Requests for comment/Clarification to CU policy

The following request for comments is closed. Following discussing at Wikimania I am withdrawing this RfC to allow further discussing regarding potential rewording — The preceding unsigned comment was added by Doc James (talk)

---

Support edit

1. Support as proposer. A needed clarification regarding the us of these tools. Doc James (talk · contribs · email) 06:29, 4 August 2017 (UTC)[reply]
2.  Support Good idea --Sargoth (talk) 06:55, 4 August 2017 (UTC)[reply]
3. Support - as one of the admins who has blocked one of the extortion creeps (case of extremely nasty stuff about a notable female minor) I think this rewording is essential. Kudpung (talk) 06:59, 4 August 2017 (UTC)[reply]
   • That would fall squarely under the "disruption" clause of the existing criteria. Thryduulf (talk: meta · en.wp · wikidata) 07:57, 4 August 2017 (UTC)[reply]
4.  Support As usual, James has a sensible and helpful idea. I would caution tho that what you wrote below is consistent with just blocking for sockpuppetry as such. —Justin (koavf)❤T☮C☺M☯ 07:03, 4 August 2017 (UTC)[reply]
5.  Support on the principle that paid contributions without disclosure are disruptive to the project. · · · Peter (Southwood) ^(talk): 07:22, 4 August 2017 (UTC)[reply]

   If it is disruptive to the project then the existing policy allows a checkuser anyway, so you are not gaining anything. Thryduulf (talk: meta · en.wp · wikidata) 07:58, 4 August 2017 (UTC)[reply]

   That is why I consider this a clarification of the existing policy rather than a change. IMO the policy already allows the running of CU's on paid editing when there is the suspicion of the use of socks. Doc James (talk · contribs · email) 13:53, 4 August 2017 (UTC)[reply]

   If there is a suspicion of the use of socks then paid editing is irrelevant. If there is no suspicion of the use of socks then a CU cannot and should not be run, so paid editing is also irrelevant. Thryduulf (talk: meta · en.wp · wikidata) 15:10, 4 August 2017 (UTC)[reply]

   Much paid editing creates the concern that socks are being used in and of itself. If you look at an account like this, they make just over the 10 edits to get autoconfirmed at one go, they than wait the time needed to get autoconfirmed, than bang onto work they go with this account, in this case creating two amzingly formated articles that are promotional in nature and the account goes dead never to be used again. The hope is that it will time out on CU before the community picks it up. The reason why we are here is some appear to disagree that this pattern rises to a sufficient level of concern that socks are being used to justify a CU. Doc James (talk · contribs · email) 16:10, 4 August 2017 (UTC)[reply]

   so what you are asking for is to expand cutool to allow all accounts to phish? why not just require photo id for editing?68.151.25.115 22:18, 7 August 2017 (UTC)[reply]

6.  Support this makes it more explicit and spells out that using CU to enforce the terms of use is allowable: nothing is harmed by adding it and some good could come by making it clear to CUs that this is a valid reason. The additional expansion of scope of preventing harm to the subject of articles and to editors is also a positive factor in reminding us that the human factor is the most important on our project. With the expansion of either blackmail or hatchet job paid editing sock farms, affirming this principle is a must. TonyBallioni (talk) 07:44, 4 August 2017 (UTC)[reply]
7.  SupportThank you James for your proposal. I also think that we need to explicitly state that this tool can be used to help detect paid editing abuse. That will also define detecting such abuse as one of the Wikimedia movement's priorities. GastelEtzwane (talk) 09:04, 4 August 2017 (UTC)[reply]
8.  Support 'Disruptive' is not a catch-all that Thryduulf seems to think it is. Only in death (talk) 10:13, 4 August 2017 (UTC)[reply]
9.  Support COI CU patrollers already ask for more permission to do this. Paid editing farms are a major problem facing the Wikimedia movement because they greatly harm the morale of volunteers, spoil our reputation, and spoil our content. Giving trusted users more authority to do what they wish to do to better manage the issue is a step in the right direction. We ought to do many things more, including investing money in acknowledging and addressing how this very dangerous problem continues to generate negative media attention and cause our best editors to leave Wikimedia projects. Giving more authority to CUs is not the whole of the answer, but the Wikimedia community likes solutions which can be described in one sentence and which cost no money so this is where we are. Although I am confident that this change to CU policy would have an impact, I also want the expansion of CU authority to lead to other discussions of what more we can do. I hope that a very visible change to CU policy can raise the profile of the issue and encourage other people to make proposals to counter organized wiki crime. Blue Rasberry (talk) 11:14, 4 August 2017 (UTC)[reply]
10.  Support as per above comments. Yann (talk) 11:53, 4 August 2017 (UTC)[reply]
11.  Support It is not an expansion- WTT's comments makes this clear. Instead this is a useful clarification, that allows us to enforce our terms of use. People aren't going to voluntarily declare if they don't have a 'stick' that makes them want to do so. Jcc (talk) 12:15, 4 August 2017 (UTC)[reply]
12.  Support the wording could be "to prevet/fight violations of Terms of Use" masti <talk> 12:24, 4 August 2017 (UTC)[reply]
13.  Support In part, the proposed change merely affirms the current practice. Already a substantial number of CheckUser work on enwiki involves dealing with accounts created by undisclosed paid editors. Regretfully, no precise numbers are available, but it's easy enough to take a look at the active SPI cases currently showing on top of the list. The change also opens the way to discussing a more liberal use of the tools in specific circumstances, but as WTT rightly notes, CU can hardly be expected to do more than to confirm behavioural evidence. Rentier (talk) 12:53, 4 August 2017 (UTC)[reply]

