Forum:CheckUser Policy

From the RuneScape Wiki, the wiki for all things RuneScape
Jump to: navigation, search
Forums: Yew Grove > CheckUser Policy
This page or section is an archive.
Please do not edit the contents of this page.
This thread was archived on 10 February 2011 by Liquidhelium.

I think that now is the time to establish some sort of policy around the checkuser right. My draft is pretty simple, feel free to add to it:

CheckUser is a tool which is used by users in the checkuser group to effectively fight vandalism. Checkuser has three major applications:
-Finding the range of IPs which are vandalising, so the said range can be blocked.
-Finding what IP a vandalising account uses, for the purpose of effectively blocking it.
-Finding which users use a common IP, for looking into abuse of multiple accounts.

Under no circumstances is the CheckUser tool to be used in any other fashion, and especially not by a curious checkuser who wants to know a user's IP.

Please discuss. ajr 23:17, December 14, 2010 (UTC)


The line "Finding which users use a common IP, for looking into abuse of multiple accounts." gives much much too leeway to the checkuser, which is the abuse I have seen in the past (BTWI do not blame any of our current checkusers, they have been operating without guidelines. I entirely fault the system which allowed them to do this). This should be changed to "Only in cases of extreme vandalism, when there is other supporting evidence that an actual vandal account owner is using other accounts also for the purposes of vandalism, can a checkuser be run. Anything more permissible than that is too permissible. This is just like that nasty evil piece of legislation misnamed "The Patriot Act" which is all about destroying freedoms. I would not see our wiki follow such a horrible example, yet I constantly find the similarities between checkuser and the Patriot Act very disquieting.--Degenret01 00:22, December 15, 2010 (UTC)

Can you please give an example of abuse? ʞooɔ 00:25, December 15, 2010 (UTC)
The PATRIOT Act was not about destroying freedoms. Sure, I don't like it, but that doesn't mean it was out to kill civil liberties. Its purpose was to ensure that there was some kind of country left for Americans. And no, it wasn't misnamed. In case you didn't know, PATRIOT is an acronym for something that I don't remember and don't really care about, but I'm sure it's on Wikipedia if you want to know. There is a reason it passed 98-1 in the Senate and with over 300 votes in the House.
Now, as for the policy itself, I agree with Degen on principle here, though I prefer some kind of middle ground between Degen and Ajr's positions. The Ajr's position is definitely too broad, but I feel that Degen's is too restrictive. I think that the "other supporting evidence" portion can be loosened to "probable cause", which would allow checkusers to act on reasonable suspicions, but not give them the free pass to checkuser anyone and everyone they choose. I would trust that anyone we decide to give checkuser to can tell the difference between idiotic claims and reasonable suspicion. --LiquidTalk 00:43, December 15, 2010 (UTC)
I realise that my position is too broad - that's why I'm asking for input and not being bold. ajr 00:55, December 15, 2010 (UTC)
Hi there. Can we keep politics out of this? ʞooɔ 00:57, December 15, 2010 (UTC)

Support - They need it for these uses but should not be used for any other things. Hunter cape (t).png Sentra246Blue hallowe'en mask.png 00:49, December 15, 2010 (UTC)

Support as-is - The users who are given the right should use common sense in addition to these guidelines. We don't need to spell everything out. --Aburnett(Talk) 02:04, December 15, 2010 (UTC)

Support - Nice and simple. Real Crazy 07:41, December 15, 2010 (UTC)

Support - Straightforward. 222 talk 09:08, December 15, 2010 (UTC)

This seems as good a thread as any all things considered, so here goes. I would like a review of all checkusers ran by our people with the tools. I understand we may not see the results, thats fine. But lets see who ran them on what IPs. That is allowed. And I am real big on oversight of limited tools. Anyone can see who any of us block, this is no different a request.--Degenret01 09:23, December 15, 2010 (UTC)

I liked my idea so much I htink it should be made part of our policy, to read as follows. "Checkuser requests must be logged, along with if they were done, by whom, and on what IP's/users. The results of the checkuser request will not be posted." --Degenret01 12:42, December 15, 2010 (UTC)

