Community Wishlist Survey 2022/Anti-harassment/Access log of oversighted contents

Access log of oversighted contents

  • Problem: Oversighted revisions often contain non-public personal information, which can be accessed to arbitrarily by oversighters. There is a risk of oversighters being bribed to search for oversighted information, in order to dox someone.
  • Proposed solution: Each access to oversighted contents should generate a private log entry, and thus abnormal information collections could be detected. It's not applied to recent oversighted contents for review convenience.
  • Who would benefit: People who have personal information oversighted.
  • More comments:
  • Phabricator tickets:
  • Proposer: Lt2818 (talk) 15:23, 14 January 2022 (UTC)[reply]

Discussion

The CUs on enwiki have explained quite well why the CU log is private: they check some accounts and decide that there was a violation. They then check all the accounts' IP addresses to look for additional socks, and any account they find on the said IPs for confirmation that it is in fact a sock (and frequently decide some aren't). If the check log were public, that would be a huge amount of private data revealed to the public. 2.55.185.246 18:52, 22 January 2022 (UTC)[reply]
Could you give an example of such private data? ··gracefool 22:13, 4 February 2022 (UTC)[reply]
yeah, sure... /s ~~~~
User:1234qwer1234qwer4 (talk)
20:11, 7 February 2022 (UTC)[reply]
  • In case of legal need, I am pretty sure HTTP access logs already allow WMF or legal authority to check all log accesses. -- Pols12 (talk) 13:44, 29 January 2022 (UTC)[reply]
    I'm not sure how long the HTTP access logs are kept. This proposal will let other volunteers (oversighters & stewards) be aware of permission abuse, before a WMF investigation. Lt2818 (talk) 16:05, 29 January 2022 (UTC)[reply]
  • To respond to those saying we should "trust functionaries" - that attitude is simply naive. "Who watches the watchmen?" It's a basic principle of human nature that oversight needs oversight. Everyone needs accountability, no-one is perfectly trustworthy, and even if they were, it doesn't hurt to prove it. ··gracefool 22:13, 4 February 2022 (UTC)[reply]
    We should trust them, because they have got to where they are by showing that they are suitable for the role by many years of work and have earned the trust granted to them over years, and often more than a decade of service. They will have been through community approval (such as Request for Adminship), likely several times over. Their real identities are all known by the WMF as well. Mako001 (talk) 03:16, 5 February 2022 (UTC)[reply]
    I don't think access logs imply distrust of functionaries, but just in case. Do you think CU logs are unnecessary too? Lt2818 (talk) 05:10, 5 February 2022 (UTC)[reply]
    This, essentially. It's not like there haven't been cases of CU abuse/misuse either, and viewing oversighted material certainly has potential for abuse. ~~~~
    User:1234qwer1234qwer4 (talk)
    20:22, 7 February 2022 (UTC)[reply]

Voting