CheckUser policy/Global CheckUser draft

This proposed addition to the CheckUser policy is a draft; please leave feedback on the talk page or add a concern/refutation to the list below.

Global CheckUser edit

Global CheckUser is a tool which allows a steward or certain staff members of the Wikimedia Foundation to look up the IPs associated with a user or the users associated with an IP across all Wikimedia wikis. This tool is not currently available, though it is possible to achieve a similar functionality through using the local CheckUser tool at For the purposes of this policy, using the local CheckUser tool on loginwiki will be considered a global CheckUser in lieu of an extension with that functionality.

Access edit

Stewards and members of the staff global group have access to the global CheckUser tool. This tool can be used without any public log, however, statistics of its use are published at Stewards/CheckUser statistics for loginwiki (for the current incarnation of the tool). Please note that an individual investigation could involve many or no logged actions.

Usage edit

The global CheckUser tool can be used when the intention is to prevent abuse in cases of cross-wiki vandalism or spam. It is not a content-control tool, nor should it be used by a steward to investigate abuse limited to one wiki.

Other edit

Common concerns and refutations, if applicable.

  1. It removes accountability with no public log.
    The public log is useless anyway, only showing token reasons, and still limiting accountability since other stewards need to +checkuser themselves as well to see what was actually done.
  2. It could allow stewards to check on wikis with local CheckUsers, in violation of the policy.
    With 39 stewards + 7 ombudsmen + WMF staff being able to view the global CheckUser log, there are lots of people who can confirm that this isn't happening.
  3. The current policy explicitly disallows users to have global checkuser access.
    When the current policy was written in 2005, there was no such thing as SUL and there was no way for people to envision what a global CheckUser would be. In their minds, "global" actually meant "local on all wikis". This was and still is a problem with accountability, since someone could perform a check on a random small wiki and nobody would ever find out. An actual, global CheckUser does not have these accountability problems, since there is a single log which is easily visible by all others users with access to it.
  4. There was already a global CheckUser log which was explicitly made into a local one.
    True, but this is different from what we are describing here. This is not a log of all local checks, this is a log of global checks. As such, the initial concern that stewards were being give local access on all wikis with a log of all local checks does not apply, since it only logs global checks.