt going to be 100% effective. And given the standard Cost/benefit analysis your suggestions are not a good idea. Werieth (talk) 17:46, 26 May 2014 (UTC)
 * Actually, it is discussed regularly, including from CU to other CUs (you and I don't see those discussions) and between CUs and clerk, offwiki (at least it was when I was a clerk). This falls under the WP:DENY you mentioned earlier.  Just because you don't see the discussions, don't think it isn't being debated and discussed constantly. Some people live in countries where they must use a proxy or they can't edit at all, at risk of breaking the law.  Keep that in mind.  Even my office uses a closed proxy that I edit from daily.  If a paid proxy poses problems, it IS blocked, btw. Dennis Brown &#124; 2¢ &#124;  WER  17:39, 26 May 2014 (UTC)

In reality, editing from a paid proxy service is no more abuse than editing from a residential ISP is. We do see some abuse from paid proxy services and web hosting providers, but the overwhelming majority of socks are seen on residential ISPs and mobile broadband providers. ​—DoRD (talk)​ 17:46, 26 May 2014 (UTC)
 * Why is it against policy to edit from a free proxy, but not a paid one? What's the substantive difference regarding our guidelines? GabeMc  (talk&#124;contribs)  17:49, 26 May 2014 (UTC)
 * Please read open proxy and WP:NOP. Free is not the same as open. ​—DoRD (talk)​ 17:52, 26 May 2014 (UTC)
 * I did read them, but I still don't see what the substantive difference is. If its okay to edit Wikipedia with a proxy, then why is it not okay if the proxy is free? GabeMc  (talk&#124;contribs)  17:54, 26 May 2014 (UTC)
 * The price is meaningless, what really matters is "open" or "closed". Open and closed are technical means of access and availability, price isn't. Dennis Brown &#124; 2¢ &#124;  WER  17:58, 26 May 2014 (UTC)
 * Okay, so free = open, but paid does not = closed, right? But if paid is always okay, then when is paid also open, which is never okay? GabeMc  (talk&#124;contribs)  18:04, 26 May 2014 (UTC)
 * "Closed = registered persons can use it after signing in (pay or free like in an office)" and "Open = anyone on the internet can instantly use it, always free". Again, forget money, the key is "open" and "closed".  You won't find "Paid but open" because you can't enforce pay if you are open.  Dennis Brown &#124; 2¢ &#124;  WER  18:18, 26 May 2014 (UTC)
 * Interesting discussion. I think what Gabe is getting at is (and he can correct me if I'm wrong): what inherently makes open proxies more liable to abuse than closed proxies, such that we forbid the one and allow the other? I don't know the answer to that question, but I'm sure someone does. Evan (talk&#124;contribs) 18:45, 26 May 2014 (UTC)
 * Right you are, Evan. What is inherently disruptive about open proxies? I could vandalise from an open proxy or a closed one, so why are open ones considered blockable, but closed ones not – at least not until they are abused? I love the privacy dance though; its amusing how we bend over backwards to "protect" privacy but allow IPs to edit as a guiding principle of the project. GabeMc  (talk&#124;contribs)  19:24, 26 May 2014 (UTC)
 * The issue with open proxies is their ease of abuse. Open proxies by pure definition are not bad, however since there is no barrier to use (IE register or pay for) the amount of anonymous abuse is far higher. The NOP practice only became an issue with the level of abuse coming from it. Its similar to the TOR case, Once the level of abuse reaches above a level it becomes problematic, and needs addressed. That ratio of use to abuse on closed proxies is far far less. If the level of abuse from those becomes an issue then it will be addressed. Reminds me of how we use protection on our articles, we dont mass protect them to avoid issues, we apply it on an as needed basis when the issue comes up. If a user chooses to edit as an IP they know what privacy they have and what they are giving up. As a registered user I expect that my IP information isnt exposed and access to it is on a very limited need based system. A CU cannot just randomly CU me and get my IP address, doing that may reveal information about myself that I have made a point as a user not to expose. As for IP editors, quite a few of our articles and a good chunk of the content is written by them. Werieth (talk) 21:05, 26 May 2014 (UTC)
 * Another is a question of accountability. If someone is running a for-pay proxy and we report abuse, they can kick that user off their network for violating the TOS.  With an open proxy, there is no accountability.  Edits are hit and run.  That is one reason you see more abuse from them. Dennis Brown &#124; 2¢ &#124;  WER  14:31, 27 May 2014 (UTC)
 * And a question I have: where do Tor nodes fit into this picture? They don't require registration, but they do require a software download and install. How does the distinction between "open" and "closed" make a practical difference? I'm not saying it doesn't; just asking how. Evan (talk&#124;contribs) 18:47, 26 May 2014 (UTC)

