Talk:CheckUser policy

Hi. What should be added is rules about when it is possible to ask for ip check. Remember that this is borderline with privacy policy, so information should only be given if there is a valid reason. It probably means that no request may be done by one user only (but must be approved by others) and a motive always given. It may be that information is only partially offered to the user asking (eg, not giving an ip number, but saying "this fit with another user information, or not). Anthere 04:51, 6 September 2005 (UTC)[reply]

The Steward will answer you if these two users are from the same IP, same proxy, same network, same country, or are they completly unrelated.

And... I think that's all ;) Datrio 18:34, 10 September 2005 (UTC)[reply]

There is no consense if a user has to be notified when CheckUser is run on him. In my opinion it is essential to automatically notify him in every case. Even if nine out of ten investigations would be false alarms you have to tell people that their privacy has been harmed. This will also prevent abuse of CheckUser. Of course some people will complain but if it's a community consense to use CheckUser then it should be able to convince them why they have been checked. No secret observations please -- Nichtich 08:06, 21 September 2005 (UTC)[reply]

Hmm... This is a good suggestion. Though it can't be made automatically, it should be done manually, by a steward. Although, a user should be notified even earlier, before the check - during the voting. Datrio 16:08, 21 September 2005 (UTC)[reply]

.. is not complete, or? -- MichaelDiederich 09:25, 21 September 2005 (UTC)[reply]

Problem 1 - CheckUser must not be done be stewards. The only things Stewards should be able to do are administrating low-activity wikis, and various stuff for exceptional circumstances. CheckUser is a routine administration task, and on most wikis local bureaucrats or other trusted users should have such access, not outsiders stewards.

Problem 2 - people who look for sockpuppets (each wiki's admins) need full CheckUser output, not just "same network/not same network". My experience with Kwiecień's sockpuppets on pl.wp is very clear here - I often had to use nmap, whois etc., and without some IT experience one wouldn't be able to spot the pattern and clearly establish whether someone is or is not a sockpuppet. Stewards usually do not have such experience. Also, some knowledge of country's network is often very useful, for someone who doesn't know the Polish part of the Internet, and can't look for this information (because of not knowing Polish), it would be more difficult to look for sockpuppets. Therefore it's a lot more efficient to give CheckUser access to local bureaucrats.

Problem 3 - users should not be notified about being checked. Their privacy was not compromised in any way. Every reasonable privacy policy must be understood to read that people involved in protecting the network may investigate every suspicious activity at will, and there's no reason to notify anyone. Only if the data was to be disclosed to more people, one needs to think about the privacy. Moreover, CheckUser logs usually contain very little private information. It's possible that someone has one account for general editing, and other for writing on sensitive subjects, but it seems to be an extremely unusual situation. Taw 16:22, 21 September 2005 (UTC)[reply]

As I mentioned I have transalated my published policy at this page, feel free to analyse, use or ignore it. :) Please leave comments on my enwiki or huwiki talk page (latter is faster).

Feel free to fix grammatical or style mistakes, I did it in a hurry. :) --grin 20:00, 22 September 2005 (UTC)[reply]