    Not entirely true, re: confirmation of behavioral evidence. CU can often find accounts that would go undetected and link them with a specific farm. It is probably better to say that behavioral evidence confirms CU findings in these cases rather than vice versa. A minor pedantic distinction, but I think an important one. TonyBallioni (talk) 13:12, 4 August 2017 (UTC)[reply]

14.  Support per Blue Rasberry rationale--Ozzie10aaaa (talk) 15:29, 4 August 2017 (UTC)[reply]
15.  Support I consider it a positive line of defense against the misuse of our encyclopedia. Atsme^📞📧 16:52, 4 August 2017 (UTC)[reply]
16.  Support Wikipedia’s embrace of harassers and extortionists is a scandal; this is an encouraging first step. MarkBernstein (talk) 19:14, 4 August 2017 (UTC)[reply]
17.  Support I agree with some of the comments by editors who oppose, that this should not become a reason for fishing expeditions, but I think most checkusers understand that distinction. I also agree with the criticisms that there is a limit to how much the checkuser tool can really be of help with undisclosed paid editing. Most of the rationale for this new use concerns sockfarms of such editors, and it can reasonably be argued that the existing policy already addresses use for sockpuppetry. But, having said all that, I still see the proposed change as a net positive. There are situations where checkuser use can help track down the more massive attempts at disruptive paid editing, and it has been my personal experience at en-Wiki that some checkusers are uncomfortable with investigating paid editing under the existing rules. It's not about harassing or outing accused editors, and I doubt that any checkuser would misuse it that way. We have a ToU, and it needs to be enforceable if we are serious about it. And the problem of undisclosed paid editing is, in my opinion, the single greatest existential threat to the Wikimedia movement. And it also appears to me that some of the opposition to the proposal boils down to we haven't done it this way before, so it is wrong to start doing it now. If this discussion leads to a consensus that we should change how things are done, then that would mean that there is a consensus for change. --Tryptofish (talk) 22:36, 4 August 2017 (UTC)[reply]
18.  Support per Bluerasberry and Tryptofish. Jules78120 (talk) 10:38, 5 August 2017 (UTC)[reply]
19.  Support per Bluerasberry.Good expansion.Winged Blades of Godric (talk) 14:16, 5 August 2017 (UTC)[reply]
20.  Support Amqui (talk) 14:19, 5 August 2017 (UTC)[reply]
21.  Support important clarification that expresses widespread concern in the community about paid editing sock farms and serial sockers. There is a hardcore old school focused on "content not contributor" and privacy that sometimes attempts to thwarts this kind of clarification. Privacy will always be a fundamental value and the community trusts CUs to always use the tools wisely. This clarification lets CUs know that in 2017, the community is aware that Wikipedia has become so prominent that it has become a target not only for common promotional campaigns, but a platform for scamming people who are concerned about how they are represented in Wikipedia; we want the CU tools to be used specifically to reveal sock accounts used in these kinds of exploitation - that this activity is disruptive. Jytdog (talk) 02:16, 6 August 2017 (UTC)[reply]
22.  Support I saw how the English Wikipedia has been sabotaged greatly by the above demonstration. Maybe in places other then English Wikipedia there are more in good faith but undisclosed paid editing, however, it seems like the "I know how to beautify your article, let me charge you and then contribute" way of contributing is happening more and more time in the present. I think if the policy has a clearer stand point on this, then editors who fight against these kinds of deliberately edit for money behavior may got more chance to reveal and less portion to effect the independence of Wikipedia. --Liang(WMTW) (talk) 23:38, 7 August 2017 (UTC)[reply]

than you should change it only on enwiki if it is possible and the local community agrees. Apparently, WMF does not care to introduce better practices for CUs on all platforms, so if they respect so much their autonomy, they can behave the same way also in this case. Especially if the enwiki community so much want this, i trust you on this.--Alexmar983 (talk) 03:44, 8 August 2017 (UTC)[reply]

Oppose edit

1.  Oppose I'm afraid I'm not feeling it. I cannot think of a single situation where CU tools would be helpful, that is covered by this amendment, but not covered by the current wording. If there is reasonable grounds to believe there is sockpuppet abuse by those editing against ToU, then it falls squarely into the scope of CU. If there are not reasonable grounds, but a check is worth taking, it may be justifiable to do under the scope of "limiting disruption". Editing against ToU is disruptive, and there's a lot of grey area there.
   On the other hand, beyond scope creep, I can only think that this will be used to "prove" ToU violations - e.g. the edits were made from the offices of X PR firm. CU data is helpful in comparison to itself to confirm sockpuppetry, but I simply don't trust IP location to be sufficiently accurate, and I think using the CU tool to do so would be a big step in the wrong direction. If that's what you're looking for Doc James, please spell it out - I'm uncomfortable with it. Worm^TT 07:29, 4 August 2017 (UTC)[reply]

