Jump to content

Wikipedia:Arbitration Committee/CheckUser and Oversight/May 2010 election/CheckUser/Tiptoety

From Wikipedia, the free encyclopedia

Tiptoety (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Hello everyone. I am Tiptoety. I have been on Wikipedia for a little over three years. In those years, I have spent a fair amount of time dealing with sockpuppetry. I started as a clerk at the former request for CheckUser back in June of 2008. After noticing a number of flaws in the system we were using, I, along with a small group of other users created Wikipedia:Sockpuppet investigations (our current process for dealing with, and responding to sockpuppetry). I still currently serve as a clerk there.

I was granted sysop rights on this project in March of 2008 and have since performed approximately 14,500 logged actions. I also serve as a Sysop, CheckUser, and Oversight on Wikimedia Commons, and am a Global Sysop. In those roles I deal with a large amount of cross-wiki vandalism/sockpuppetry (most of which is initiated on the CheckUser mailing list). A number of these involve en.wiki in which me having access to the CheckUser tool could assist in investigations and in the speedy response to vandalism. (For all my other userrights, please see my matrix).

One of our current issues is that there are a large amount of request for CheckUser attention that sit untouched for sometimes up to a week. I feel that by me having CheckUser rights I could assist in ensuring the quick handling of cases. I am online every day, and consider myself active. I am reachable via email, and use IRC.

Lastly, I am already identified with the foundation and am very familiar with the privacy policy. My personal philosophy is that if I am unsure, hold off and ask for a second opinion. Tiptoety talk 03:01, 8 May 2010 (UTC)[reply]

