Wikipedia:CheckUser

From Wikipedia, the free encyclopedia
  (Redirected from Wikipedia:Checkuser)
Jump to: navigation, search
If you need to contact a CheckUser for a sensitive matter, please see Contacting a CheckUser below.
Logo for the Wikipedia CheckUser tool and the Checkuser team

The CheckUser tool is a special function on Wikipedia that can be accessed by a small group of trusted Wikipedia users (called CheckUsers). The tool allows its users to query the Wikimedia servers in order to ascertain the IP addresses used by a Wikipedia user account, as well as other technical data stored by the server about a user account or IP address. Wikipedia's Checkuser team uses the tool in order to establish whether two or more accounts are being operated by one individual or group of people, and then to protect Wikipedia against disruptive or abusive behaviour. CheckUser data cannot be correctly interpreted without technical knowledge and experience with the tool. CheckUser data is never accessed or released, except in accordance with the Wikimedia Foundation's Privacy policy and the additional restrictions placed by this policy. After completing an investigation with the checkuser tool, most checkuser operators release their findings in generalised form (such as with a statement that "account A is, is not, or may be the same as accounts B or C"); on the English Wikipedia, the release of actual private data (like "account D is connecting through IP address 0.1.2.3") is exceptionally rare. Conclusions derived from checkuser data have limited usefulness, and a negative finding by a checkuser rarely precludes obvious sock-puppetry.

On the English Wikipedia, CheckUser is entrusted to a restricted number of users who can execute CheckUser inquiries at their own discretion – and monitor each other's use of the function. The permission is granted (exceedingly rarely and only to very trusted editors) by Wikipedia's Arbitration Committee, after community consultation and vetting of the editor by the committee's members. Checkusers are required to be administrators. Checkusers must also be 18 years of age or older and have provided proof of age (which is destroyed after receipt) to the Foundation before being appointed. The use of the checkuser tool on the English Wikipedia is monitored and controlled by the Arbitration Committee's Audit Subcommittee (AUSC), and checkusers may have their permissions revoked by the Arbitration Committee (on recommendation by its subcommittee) for misuse or abuse of the checkuser permission.

This policy supplements the global checkuser policy and applies only to the English Wikipedia.

Policy

The Checkuser tool may only be used to prevent disruptive editing on the English Wikipedia or to investigate legitimate, credible concerns of bad-faith editing or sock-puppetry.

Grounds for checking

CheckUser data may be used to investigate, prevent, or respond to:

  1. Vandalism;
  2. Sock puppetry;
  3. Disruption (or potential disruption) of any Wikimedia project; and
  4. Legitimate concerns about bad faith editing.

The tool may never be used to:

  1. Exert political or social control;
  2. Apply pressure on an editor; or
  3. Threaten another editor into compliance in a content dispute.

The primary purpose of CheckUser is the prevention of sock-puppetry, but community policy provides for several legitimate uses of alternative accounts where the alternative accounts are not being used to violate site policy (such as by double voting or by giving the impression there is more support for a position in a discussion or content dispute).

On some Wikimedia projects, an editor's IP addresses may be checked upon his or her request, typically to prove innocence against a sockpuppet allegation. Such checks are not allowed on the English Wikipedia and such requests will not be granted.

Notifying the account that is checked

Checkusers are permitted but not required to inform an editor that their account has been checked. The result of a check may be disclosed to the community (on a community process page like Wikipedia:Sockpuppet investigations), typically in order to document the activity of a serial vandal.

CheckUser and privacy policy

The CheckUser feature facilitates access to non-public information. The Wikimedia Foundation takes the privacy of its users extremely seriously, and there may at times be tension between protecting Wikipedia from damage and disruption, and protecting the privacy of users (even disruptive ones). Checkusers must perpetually weigh these opposing concerns. In order to reach the most optimal result, checkusers on the English Wikipedia are required to adhere to the following conventions and practices.