   CUs right now never say if the edits are from the offices of a PR firm and this proposal is not for them to be doing so in the future. If a check is run and they find 10 accounts making the same promotional edits from said PR firm they will just say they have found 10 connected accounts. Doc James (talk · contribs · email) 14:00, 4 August 2017 (UTC)[reply]

   This is exactly what would already be done, though. I can appreciate the idea to make it explicit that ToU violations are disruption, but the day-to-day difference this change would make in how CU's operate is unclear to me. Courcelles 15:49, 4 August 2017 (UTC)[reply]

2.  Oppose per WTT. I too cannot see anything that this will bring other than making it easier to hound people suspected of undisclosed paid editing (e.g. with threats being checkusered if they do not admit to something they may or may not be guilty of), which is the opposite of the preventing harm to editors it is ostensibly intended to prevent. While on the face of it I do like the preventing "harm to article subjects, or harm to editors.", I cannot think of a single instance where this not already allowable under the vandalism and/or disruption criteria. Thryduulf (talk: meta · en.wp · wikidata) 07:56, 4 August 2017 (UTC)[reply]
3.  Oppose First, let's improve the transparency of the CU system, than we can discuss improvement of its use.--Alexmar983 (talk) 10:41, 4 August 2017 (UTC)[reply]
4.  Oppose First off, this not a clarification of the policy, it is an expansion of the policy as it would allow checks of accounts in an attempt to determine whether the user is editing from IP address(es) associated with the subject of the user's edits. As pointed out by WTT above, this would be of limited use, and it could undermine the protections afforded by the Privacy policy. —DoRD talk 11:54, 4 August 2017 (UTC)[reply]
5.  Oppose - Not a fan of the war against paid editing. If people are using multiple accounts disruptively, we can already check under those grounds. Going on privacy-invading witch hunts of anyone suspected to be a paid editor isn't appropriate use of this tool, and I would hate to make it that way. – Ajraddatz (talk) 15:47, 4 August 2017 (UTC)[reply]
6. CheckUser is not for fishing. Undisclosed paid editting for promotional or spam activities is certainly a problem but CheckUser is not going to really prevent or solve it IMHO. —MarcoAurelio (talk) 16:10, 4 August 2017 (UTC)[reply]

   While we have hundreds of examples of it certainly helping here. Doc James (talk · contribs · email) 16:32, 4 August 2017 (UTC)[reply]

   Still nor prevents it nor solves it unfortunately, otherwise that board would be empty. CheckUser cannot tell what will happen, but what has already happened; therefore in my experience as CU for several years already I can say that in my opinion using CheckUser to prevent things is rather limited in scope with no reliable results sometimes. This is why we say that CheckUser is neither a crystal ball nor magic pixie dust. Regards, —MarcoAurelio (talk) 11:42, 6 August 2017 (UTC)[reply]

7.  Oppose This is a change to the privacy policy, not the CheckUser policy. I can already use CheckUser to look for sockpuppetry and I do it with great relish on a regular basis. Katie^talk 16:13, 4 August 2017 (UTC)[reply]

   Hi all. Doc James asked me if I could comment on a couple of the points bringing up the privacy policy to help clarify the discussion. The clarification I can offer is that the change here would be fine under the privacy policy. Specifically, it would be allowed under the part that says that one of the allowable uses of private info is " to enforce or investigate potential violations of our Terms of Use." Further, that section applies both to the WMF and to "particular users with certain administrative rights" so it would cover checkusers. I've read some of the discussion, and I don't have an opinion at present as to whether this would be a good or a bad change to the checkuser policy (it appears me that it could help provide clarity around addressing some paid editing problem cases, but could also provide justification for potential misuses, and I'm not clear how that comes out on balance). But hopefully this clarifies that the change is workable within the existing WMF policies if you all decide that it's a good one. -98.234.238.134 17:17, 4 August 2017 (UTC)[reply]

   The above IP is me, working remotely and didn't notice I had been logged out, apologies. -Jrogers (WMF) (talk) 17:22, 4 August 2017 (UTC)[reply]