I like it, though I think I know a better way of implementing it - allowing everyone to view the checkuser log. The log itself doesn't give away any of the obtained data, just says what action was performed, by who, and their reason for doing so. (Example:14:34, 15 December 2010, Ajraddatz got IP addresses for Ajraddatz (Talk | contribs | block) (test) ) ajr 14:35, December 15, 2010 (UTC)
Actually, it does, especially when running sockpuppet checks. After the IP addresses are obtained from the user, it's usually followed up with getting users from the IP address obtained. If you could access the log, you could pretty much figure out the IP addresses of some users. C.ChiamTalk 14:39, December 15, 2010 (UTC)
Heh, forgot about that. Still, there should be no reason to be doing sockpuppet checks unless the person is vandalising, as there is no policy against multiple accounts, and in fact consensus to allow them. ajr 14:51, December 15, 2010 (UTC)
Indeed. Seeing that Azaz ran a checkuser on Cookme has me very very disturbed considering he has never done anything even remotely considered vandalism. We need a serious set of checks on this so it cannot happen again.--Degenret01 14:21, December 16, 2010 (UTC)
In my opinion, aftyer much thought, I think that allowing all users to view the checkuser log (or even just admins if it is a big problem) is the best thing to do. Vandal privacy isn't a big deal, and checkuser shouldn't be run on anything but a vandal. ajr 19:06, December 16, 2010 (UTC)
"Vandal privacy isn't a big deal"? That is an absolutely terrible stance to take. There's a reason that the checkuser log is only available to checkusers: Because IP addresses of registered users are not supposed to be available to everyone else. If the checkuser log were publicly available, Cook's IP would be permanently up there for all of us to see whenever we wanted. Sure, it's awful easy to say "it will only be used on vandals", but it's more accurate to say "it will only be used on suspected vandals", which means people may be compromised without having done anything wrong. Additionally, if we state that vandals surrender their privacy rights because they violate some wiki policies, we take a step down a pretty dark path. So long as it reveals potentially compromising personal information, I will strongly oppose making the log public. Find another way to effect full disclosure of checkuser usage if that's what you want. --Andorin (Talk) (Contribs) 21:24, December 16, 2010 (UTC)
So allowing all to view the log isn;t a hot idea, that's fine. We make a page where the checkusers post when ever they run it. Having such a diverse group will be its own check to ensure that all actions are posted. Again, just the action, not the result.--Degenret01 05:08, December 17, 2010 (UTC)
That is perfectly acceptable to me. Under those circumstances you will want at least two, hopefully more, to make sure the instances of checkuser are accurately reported. --Andorin (Talk) (Contribs) 05:12, December 17, 2010 (UTC)
Sounds fine to me, even if it is slightly bureaucratic. In this case, it would be worth it. ajr 05:22, December 17, 2010 (UTC)

Support - Degen's idea above makes sense. Suppa chuppa Talk 06:15, December 17, 2010 (UTC)

Strong Oppose - I think by the time we trust someone with checkuser a policy won't matter. Either they will be good enough to do it right, or they will get booted out pretty quick. HaloTalk 11:33, December 17, 2010 (UTC)

Define "right". The purpose of this proposal is to determine what constitutes the correct use of checkuser, as we have no such guideline as of now. Magic-icon.pngStelercusIlluminated Book of Balance.png 12:19, December 17, 2010 (UTC)
@Halo:Did you read it all man? Azaz ran one on Cookme. There is no way that was "right".--Degenret01 12:53, December 17, 2010 (UTC)
That's a good approach for rights like sysop whose actions can be reviewd, but not checkuser. Checkuser cannot be reviewed publicly, so we would have to rely on other checkusers to be whistle bowers if someone isn't doing it "right", and I don't find that to be a reliable oversight measure. (wszx) 21:35, December 17, 2010 (UTC)
Sorry, but there comes a point when you just need to trust someone. Four of this wiki's most trusted admins have the tool now, and it will be the same way always. To be completely blunt, if we can't trust them, then we are screwed. ajr 21:40, December 17, 2010 (UTC)
So you approve of Azaz's checkuser of Cook? (wszx) 21:42, December 17, 2010 (UTC)
No, however, that was done in the absence of any policy around the use of checkuser. ajr 21:45, December 17, 2010 (UTC)
Ah, but that makes it even worse! Without guidelines, Azaz would have been acting solely upon his judgment which you have just admitted to disagreeing with. So leaving it up to the judgment of these illustrious "trusted users" is clearly faulty. (wszx) 21:49, December 17, 2010 (UTC)
Not quite. The actions of one do not determine the actions of all. Just because Azaz made a questionable checkuser does not mean that anyone else given the tool would do the same. RS:AGF. --Andorin (Talk) (Contribs) 21:51, December 17, 2010 (UTC)
They do not, this is true. But it does demonstrate that Ajraddatz' almost religious trust in the integrity of people simply because they are "trusted" is misplaced. It also highlights the fact that the other checkusers are not effective whisteblowers. (wszx) 21:57, December 17, 2010 (UTC)
Oh great Azaz in Heaven, I beg for your blessing of my fervent following of you... Beyond that, I'm not saying that these people shouldn't be held accountable for their actions. I am saying that there is a reason why we trust them. No, they aren't perfect, but they are mature enough to be able to have the checkuser right and not use it for lols. Since it seems that you trust nobody on the wiki (save Christine, maybe), perhaps this isn't a good place for you to spend time. ajr 22:09, December 17, 2010 (UTC)
Pfft. Christine would sell me out for a taco. (wszx) 22:16, December 17, 2010 (UTC)
Okay, so you honestly think a policy would have stopped Azaz? HaloTalk 17:56, December 19, 2010 (UTC)
In this case, yes it would. There are currently no clear guidelines on when checkuser should even be used, and clarifying that will prevent further instances like this, as I assume that the users with checkuser are capable of following a policy. ajr 20:01, December 19, 2010 (UTC)
Well I disagree. I really don't think it would stop anyone. I feel this won't actually do anything, and I oppose pointless policies. HaloTalk 20:14, December 19, 2010 (UTC)
You still haven't explained why you think that this policy is pointless. All that you've said is that you think that things would be exactly the same. I say that quite to the contrary, if there is a set of clear guidelines around its use then it will be used in that way. ajr 20:56, December 19, 2010 (UTC)
I don't think this will actually change anything or anyone's attitude or approach. I don't know how to explain it better than that. HaloTalk 20:59, December 19, 2010 (UTC)