  1. Checkusers are given discretion to check an account, but must always do so for legitimate purposes. Broadly, checks must only be made in order to prevent or reduce potential or actual disruption, or to investigate credible, legitimate concerns of bad faith editing.
  2. Checkusers often receive requests from non-checkusers that they check an account (though many checks are also initiated by the checkuser without direction, for instance because the checkuser has noticed a suspicious account). Where a check is initiated as a result of a request from a non-checkuser, that request may be received in public or in private. Requests received privately may be directed by the checkuser to be made publicly if the checkuser so desires, and vice versa.
  3. Unsubstantiated requests will be declined and a check will not be run (typically using the slogan "Checkuser is not for fishing"). On their own cognisance, checkusers may nonetheless privately make any check that falls within the bounds of CheckUser policy; this might include a check that they have elsewhere or earlier declined to make.
  4. The disclosure of actual checkuser data (such as IP addresses) is subject to the privacy policy, which requires that identifying information not be disclosed except under the following circumstances:
    • With the permission of the affected user;
    • Where the user has been vandalising articles or persistently behaving in a disruptive way, data may be released to non-checkusers to allow the making of IP blocks or rangeblocks, or to assist in the formulation of a complaint to relevant Internet Service Providers or network operators; and
    • Where it could reasonably be thought necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public.

These conventions arise out of practice that has emerged in the years since the checkuser tool was created, and in some cases out of rulings or "statements of best practice" by the Audit Subcommittee.

IP information disclosure

CheckUsers may state that different named accounts are operated from the same IP or range, so long as the actual IP address(es) are not specified, or if only non-specific details are given (such as the name of the country, region, or large ISP associated with the IP address). If the CheckUser's statement could not lead to another person divining the personal identity of the user accounts in question, such disclosure would be permissible. However, on the English Wikipedia, CheckUsers are discouraged from making a public statement that connects one or more IP addresses to one or more named accounts, since an IP address is often much more tightly linked to a specific person. (In the case of larger IP ranges, this discouragement is not made to so great a degree, because larger ranges mean a less specific connection can be drawn.) When announcing the results of their checks, CheckUsers will employ a variety of means to avoid connecting a user to an IP address, but in some cases it is hard to avoid doing so. This policy encourages English Wikipedia CheckUsers not to allow such connections to be made from their results, but the global privacy policy allows them to do so in the case of serious disruption, and this policy allows CheckUsers to prioritise compliance with Wikipedia policy over the personal privacy of a user who has abusively edited the encyclopedia.

In some situations, while CheckUsers can endeavour to avoid explicitly connecting an account to an IP address, they will find it difficult or impossible not to do so. For instance, when a user edits disruptively using multiple IPs, or a mixture of IPs and accounts, the CheckUser will find it difficult to block the accounts and then the IP addresses without obvious inference being drawn by onlookers from the series of blocks being made in a short period of time. When a user abusively uses several accounts, and it is reasonably plausible they will create more accounts, the underlying IP range must be blocked so that further abusive accounts cannot be made. The IP addresses and user accounts must therefore be blocked together.

Accounts that engage in problematic conduct to the point that requests for administrative action or blocking are raised and considered valid for CheckUser usage, and where CheckUser then determines the user probably has engaged in such conduct, must expect the protection of the project is given a higher priority than the protection of those who knowingly breach its policies on editorial conduct.

IP information retention

Data on users (like their IP address) is retained for a limited period on Wikimedia Foundation sites. Data retention is limited in this way because incidents or actions that are not current rarely require investigation.

Guidance given to CheckUsers

m:CheckUser policy advises that, even if the user is committing abuse, personal information should if possible not be revealed. Checkusers are advised as follows:

  • Generally, not reveal IP addresses when announcing their results. Only give generalised results, such as that one account uses the same network (or a different network) to another account. If detailed information is provided, make sure the person you are giving it to is a trusted person who will not reveal it. Typically, such information should not be given to people who are not functionaries or experienced administrators; it would be best to deal with the abusive accounts with other checkusers.
  • If the user has said they're from a certain region and their IP address confirms that they are, you are permitted to confirm that checkuser verifies they are.
  • If you're in any doubt, give no detail – and "answer like a Magic 8-Ball"!