8.  Oppose largely per Ajraddatz. Ks0stm ^{(T•C•G•E)} 17:24, 4 August 2017 (UTC)[reply]
9.  Oppose per WTT. I can't see how this will make any difference. I don't really see how it benefits the project to wage war against paid editors just on principle; if they become disruptive then the current policy wording provides a mandate for the use of CU. Basalisk (talk) 19:37, 4 August 2017 (UTC)[reply]
10.  Oppose. Wrong time to discuss about that, without any former information about this discussion through the projects. At a time where a lot a contributors spend their holidays. Hégésippe | ±Θ± 21:13, 4 August 2017 (UTC)[reply]
11.  Oppose on procedural grounds at this point of time. I am not adverse to updating and expanding checkuser for the late 2010s, I think that we need to do this in a holistic manner. Rather than jump into a rewording, and a vote, it clearly needs to explore privacy, and the purpose. It also needs to be set up to not only be an English only discussion, it needs to be proposed to all wikis. Also noting that a checkuser is reactive and can not prevent such editing.  — billinghurst sDrewth 03:58, 5 August 2017 (UTC)[reply]
12.  Oppose. TOU is a contact between WMF and the user. Therefore, its enforcement is a matter between WMF and the respective user. Third parties can participate in its enforcement only if WMF delegates them necessary power. So, I will object to any (legally questionable) policies that improperly grant community administrators such powers. Administrators including checkusers and stewards only have authority to enforce community policies but not TOU. Ruslik (talk) 08:54, 5 August 2017 (UTC)[reply]

    There is nothing preventing the community from incorporating enforcement of the terms of use into global or local policies. We do this with the relevant copyright policies, and WMF legal has already commented here that there is nothing preventing us from adopting this clarification. TonyBallioni (talk) 20:41, 5 August 2017 (UTC)[reply]

13.  Oppose " to check for sockpuppet abuse, and to limit disruption of the project" is widely enough. This kind of clarification is more an open door to a limitation and to a complication of the work of our CU. CU are elected and should be (sufficiently trustworthy) able to see the potential abuses or disruptions inside our projects. --Christian Ferrer (talk) 18:14, 5 August 2017 (UTC)[reply]

    Christian Ferrer CU operators are not elected. A call for interested editors is made. Public comments are invited on them, and the appointments are made arbitrarily in camera by the Arbitration Committee. Very few of the current holders of access to the CU tool are actually active. Kudpung (talk) 05:14, 7 August 2017 (UTC)[reply]

    Kudpung, this is intended to be a global policy. On many, if not most, projects that have checkusers, they are approved (usually by election) by their commmunities; even on English Wikipedia, where checkusers are approved by the Arbitration Committee, there has at minimum been a community consultation for at least the last 8 years. Again, because this is a proposal that will apply to all checkusers on all projects, I think you are likely incorrect in your assessment of the relative activity of checkusers in general. I think you, and many others, would be surprised to find out that checkusers do more checks on English Wikipedia than on all other projects combined. Risker (talk) 05:54, 7 August 2017 (UTC)[reply]

    Risker, Thank you Anne. Please read again what I posted. Kudpung (talk) 06:26, 7 August 2017 (UTC)[reply]

    Kudpung, I have read it again. Your post applies to a single project; this policy covers all projects. You've made an unqualified declarative statement ("CU operators are not elected") which is wrong. If you had specified "On English Wikipedia, CU operators..." you would have been correct. But this is not English Wikipedia, and this policy covers the actions of checkusers (including stewards acting as checkusers) for hundreds of projects, not just English Wikipedia. The majority of them are elected; indeed, more than half of Enwiki CUs are also elected, by virtue of their election to Arbcom. Risker (talk) 07:03, 7 August 2017 (UTC)[reply]

14.  Oppose I am unclear how a CU would identify undisclosed paid editing other than to reveal socking, which we already have policies and procedures regarding reporting and investigating (including the use of CU) around socking. Mkdw (talk) 04:38, 7 August 2017 (UTC)[reply]
15.  Oppose. Checkuser is extremely unlikely to disclose "undisclosed paid editing" in any case other than situations involving sockpuppetry - and suspected socking is already a clear reason for checking. So is disruptive editing, which has broadly been interpreted (at least on English Wikipedia) to include very promotional editing. There is no justification for expansion of the definition; checkusers have rooted out likely undisclosed paid editors hundreds of times within the past several years. I found one set within the last 24 hours that is likely a group of undisclosed paid editors; if they aren't then they probably have a major conflict of interest. It doesn't actually matter that they're undisclosed paid editors, because they're also editing disruptively and are socking. It is their behaviour that is inevitably going to bring them to the attention of the community. Risker (talk) 06:11, 7 August 2017 (UTC)[reply]
16.  Oppose per Risker, whose opinion on these matters I value very highly. — fox 06:24, 7 August 2017 (UTC)[reply]
17.  Oppose per Risker. This seems a dangerous expansion of scope. Rather than clarify, it muddies the waters. Privacy is important. CU fishing should be discouraged rather then encouraged, which this proposal does. Paul August (talk) 10:49, 7 August 2017 (UTC)[reply]
18.  Oppose As others have pointed out, this is not well thought through. The proposal is asking for an expansion of the scope of CU, but that expansion is unlikely to actually do what the proposal advertises. Opabinia regalis (talk) 15:30, 7 August 2017 (UTC)[reply]
19.  Oppose per Risker and O. regalis. Encourages fishing expeditions for minimal benefit at best. T. Canens_@en.wp (talk) 19:57, 7 August 2017 (UTC)[reply]
20.  Oppose Agree with concerns about scope expansion. --The Cunctator (talk) 15:33, 8 August 2017 (UTC)[reply]
21.  Oppose if paid editors aren't using multiple accounts, I don't see how CheckUser will detect them. If they are using multiple accounts, it is already covered. (disclosure: neutrally canvassed at a Wikimania session) Power~enwiki (talk) 00:23, 12 August 2017 (UTC)[reply]

|}

Discuss edit

Undisclosed paid editing is often being carried out by large families of socks. The typical pattern of paid editing is usually very clear. It is basically a brand new account creating an expertly formatted promotional article after a couple of edits. More liberally running of CUs will help limit the issue of WP filling full of paid for advertising.