How about a regular IP audit?
I'm not a technical editor, but I wonder if there is any way to search for socks via bot or script. Why require behavioral evidence and force editors to play detective? Maybe an automated system should check for multiple accounts editing the same pages from the same IPs. Almost like an audit, whereby I am regularly CUed by CPU to see if I am operating more than one account. There would be no need to disclose my IP to anyone, all we need is confirmation that I am operating two accounts on the same or similar page/s. So, tell me why this is a terrible idea that could never work. GabeMc (talk&#124;contribs)  22:35, 25 May 2014 (UTC)
 * The details available through the CheckUser tool almost always have to be combined with behavioral evidence to make a match between one account and another, so I can't imagine a bot running with current technology being able to handle that task. ​—DoRD (talk)​ 16:14, 26 May 2014 (UTC)
 * That's a bit of a simplification. It would be reasonably simple to write a bot, given access to checkuser information, that flagged a group of accounts as being sufficiently suspicious that a human checkuser should investigate. You are right that no bot could reasonably autoblock, but we could do a lot more programatically to make socking more difficult.&mdash;Kww(talk) 16:19, 26 May 2014 (UTC)
 * That's what I meant. The bot could identify possible violations and flag accounts for closer inspection by human CUers. GabeMc  (talk&#124;contribs)  16:21, 26 May 2014 (UTC)
 * I'm sorry if it sounds like I'm oversimplifying things, but you would really need to be familiar with the CU tool on this wiki to understand. In reality, a bot-generated list of possible matches would contain many thousands of entries. ​—DoRD (talk)​ 16:36, 26 May 2014 (UTC)
 * Exactly! A bot could search thousands of similar IPs editing habits much more efficiently than a human ever could. The bot would identify only strong possibilities and flag them for closer inspection by CUs. I see this as a proactive approach that might compliment our reactive SPI process, not necessarily replace it in toto. Mrwallace was socking for months before anyone brought enough evidence to SPI, but with a sock bot he might have been identified much sooner, as would the many sockmasters with dozens of sleepers. GabeMc  (talk&#124;contribs)  16:43, 26 May 2014 (UTC)
 * That's partially because our CU tool doesn't collect all the data that it should and could. There's a lot that can be done to detect whether two computers are the same physical machine with different IP addresses that our tools don't collect.
 * Even with the limited data that we have, much could be done. Large hunks of IP space would have to be thrown out as excessively dynamic, but most of our sockmasters aren't cybercriminals. A lot of them don't know how to change their IP address, and most of the ones that do don't know how to change them by much. A bot that detected the most basic of idiots would probably catch a lot. I'd love to get a chance to experiment with creating such a bot, but I've been denied access to the CU tool multiple times with explanations that basically boiled down to a dislike for my "brusque" manner.&mdash;Kww(talk) 18:36, 26 May 2014 (UTC)
 * At any rate, automated checks would almost certainly violate both the CheckUser and Privacy policies. ​—DoRD (talk)​ 18:44, 26 May 2014 (UTC)
 * Indeed the "fishing" aspect specifically. All the best: Rich Farmbrough, 19:07, 26 May 2014 (UTC).


 * I disagree. The automated bot wouldn't violate anyone's privacy unless it revealed the IPs, which is needn't do. If the bot noticed that my IP had three accounts registered to it, it would flag a human CU to look closer. I have automatic deductions that take money from my bank account and give it to vendors, but that doesn't violate my privacy, so I'm not sure how this would, since Wikipedia already knows what my IP is, right? GabeMc  (talk&#124;contribs)  19:18, 26 May 2014 (UTC)
 * Clearly you might not wish your legitimate sock that edits on varieties of cannabis to be drawn to the attention of CheckUsers, especially if you work for the DoD since they would doubtless inform your employer.
 * "Wikipedia knows" is just just nonsense words, the data is there but it will be forgotten unless there is a perceived need to investigate it. This agrees with the privacy policy.  All the best: Rich Farmbrough, 20:36, 26 May 2014 (UTC).