On the English Wikipedia, CheckUsers asked to run a check must ask for (and be given) clear evidence that a check is appropriate and necessary. The onus is on an individual CheckUser to explain, if challenged, why a check was run. Do not make any presumptions, no matter who asks. The CheckUser log is regularly examined by arbitrators and especially by members of the Audit Subcommittee, who have previously initiated investigations of their own motion. All actions associated with the CheckUser tool, especially public or off-wiki actions, are subject to public view and can result in a complaint being filed against you with the Audit Subcommittee, the Wikimedia Foundation Ombudsman, or both. Checkusers who run checks based on an unsubstantiated accusation may be cautioned or subject to sanctions, up to and including the revocation of their permissions; for a previous example of this, see this 2009 investigation by the Audit Subcommittee.

Fishing

Shortcut:

"Fishing" is to check an account where there is no credible evidence to suspect sockpuppetry. Checks are inappropriate unless there is evidence suggesting abusive sock-puppetry. For example, it is not fishing to check an account where the alleged sockmaster is unknown, but there is reasonable suspicion of sockpuppetry, and a suspected sock-puppet's operator is sometimes unknown until a CheckUser investigation is concluded. Checks with a negative result do not mean the check was initially invalid.

Contacting a CheckUser

CheckUsers are seasoned, experienced users, trusted to handle sensitive and privacy related matters and other user issues. Routine sock-puppet and editing issues requiring CheckUser review are handled at Wikipedia:Sockpuppet investigations. In keeping with WP:NOTBUREAUCRACY, CheckUsers are authorised to receive contact by other means, like on their talk pages, by e-mail, on IRC or a mailing list, and so on. If an incident is of a private or sensitive nature, you should never use public means of contact. If an incident is of an urgent nature, you should contact a CheckUser you know to be online, or contact multiple active CheckUsers. If an incident is an emergency, you should contact the Wikimedia Foundation.

If you require an editor with CheckUser access, you may contact:

  1. An individual CheckUser who will either advise, deal with the matter, or (especially if asked) forward it on to other CheckUsers for wider discussion.
  2. The English Wikipedia CheckUser team, which is ideal if you need a quick response, possibly other CheckUsers to be aware, and do not know any CheckUsers personally to judge which individual to contact. See the functionaries-en mailing list for how to do this. If it is sensitive beyond that, then it may instead be sent to the Arbitration Committee mailing list or any arbitrator.
  3. The interwiki CheckUser team, which co-ordinates between CheckUsers on all WMF projects (and Stewards, for small wikis with no local CheckUsers) in the Checkuser-l mailing list. The inter-project team is ideal for matters concerning prolific vandals or sock users, privacy-related incidents or harassment, and other global matters of interest beyond English Wikipedia. The Wikimedia-wide CheckUser mailing list does not receive mail from non-subscribers, so you will need to contact a CheckUser by other means (like IRC).

CheckUser operation

Note: The actual IPv6 maximum is /48

Usage

A user with CheckUser access will get an extra "CheckUser" option under Special:SpecialPages, a "Check IP addresses" option on Special:Contributions, access to Special:CheckUser and Special:CheckUserLog special pages, and other similar functions. On the English Wikipedia, CheckUsers also receive access to the Checkuser-l global mailing list, subscription to functionaries-l, and access to the IRC channels if they so request.

Several scripts exist for English Wikipedia CheckUsers, including User:Amalthea/culoghelper.js, User:Amalthea/cufilter, ru:MediaWiki:Gadget-markblocked.js, User:Tim Song/spihelper.js, among others. (No guarantee is given that these scripts are currently functional.)