The other issue we are seeing from paid editors is the adding of negative material to articles about living people and then trying to get the subject to pay money to have it removed. We also need to allow CU to be used not only to protect our projects but also to protect the subjects we write about from unfair activities and our fellow editors from harassment by socks. Doc James (talk · contribs · email) 06:39, 4 August 2017 (UTC)[reply]

I agree to broader use of CU only if more tools of control of their activities are proposed as well and made accessible to the general public. I don't like this concentration of power about personal data in some gray areas. I could add a list of proposals and of course someone who is very expert will tell me none of this things are possible for very good reasons, but something should be possible in that direction. In a wiki environment I'd expect from those who get such power the more robust and effective attempt to counterbalance it.--Alexmar983 (talk) 06:57, 4 August 2017 (UTC)[reply]

The tools are already limited in that only 3 months of IP data are avaliable. And the Ombudsman commission is there to follow up on concerns of misuse.

The tool is also only avaliable to a small number of very trusted users. Doc James (talk · contribs · email) 06:59, 4 August 2017 (UTC)[reply]

And that's, according to the comments I receive in private, probably not enough. Some examples... if a user is checked he or she should be informed exactly, as the system informs for example if his or her rights are changed. I'd expect a pop up on the right of my screen that says "your IP informations have been checked"... Also I would prefer to have somewhere disaggregated tables of activities, like those I can have for the sysops. Having a second CU is also no real balance the activity of the first one if the first one does 99% of the work, and check information above average than any other CU, and the second one is a long-term friend that "closes an eye". Basically, there should be a table that tells me somewhere that user X has performed n check if m months. That's not a critical information for "experienced users", it should be something everybody could see. Because if someone performs 10 times more CU than someone else it should not be something to hide to "expert users", it is a problem to face. And also, we should start to think of a limit for the CU activities after some years, a more than necessary pause. And so on, and so on... if I see no improvement on this side, I don't support any broader use of CU policy. Some people are worried, I see this issue emerging here and there discussing offwiki and every time I ask "expert or long-term users" off-wiki, I rarely receive clear answers, Sorry, I don't want to be part of that.--Alexmar983 (talk) 10:36, 4 August 2017 (UTC)[reply]

very trusted by who? ratcheting up the tools to "solve the problem" will only escalate the conflict not reduce it. Slowking4 (talk) 11:25, 4 August 2017 (UTC)[reply]

@Alexmar983:, the 6 month English Wikipedia CU and OS stats are posted at en:Wikipedia:Arbitration Committee/Audit/Statistics GB fan (talk) 11:46, 4 August 2017 (UTC)[reply]

@GB fan:, I expect such links to be posted everywhere for every platforms, and clearly linked to the pages of the policies. Even the X! tool that compares the level of actions for sysop stats is kinda kept in the shadows, but at least they are there to be read (if someone finds them...). I'd like these policies to be enacted at a meta level first. Than you can enlarge the gray areas of CUs, I guess. And I still believe that not being informed when someone checks your own personal data especially when no public request was done, it is uncivilized and you don't want a journalist to write an article about that. What are you going to say if someone suspects that especially in small and close-knit communities people might have done it over the years thinking it was fair, just to take a look here and there because "I am expert my fellow colleagues, I'll prove ex post it was necessary". Fix these gray areas, prove they don't exist, write very clearly at the meta level that you will act directly and clearly if some borders are crossed, than enlarge the CU powers.--Alexmar983 (talk) 12:02, 4 August 2017 (UTC)[reply]

• I'm concerned that people are putting too much faith in what CU can do. It's not completely reliable, and even less so since the advent of IPv6, meaning IPs change even faster. It's a useful tool in confirming that two accounts which are behaving in the same manner are the same person, but that's actually about as far as it goes. Two people editing from the same IP does not mean that they are the same two people, and behavioural analysis is far more important in showing that. So, given that,
  1. How will this change help in extortion cases (or any other harm to article subjects) - that is not already covered by existing policy?
  2. How can CU data be used to protect users - that is not already covered by existing policy?
  3. How can CU data be used to stop ToU violations - that is not already covered by existing policy?
  • 1. That is why this is called a "clarification". The existing policy should already allow CU in extortion cases. For example when OTRS gets a message from a person that a WP account is requesting payment to remove content from an article about them and when a CU is run on said account which come up with 5 socks with a similar pattern of adding negative info in violation of BLP policy, that allows the protection of not only the reporting individual but the other four individuals who have not yet reported.
    2. This is why it is a clarification. Yes IMO, CU can and should be used right now to protect users. IMO it is useful to explicitly state this rather than just imply it.
    3. Once again this is why it is called a clarification. We already do CUs on paid editors when there is concerns of socks. This is an acknowledgement that this is okay to do. For example if you look at this case, I saw two accounts adding a spammy ref in a specific way. The CU found another 50 account associated with that one doing the same thing but with different urls. All the urls now added to the blacklist, urls removed from WP, users blocked. We also picked up a pattern where one sock adds the same and the second makes an edit immediately after to throw off the anti spam tools. Doc James (talk · contribs · email) 15:16, 4 August 2017 (UTC)[reply]