 * The privacy policy, not at all, no more than the check of an account's IP to enforce IP blocks or use of browser information to control the website display. The checkuser policy would need modification to support this, true, but our current checkuser policy seems designed to leave us defenseless. I'm certain that there are reasonable modifications that could be made that would allow some automation that couldn't be reasonably interpreted as being invasive of individual privacy. The key is in controlling how the information is revealed to humans.&mdash;Kww(talk) 19:37, 26 May 2014 (UTC)
 * I would imagine the majority of cases that an IP has multiple names attached to it, the accounts are legitimate and not socking. NAT and closed proxies are examples.  I bet many universities have multiple editors on the same IP, each which may not know the other exists.  Part of the issue is that we seem to have insufficient CUs to do the checks currently, I'm not sure adding some fishing to their daily tasks would be beneficial.  More importantly, as DoRD has pointed out, it would very likely be against our current policies.  The CU tools show more than IP, so it may very well violate privacy policy as written.  Dennis Brown &#124; 2¢ &#124;  WER  19:39, 26 May 2014 (UTC)
 * That's a wild assumption, Dennis, but FTR, any accounts that are linked to a single IP that edit different pages would not indicate as strong a reason to flag as multiple accounts editing the same pages, obviously, which will almost always be the case with sockmasters. There are no privacy issues with an automated IP audit unless the IPs are revealed to humans, which only happens when more than one indictor is met: e.g., same IP and same pages. CU already uses this as "evidence", but it requires content editors to play detective, which is a major flaw in the system, IMO. Why is this crucial point so hard to grasp? Every time I log-in Wikipedia records my IP, right. So why isn't that a violation of my privacy? GabeMc  (talk&#124;contribs)  20:13, 26 May 2014 (UTC)
 * This isn't the page to debate policy, but keep in mind that virtually every single webserver records your IP, user agent, OS, etc. when you visit, and this is stored for every page and image you download. This is normal.  I have logs on my servers that go back years.  The privacy policy just restricts who gets access and for what reasons.  As for wild assumption, perhaps less than you think.  I have a fair amount of experience with it and it causes confusing results in SPI at times, but of course, the CUs would have much more info.  This is why all blocking must be done based on behavior, not just on IPs. Dennis Brown &#124; 2¢ &#124;  WER  20:19, 26 May 2014 (UTC)
 * 1) The bot wouldn't flag a human CU unless the same IP has multiple accounts that edit the same page/s. 2) The IP is not revealed to anyone except a CU, and its not even automatically revealed to them unless they look at the behavioral evidence and take it a set further by requesting more information. All the sock bot would do is sweep for violations of multiple accounts and notify CUs when appropriate. Its proactive versus reactive, and it would minimise the need for editors to play detective, which is the bigest time sink that socks accomplish – reverting is easy and quick. Do you resist change this vehemently in RL? GabeMc  (talk&#124;contribs)  20:24, 26 May 2014 (UTC)
 * To be clear, I'm not against the idea of a bot if one can be done that doesn't create more work than it saves, and can be done within policy. I'm only saying it wouldn't be a trivial task and may require coordinating with the Foundation.  It is much more complicated than you seem to think it is.  If it were so simple, someone would have by now.  Actually, it may have already gotten shot down by the Foundation for all I know.  Having worked SPI for over a year and making over SPI related 1200 blocks, I can say that it looked much more simple on my first day than it does now. Dennis Brown &#124; 2¢ &#124;  WER  20:30, 26 May 2014 (UTC)

"If it were so simple, someone would have by now" is an absolutely terrible reason to discourage the exploration of this idea. Scientists might have found a cure for cancer in the measles vaccine that they had for decades, but never tried in that capacity.

The sock bot would actually serve to protect privacy. Here's why: A human CU will determine if there is any technical connection between accounts, but in doing so the privacy of the accounts is compromised, as the human user is now aware of the physical location of the account holders. However, the bot will reduce the amount of unfruitful checks because it will indicate to the human CU that there is no technical evidence between the accounts, hence minimizing fishing trips, not increasing them. GabeMc (talk&#124;contribs)  20:34, 26 May 2014 (UTC)
 * The bot you propose would have to have a threshold for similarity, would also need to detect (potential) abusive socking, and would need CU capability.
 * The first would need to be set in such a way as to approximately follow the human threshold, and high enough to avoid inundating the humans with new cases. It would need to be driven off an expert system sitting on top of a database that understood IP addresses, PI and PA space, CIDR, IPV6, TOR, XFF, geolocation, dynamic, static, IP leasing, WHOIS, RIPE/ARIN etc.  Eminently doable but not easy.
 * The second requirement is almost trivial.
 * The third I would say is the show-stopper. It took years before the community accepted admin-bots, and even then the first one was "submarined" for a considerable time. I doubt if we would accept a CU bot.
 * All the best: Rich Farmbrough, 20:47, 26 May 2014 (UTC).


 * The CU bot would actually add an extra layer of privacy protection, because a human CU would run the bot before doing any manual checks and compromising anyone's privacy. I think that the community would embrace such a win-win. GabeMc  (talk&#124;contribs)  20:51, 26 May 2014 (UTC)
 * OK WP:VPP is thataway. Good luck. All the best: Rich Farmbrough, 20:53, 26 May 2014 (UTC).

Oh and just an anecdote on IP addresses. One day I was warning IP vandals in the morning. I drove to visit my father for the day, and borrowed his (AOL connected) computer in the evening. Browsing Wikipedia anonymously I received one of the warnings I had placed earlier. AOL used to select from its proxies thorough some kind of hash of urls. IPs are not always as simple as they look. All the best: Rich Farmbrough, 20:53, 26 May 2014 (UTC).


 * I've started a discussion at Village pump (policy)/Archive 113. GabeMc  (talk&#124;contribs)  21:18, 26 May 2014 (UTC)