Question for someone who can see the log: how often is this tool used? I doubt there's actually all that much legitimate need for checkusers on this site. I don't actually trust most of the people on this site to maturely have access to this tool, guidelines or no. If I'm correct and it's not really that heavily used, I propose we expunge the userright from this wiki and have Wikia do all our requests. It's not like the delay is going to be that problematic, since we don't have many (any?) times when we need to know an IP right-now-right-now. (wszx) 21:33, December 17, 2010 (UTC)

You are right, we don't use checkuser much. However, whenever it is needed it is needed right away. The difference between a few minutes and a few hours in this case is both a disruption of regular editing, via protectsite, as well as a lot of vandalism which could have been prevented. Please don't just say something when you have no idea about the implications of it. ajr 21:37, December 17, 2010 (UTC)
Congratulations on beating me to the "don't say things when you have no idea what you're talking about" disdain—gold star. I do not accept that such circumstances really exist. Widespread vandalism is likely to be effected using proxies, which checkuser doesn't do anything to, and autoblocks can deal with much of the rest. The potential for abuse outweighs the benefits of immediate checkuser, which I do not concede exist, nor do I accept that such immediate response exists, given the other active discussing checkuser inactivity itself. (wszx) 21:42, December 17, 2010 (UTC)
Then you clearly have absolutely no countervandalism experience. Autoblocks can't block ranges, proxies can be determined and blocked, and there is no possibility for abuse, especially when trusted users are the ones who have access to the tool. ajr 21:43, December 17, 2010 (UTC)
I disagree with the notion that there is no possibility for abuse, but in principle I agree with Ajr. It is ignorance to believe there is never a need for checkuser. --Andorin (Talk) (Contribs) 21:45, December 17, 2010 (UTC)
Your contributions to discussions are always so entertaining Andorin—I did not say there was never a need for checkuser, only that there is rarely a need for immediate checkuser. (wszx) 21:57, December 17, 2010 (UTC)
Do you know this better than a VSTF member who's had plenty of experience with countervandalism? Additionally, if you do not stop with the provocative language, I will block you for violating UTP. Not even joking. --Andorin (Talk) (Contribs) 22:06, December 17, 2010 (UTC)
I'm not a VSTF member, by the way. I do have considerable countervandalism experience, though. ajr 22:09, December 17, 2010 (UTC)
You people talk about "countervandalism experience" as if it's some sort of degree you must have to be qualified to know anything. Simply because I do not live out some sort of hypermasculine war-fantasy on this wiki by spending all my time hunting down those despicable vandals doesn't mean I'm stupid (the converse, interestingly, also does not hold). Also, provocative language isn't proscribed in the UTP, and it's poor form to block someone about whom you have a conflict of interest, Andorin. But this wiki doesn't seem to be big on propriety. (wszx) 22:16, December 17, 2010 (UTC)
I wasn't suggesting that you were stupid, I was suggesting that you haven't had the experience to make an informed call in this area. Also, you really didn't need to resort to attacking me. ajr 22:22, December 17, 2010 (UTC)
Proxies might be determined, but he can just hop to another one—that's what proxies are for; while you are correct autoblocks don't block ranges, I disagree that circumstances are so common where we need to immediately identify and block a range to justify the tool. And you put much too much faith in "trusted users". (wszx) 21:49, December 17, 2010 (UTC)
However, because we have access to checkuser, we are able to block the proxies to prevent future abuse. We already have some of the major ones blocked.
If I can't trust the wiki's most trusted users, who can I trust? ajr 21:53, December 17, 2010 (UTC)
You can trust disinterested Wikia staff members who have no political ties to this wiki and are therefore unlikely to use the tool in an inappropriate manner. (wszx) 21:57, December 17, 2010 (UTC)

Support - I don't see why not. Matt (t) 23:35, December 19, 2010 (UTC)

Comment - Can we add something about alerting the person who has been checkuser'd? ʞooɔ 23:35, December 31, 2010 (UTC)

Absolutely, any registered user who has this run on them should be informed at that time that it was done.--Degenret01 15:01, January 3, 2011 (UTC)
Yeah, that seems like a good idea. Suppa chuppa Talk 17:08, January 3, 2011 (UTC)

{{Closure|Has been open long enough.}} Matt (t) 05:35, January 23, 2011 (UTC)

Closed - I think that there is enough consensus to make the checkuser policy official. Logging checkusers really hasn't been discussed enough to warrant a consensus, but I do not think the current checkusers would mind logging their trials. --LiquidTalk 02:51, February 10, 2011 (UTC)