I'm all for protecting users, protecting BLPs and stopping ToU violations. CU is not a particularly helpful tool in those battles, beyond how it is already used. Worm^TT 08:33, 4 August 2017 (UTC)[reply]

I'm waiting to see what the answers to these questions are as well. At the moment, I can't see how this change would help, unless the intent is to use CU for fishing, and that seems unwise. - Bilby (talk) 12:28, 4 August 2017 (UTC)[reply]

• rhetoric without an enforcement plan is a nullity. the credibility of CU'ers is harmed by the opaque process. you need to spell out a code of conduct, and improve how you communicate with editors. high handed summary process is not good enough. Slowking4 (talk) 11:23, 4 August 2017 (UTC)[reply]
• Doc James, just as a point of clarification: this would only be an impact on the global CU policy, correct? Individual projects would be free to enact a local CU policy that was stricter than this or that even explicitly excluded enforcing the TOU entirely for a reason to run a check if the local community was concerned about that for some reason. This is just clarifying that the global CU policy anticipates violations of the terms of use as disruptive and views protecting people as an equally valid reason for use as protecting the project. Thanks for your work on this. TonyBallioni (talk) 14:58, 4 August 2017 (UTC)[reply]
  • User:TonyBallioni yes exactly. Local projects can be more restrictive that the global CU policy. They just cannot be more liberal. Doc James (talk · contribs · email) 15:01, 4 August 2017 (UTC)[reply]
• In person discussion I have created some time here at Wikimania to discuss these issues and broader issues around the TOU in person for all who are able to attend.[1] Doc James (talk · contribs · email) 18:01, 4 August 2017 (UTC)[reply]
• The one initial takeaway here is that few users really have a good understanding of how imperfect CU is. It's far better for confirming two similarly acting accounts are operated by the same person than running a check on one guy and seeing if he's editing otherwise. Plus, I'm not a huge fan of the in my opinion overly broad contributions without disclosure wording. Anybody making any edits that are promotional in nature could be seen to be passing that bar, and I'm not inclined to begin fishing on promotional edits for possible sockfarms. NativeForeigner (talk) 05:08, 5 August 2017 (UTC)[reply]
  • Here is a specific pattern of spamming were a CU picked up a couple of dozen other accounts doing the exact same thing.[2] CUs do pick up spammers that would otherwise be missed (ie. it is effective). There is patterns of undisclosed paid editing in which the users current account is exceedingly likely not to be their first. The clarification is not to run CUs on any promotional editing, it is to run CUs on those obviously involved in undisclosed paid editing who are likely socking. Doc James (talk · contribs · email) 14:31, 5 August 2017 (UTC)[reply]
    • It is effective in cases like these. Perhaps I'm speaking too broadly, but I can't think of any other enwiki CUs who wouldn't already run a CU on that case or one similar for the socking aspect. If you can bring that sort of evidence it's thoroughly in the socking quadrant. My concern about this type of change is that it pushes people towards asking for CU in cases where the socking aspect is very borderline, but there is suspicion of paid editing due to prior promotional editing. The wording, especially with the prevent clause, leans in that direction. With regards to the fact the case found a lot of sleepers/sock: it can happen. But it won't always be clear, and I'm speaking more specifically about trying to go from one account to many rather than many to many. Without getting into the gory details if there are 5 accounts we know are related strongly by behavior it's far easier to tie the accounts up on CU without collateral. If you don't have that strong behavioral link it can be far more difficult to draw any real conclusions based off a CU result without taking the risk you're blocking uninvolved parties. NativeForeigner (talk) 15:36, 5 August 2017 (UTC)[reply]
      • In this case I mentioned one still had to look at the behavioral evidence before blocking the accounts in question. I agree CU should not be used in the absence of behavioral evidence. And it is just one piece.
      • User:NativeForeigner What do you think about changing "to prevent" to "to address" Doc James (talk · contribs · email) 16:07, 5 August 2017 (UTC)[reply]
        • It would be an improvement. NativeForeigner (talk) 03:50, 6 August 2017 (UTC)[reply]
  • I think you may be selling CU a bit short. Am I not mistaken that an IP check could reveal the IP belongs to a business? Were inappropriate edits being made by an account to an article about a business and the account were found to be editing from an IP for that business, that would be valuable information towards proving a violation of paid editing policy. As I said below, though, I think the current global CU policy as well as the local CU policy on English Wikipedia, adequately covers those kinds of situations. The wording already suggests uses of CheckUser outside sockpuppetry investigations. Making all undisclosed paid edits a cause for CU investigation could create problems in situations where the paid editor has legitimate concerns about an article.--The Devil's Advocate (talk) 16:39, 5 August 2017 (UTC)[reply]
    • Everyone is happy to have connected people raise legitimate concerns on the talk pages of an article. And minor changes / corrects are not a concern from an undisclosed paid editing point of view and would not raise concerns about undisclosed paid editing. Doc James (talk · contribs · email) 23:10, 5 August 2017 (UTC)[reply]
      • The part where you're gonna have problems is that not all problems are going to require only a minor change, but the concerns may be legitimate. Were you to have an article that is a selectively-sourced hit piece, for instance, then a paid editor would have good cause for wanting to change it. However, any change made by the editor to address this directly without disclosure is going to be more than a minor edit and it would be a violation of the Terms of Use. Are we going to have checkusers digging into accounts in these cases? For the person making those changes, it is likely to only aggravate the situation by adding insult to injury.--The Devil's Advocate (talk) 03:19, 6 August 2017 (UTC)[reply]
        • What if it is legitimate criticism and the person has been hired to whitewash the individual in question? Are you saying we should tolerate / welcome this? Doc James (talk · contribs · email) 03:26, 6 August 2017 (UTC)[reply]
          • Key phrase here in my example is "selectively-sourced hit piece" as in an article that does not use all available sources and is written to be negative. Surely you can recognize something between "trying to fix a hit piece" and "whitewashing negative coverage" right?--The Devil's Advocate (talk) 19:41, 6 August 2017 (UTC)[reply]
            • • Yes, but one would still expect if they are associated with the person that they should disclose. I encourage those who are associated with a topic when they see errors to report them on the talk page. Doc James (talk · contribs · email) 02:30, 7 August 2017 (UTC)[reply]