Guide to checkusers

The Meta checkuser help page gives checkusers the following information:

  • CheckUser is a technical tool, and requires a significant degree of familiarity with IPs, IP ranges, and related principles, to be correctly used.
  • CheckUser is not magic wiki pixie dust. Almost all queries about IPs will be because two editors were behaving the same way or an editor was behaving in a way that appears suggestive of possible disruption. An editing pattern match is the important thing; the IP match is really just extra evidence (or not).
  • Most dialup and many DSL and cable IP addresses are dynamic, meaning they might change every session, every day, every week, every few months, or hardly ever. Unless the access times are immediately before and after each other, be cautious in declaring a match based on IP address alone. Experienced check users will learn to recognise if an ISP changes frequently or occasionally. Proxy IP addresses might not be a match, depending on the size of the organisation running the proxy (per whois output). If it's an ISP proxy, it is not so likely to indicate a match. (Note – some users, particularly those involved in technical matters, can help identify whether an IP is likely to be a proxy, or is likely to be static, fast, or slow changing.)
  • There is both a CheckUser mailing list (checkuser-l@lists.wikimedia.org), and a CheckUser irc channel (#wikimedia-checkuser), providing means to consult and get advice on checks and their interpretation, especially in the case of more complex vandalism. Both are used by CheckUsers on all Wikimedia Foundation projects; they are not just for the English Wikipedia. Access to the IRC channel is by invitation only and the CheckUser mailing list does not accept correspondence from non-members – users seeking assistance of a local CheckUser should see the #Contacting a CheckUser section above.
    • CheckUsers also have access to the channel #wikimedia-privacy, where oversighters have access as well.
  • Functionaries who are executing a checkuser query should remember that Tor spoofs headers, including the useragent, which may make it appear that a good-faith editor with IPBE is actually a sock of a disruptive editor.

Reasons and communication

Checkusers must be able to provide a valid reason to another checkuser (or the Audit Subcommittee) for all checks they conduct.

Checkusers must clearly mark as a "checkuser block" any block based on findings that involve checkuser data. The templates {{checkuserblock}} and {{checkuserblock-account}} should be used for this purpose. However, in the case of such blocks, checkusers are not required to explain to non-checkusers the specific evidence at play (and are prohibited from doing so by the privacy policy).

CheckUser blocks

Checkusers can block accounts based on technical (checkuser) evidence. They will make clear in the block log summary that they have blocked as a "checkuser action". These blocks must not be reversed by non-checkusers. Administrators should not undo or alter any block that is specifically called a "CheckUser block" without first consulting a CheckUser.12 However, all checkuser blocks are subject to direct review and significant scrutiny by the other checkusers and the Arbitration Committee (or its Ban Appeals Subcommittee). If you are concerned that a checkuser block has been made in error, you should refer the block promptly to the functionaries team, who will carefully review the checkuser evidence. Checkuser blocks may subsequently be appealed, as a matter of last resort, to the Arbitration Committee.

Log of checks

Example of the CheckUser log. (Sample only.)

CheckUser queries cannot be executed on the English Wikipedia without the initiator entering something in the "Reason for check" field, which is akin to the edit summary feature for page-editing. All queries are logged at Special:CheckUserLog, which is visible only to other CheckUsers through Special:CheckUser. Each entry in the log will show who ran the check, when, the check reason, and what type of data was called (the tool can be used to get IPs, edits from an IP, or users for an IP). The log does not display, nor allow for the retention of, data returned from a check.

Assignment and revocation

CheckUser permissions are assigned by the Arbitration Committee. While many users with CheckUser permissions are or were members of the Arbitration Committee, the Arbitration Committee also appoints a number of editors as CheckUsers, typically around once a year. Users interested in obtaining access should watchlist the Arbcom noticeboard for an announcement or contact the Committee, and proceed from there. Appointments that are confirmed by the Arbitration Committee will be posted on Requests for permission on Meta-Wiki, a Steward will assign the permission once identification is confirmed.