Comments and questions for Tiptoety

[edit]
  • From Aiken drum: Why do you think you failed your last request, and do you think you've overcome the problems raised there? Aiken 12:06, 8 May 2010 (UTC)[reply]
    A. I think the main cause of concern related to my previous request was my professional life. Many felt that with my work in the field of law enforcement my judgment would impaired by some form of "legal requirement to act", specifically relating to threats of violence. While I respect peoples concern, I am not sworn in any manner that requires me to report perceived threats of violence to law enforcement, nor am I bound by any policy to do so. This was confirmed by and Arbitrator (Risker), who contacted my employer. Like I promised in my last request, should I be put into a position of "mandatory reporting" I would resign as a CheckUser. I also promised the defer to other CheckUser's should I feel my decision making is some how being effected by my professional life. That said, I would argue (as shown on commons, in my role as a CheckUser there) such situations have never happened. Cheers, Tiptoety talk 20:00, 12 May 2010 (UTC)[reply]
  • Questions from Deskana: (five questions, so I'm only looking for brief answers)
  1. What are the key differences between the checkuser policy and the privacy policy?
    The foundation's privacy policy is far more specific in regards to the principles of privacy, the release and retention of private (non-public data), and is not just limited to the information that the CheckUser tool provides those with access to it. The CheckUser policy goes more in depth with regards to the principles surrounding the actual usage of the CheckUser tool. More specifically, the criteria that must be met in order for a check to be ran, and standard operating procedures. Tiptoety talk 20:40, 10 May 2010 (UTC)[reply]
  2. What conditions does the checkuser policy require to be met in order to use the checkuser tool on an account?
    The CheckUser policy states that CheckUser is a tool which is granted to trusted users for the purpose of fighting vandalism, investigate cases of "bad faith editing" where there is a possibility of multiple accounts being used, and more generally to limit disruption to any Wikimedia project. As such an account must be involved in some form of disruption where there is a reasonable suspicion of multiple accounts being used before a check can be ran. It is worth nothing there are legitimate uses for alternate accounts. Tiptoety talk 20:40, 10 May 2010 (UTC)[reply]
  3. What conditions does the privacy policy require to be met in order to use the checkuser tool on an account?
    And I quote: "when investigating abuse on a project, including the suspected use of malicious “sockpuppets” (duplicate accounts), vandalism, harassment of other users, or disruptive behavior, the IP addresses of users (derived either from those logs or from records in the database) may be used to identify the source(s) of the abusive behavior." Tiptoety talk 20:40, 10 May 2010 (UTC)[reply]
  4. What conditions does the checkuser policy give on the release of data from the checkuser tool?
    For most of the cases, revealing a users IP is not an appropriate response. Only under certian circumstances should private data be released, those generally being when the disruption has reached a level to warrant IP blocks / range blocks. That said, there are ways of going about issuing range blocks without revealing who the IP is linked too. Tiptoety talk 20:40, 10 May 2010 (UTC)[reply]
    The privacy policy states very specific conditions:
    In response to a valid subpoena or other compulsory request from law enforcement,
    With permission of the affected user,
    When necessary for investigation of abuse complaints,
    Where the information pertains to page views generated by a spider or bot and its dissemination is necessary to illustrate or resolve technical issues,
    Where the user has been vandalizing articles or persistently behaving in a disruptive way, data may be released to a service provider, carrier, or other third-party entity to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers,
    Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public. Tiptoety talk 20:40, 10 May 2010 (UTC)[reply]
  1. If you are granted CU access, how do you think that will affect you as an editor and an administrator and do you think that will (or should) affect the way that other editors interact with you?
    A.Nothing will change. I already work around SPI quite a bit, and deal with sockpuppetteers often. I will still ask for second opinions and seek help when needed. Just because I will have access to CheckUser will not mean I will be the end all know all. Tiptoety talk 20:40, 10 May 2010 (UTC)[reply]
  • Really last minute question from Spitfire
  1. Imagine a scenario where a user has created a vandalism page, which was tagged for speedy deletion, and they then then tried to remove the tag, but upon being stopped by a bot, they appeared to log out and remove the tag that way. The page was later deleted but an SPI case was opened on the user, you preform a check which reveals that the user is related to the IP, what action do you take?
    A. I am not sure a situation like that would even warrant a check to start with, given it is a pretty clear cases of DUCK. That said, I would probably leave a message on the users talk page advising them of our sock policies. I do not feel a block would be warranted. Tiptoety talk 20:40, 10 May 2010 (UTC)[reply]
  1. What actions would you consider taking if you found an editor was using one or more open proxies to edit? Under what circumstances would you reveal this discovery to the community?
    • A. I think each situation needs to be evaluated on its own merits. Before taking any action, I would contact the user who is believed to be editing through an open proxy. If after doing so, I conclude that the intention of the user was to cause some form of disruption, evade a block, or avoid scrutiny then I would reveal the discovery to the community. Tiptoety talk 00:47, 11 May 2010 (UTC)[reply]
  • Question from User:7
  • Q One of the less documented areas of CU work is to help out at WP:ACC when a CU rangeblock has been applied to an IP requesting a new account. This can be done directly in the ACC interface, or by responding to emails sent to the functionaries list or to a Quick SPI request. Do you have an account with ACC or would you be willing to setup one to help there too?
    • A. I had an ACC account a while ago, but had it closed due to inactivity. If this is an area that requires a fair amount of CheckUser work I would be willing to have my account reopened and help out when needed. I will be honest that this would not be a top priority for me. Tiptoety talk 22:33, 10 May 2010 (UTC)[reply]
  1. All CheckUsers and Oversighters are members of the functionaries-en mailing list, a forum for discussion and co-ordination of privacy-related issues which affect any and all areas of Wikipedia. What qualities and perspectives would you bring to such discussions?
    A. Being that I already have access to the cross-wiki CheckUser mailing list, I am familiar with the type of discussions that take place. In that, I consider myself fairly knowledgeable of proxy detection and have often offered my assistance with such matters. I also hold CheckUser privileges on commons, and should the matter be cross-wiki I could provide my assistance there. Tiptoety talk 19:35, 18 May 2010 (UTC)[reply]
  • Comment/Question from Max Rebo Band, I wonder if there isn't something underlying in the "election promise" that "My personal philosophy is that if I am unsure, hold off and ask for a second opinion." - when you appear to have been one of a handful of administrators on Wikimedia Commons who sipmly deleted dozens of images you found personally distasteful because they contained nudity this past month, without a proper channel such as a Deletion Request. I notice many of those images have been restored by other administrators, often because they were in fact on use in WMF projects, indicating you likely did not "hold off and ask for a second opinion". Examples would include File:Anelina Stretching.jpg, File:G0001.jpg, File:Camila Tavares making a handbra.jpg and File:Ashley Taking a Shower 15.jpg. I guess my concern is that your taste for "unilateral action without consensus" seems demonstrated for deleting images...how do you allay the concern that you may approach our privacy policy the same way when seeking to unmask sockpuppets? I notice that you were criticised for "misrepresenting" the fact you were in fact a Police Officer with the Multnomah County Sheriff's Office in your second failed Request for Admin, and admitted it yourself in your third Request. This does raise severe privacy concerns for me, when Law Enforcement is now seeking the ability to ascertain the actual identities of pseudonymous editors on WMF.Max Rebo Band (talk) 04:15, 20 May 2010 (UTC)[reply]