I don't think that privacy is a fundamental value at the moment, or we would have more real control on CUs everywhere. I know many users who don't trust some situations, they just don't say because they fear the consequences. Nice environment, really, in many wikis. I really feel widespread concern about the control on CU activity, but that's not an issue. Some people say that concern "about paid editing" is big but to many active users I know, I don't see it. It's big for people writing blogs and some users that show constantly how they care and they know how the world works... maybe there is a previous RfC where this emerged, who knows. In my experience these issues are more relevant specifically with users that " do politics" or "play the cops" but for people who produce content, at least the ones I know, the presence of vast amount of normal users who monitor articles on their topic it's considered the best medicine to prevent these games.

Playing "cops and robbers" usually increase the presence of both of them on the long term, I am pretty sure that a considerable amount of you coming from Western countries expressed the same concern discussing real life issues with you fellow companions (what's the magic word? liberal?). Stimulating this "fishing" attitude, as another user told me by mail, might discourage normal editors. I know a person who is very competent is her/his field but requires privacy because (s)he is linked to political activity. Very honest person, really, I compare her/his edits with what (s)he does and it's all fine, but it's his/her life. If (s)he suspects someone might have more power to go and search around when some collegues of an important institution do wrong stuff, (s)he'd say goodbye to wiki. There is plenty of examples of long-term cops-users that see trolls everywhere even when they are not there. We don't say it anymore because on some platforms is social death, but many people say it off-wiki sarcastically, and usually the ones with much higher degree of education and strong social or professional position, which is impressive. --Alexmar983 (talk) 04:35, 6 August 2017 (UTC)[reply]

• The strain of accommodating dealing with spis with the current policy has resulted in several of our most active checkusers: CUs are inherently very conservative, as they ought to be. Perhaps this will encourage some to return, and encourage other to join. I might even get active there myself. DGG (talk) 06:05, 8 August 2017 (UTC)[reply]