CheckUser permissions can be revoked for inactivity and for cause. If the Committee feels that an editor has abused CheckUser, such as by inappropriately performing checks or needlessly disclosing privacy related information from a CheckUser inquiry, they will request a Steward to remove the permission from the editor. This may be done by any of the usual ways, including e-mail or a request on requests for permission on Meta. Emergency requests based upon clear evidence may also be made in exceptional circumstances, the same way. In an exceptional case, and for good cause, a Steward may temporarily remove the permission, pending a decision by the Committee. The Steward should check the matter is well-founded, and make clear immediately that it is a temporary response only, since such an action could lead to controversy.

Complaints and misuse

WMF policy on removal states that:

Any user account with CheckUser status that is inactive for more than a year will have their CheckUser access removed.

In case of abusive use of the tool, the Steward or the editor with the CheckUser privilege will immediately have their access removed. This will in particular happen if checks are done routinely on editors without a serious motive to do so (links and proofs of bad behavior should be provided).

Suspicion of abuses of CheckUser should be discussed by each local wiki. On wikis with an approved ArbCom, the ArbCom can decide on the removal of access[...] Removal can only be done by Stewards. A Steward may not decide to remove access on their own, but can help provide information necessary to prove the abuse (such as logs). If necessary, and in particular in case of lack of respect towards the privacy policy, the Board of [the] Wikimedia Foundation can be asked to declare removal of access as well.

Complaints of abuse of CheckUser or privacy policy breaches may also be brought to the Ombudsman commission.

Complaints involving the release of personally identifying information or other potential violations of the Wikimedia Foundation's Privacy Policy should be made to the Ombudsman commission.

Other complaints or inquiries about potential misuse of the CheckUser tool should be referred to the Audit Subcommittee.

Users with CheckUser permissions

An automatic list is at Special:Listusers/checkuser. As of 6 March 2014, the following editors form the CheckUser team on the English Wikipedia:

Current arbitrators 
AGK,3 Beeblebrox, Carcharoth, David Fuchs, Floquenbeam, GorillaWarfare, LFaraone,34 NativeForeigner,34 Newyorkbrad,4 Roger Davies, Salvio giuliano,3 Seraphimblade, Timotheus Canens, Worm That Turned
Former arbitrators 
Chase me ladies, I'm the Cavalry, Coren, Courcelles,3 Deskana,3 FloNight, Jpgordon, Mailer diablo, PhilKnight, Risker
Non-arbitrators appointed by ArbCom5 
Alison, Amalthea, Avraham, DeltaQuad, DoRD, Elockid, J.delanoy, Keegan, Materialscientist, Ponyo, Reaper Eternal, Tiptoety, Versageek
Community members of the Audit Subcommittee (AUSC) 
Guerillero, MBisanz, Richwales
Others6 
Jimbo Wales, Wikimedia staff members (prohibited from use by internal policy except in rare cases), Wikimedia Ombudsmen.7
  1. ^ CheckUser Mackensen's comment on "Checkuserblocks," and why they should not be lifted.
  2. ^ Arbitration Committee statement on Checkuser blocks, 18 July 2010
  3. ^ a b c d e f This user was appointed as a CheckUser prior to joining the Committee.
  4. ^ a b c Current Arbitrator member of the Audit Subcommittee
  5. ^ Community members of the Audit Subcommittee (AUSC) are elected once per year to three of the six positions as Auditors, and together with the three arbitrator members hear complaints about the use of CheckUser and Oversight permissions on the English Wikipedia; their role is separate from the Wikimedia Foundation's Ombudsman Commission. Unless they already held the permission, community subcommittee members are given the CheckUser and Oversight permissions (and associated access rights) for the duration of their term.
  6. ^ "Others" includes users who require access for WMF reasons, and WMF officers.
  7. ^ Ombudsman commission members have global CheckUser access in order to investigate allegations related to breach of WMF privacy policy (cf. full list)

The list above is served from Template:Functionaries.


See also

CheckUser
CheckUser access
Related pages
Technical
  • mw:CheckUser; more detailed description of how the feature works and how to install the extension on one's own wiki.







Creative Commons License