Expansion or clarification edit

• Doc James, this is obviously an expansion of the CheckUser policy, and the RfC should be renamed to reflect that. —DoRD talk 11:21, 4 August 2017 (UTC)[reply]
  • Agreed. This RfC should have a more appropriate name. "Using CU to uncover paid editors" maybe? – Ajraddatz (talk) 15:51, 4 August 2017 (UTC)[reply]
  • I've been thinking about this. I think that the difference between "expansion" and "clarification" depends upon your personal beliefs about new accounts.
    • The proposal seems to be that it's okay to run CU checks on anyone I suspect of undisclosed paid editing, even if I have no specific reason to suspect socking for that account. Right now, if a new editor is writing enthusiastically about a person/company/product without claiming to be a paid editor, I believe that would not generally be counted as (a) vandalism, (b) a suspicion of abusive socking, or (c) the kinds of things that we accept under 'disruption'. (I think that we can all agree that this is one of the reasonable interpretations of the policy, since presumably Doc James wouldn't have started this if everyone agreed that the current policy obviously supported running check users on all suspected paid editors.)
    • I don't happen to think that the current policy supports these checks, because I don't think that "absolutely no credible evidence to support a suspicion of abusive sockpuppetry except that it's a new editor writing an overly enthusiastic article" constitutes credible evidence abusive socking (which is basically required, if you're searching for non-vandalism socks). Therefore, I tend to think that this is an "expansion" rather than a "clarification". However, if you don't happen to share my POV – if you believe that anyone and everyone that you suspect of undisclosed paid editing, should additionally/automatically be suspected of abusing multiple accounts – then presumably you see this as a "clarification" of the policy.
    • OTOH, I don't think the distinction really matters: An editor could see it as an "expansion" and still support it is a very welcome expansion. So my suggestion is that people answer the underlying question instead of focusing on the page name. The underlying question seems to be: If an editor writes promotional-sounding material and doesn't claim to be a paid editor, but we have no evidence of socking, do we, or do we not, want CheckUsers to go fishing for evidence of multiple accounts? WhatamIdoing (talk) 23:08, 4 August 2017 (UTC)[reply]
• I think this is genuinely intended as a clarification, though it seems unnecessary and perhaps too broad. On the English Wikipedia the CheckUser policy already states it can be used to deal with "Legitimate concerns about bad-faith editing." Undisclosed paid editing can and often does fall into that category. This also is generally disruptive so that part of the policy already applies. Suppose the issue here is that undisclosed paid editing may not always be a problem. Were a paid editor removing defamatory material without disclosure, making use of checkuser would only serve as an invasion of privacy that aggravates an existing issue with an individual being defamed. I did in one case privately request checkuser be used in a COI case, though I don't know if it was done. As should be the case, I only did this due to potential policy violations beyond just undisclosed COI activity and because it was the only way to reasonably confirm the COI absent an admission.--The Devil's Advocate (talk) 02:05, 5 August 2017 (UTC)[reply]

Other options edit

The goal is to clarify that CU is appropriate to be used on new accounts who edit similarly to other blocked accounts involved in undisclosed paid editing. What do people think about?

The tool is to be used to fight vandalism, to check for sockpuppet abuse, and to limit disruption of the project. This may include checking new accounts that behave like a previously blocked account involved in promotional work. It must be used only to prevent damage to any of the Wikimedia projects, harm to article subjects, or harm to editors.

Doc James (talk · contribs · email) 18:53, 7 August 2017 (UTC)[reply]

It has always been appropriate for CU to be used on accounts showing behavioural similarities to block accounts, regardless of whether or not it involves paid editing. What exactly is the problem here? Do you have any evidence that CheckUsers aren't comfortable with using their tools in those situations? How exactly would either of the proposed wordings change how we operate? I think you need to establish the problem before you start proposing solutions. – Ajraddatz (talk) 19:09, 7 August 2017 (UTC)[reply]

• I am increasingly persuaded that the goal here is to link a single clause of the TOU to this policy. Checkuser can be, and is, used to address violations of the entire TOU, and highlighting this one particular issue (as important as it may be) is disproportionate. Perhaps everyone's time would be better served in coming up with a list of activities that are considered "disruptive" and "harmful to the project(s)" - it's the disruption caused by most types of undisclosed paid editing that is the reason for doing a CU. Right now I regularly see "obviously a paid editor" being used as a hammer to prevent people from editing. Risker (talk) 04:20, 8 August 2017 (UTC)[reply]
  • Sure I am also seeing paid editors using the claim of paid editor to harass others including occasionally their competition. We need to do some quantitative research regarding the size of the undisclosed paid editing issue. What proportion of the SPI cases do you think involve new accounts involved in promotional editing? Doc James (talk · contribs · email) 14:14, 8 August 2017 (UTC)[reply]

I am seeing a pattern here edit

People who actually use the checkuser tool are pretty much opposed to this amendment to the checkuser policy. That's probably because we understand how the tool actually works, we know what kinds of results we get from it, and we know that is not designed to prevent anything. At best, it can throw a monkey wrench into something that is already happening. There is no reasonably foreseeable change in how checkusers use their tools, on any project.

It would have been preferable if DocJames had tried discussion first, rather than going straight to RFC. There are things in the current policy that many checkusers would like to "clean up", for lack of a better term. For example, the current wording says the tool is to prevent damage to the projects, but in fact it doesn't actually prevent anything (other than perhaps sleeper socks being blocked before they're used). What it does is help to mitigate the damage to the project, to reduce the likelihood of recurrence. It will ever be able to prevent undisclosed paid editing; it can help to identify and address it, but it will not prevent it. There is no doubt in my mind that at least a dozen promotional articles have been created somewhere on a WMF-hosted project in the time that it has taken me to write this observation - and Checkuser wouldn't have prevented a single one of them from being created. Risker (talk) 04:12, 8 August 2017 (UTC)[reply]

User:Risker you have previously mentioned that you were concerned that you were stepping beyond appropriate use of CU when you ran the Orangemoody case. Not sure if I misinterpreted things but the wording of the CU policy should IMO definately provide clear support for running such cases. Orangemoody very likely continues to edit and in fact we have an SPI open currently regarding further possible socks.

The goal is to "throw a monkey wrench into something that is already happening". Paid editing by large families of undisclosed socks is currently here, and the desire is to limit the damage / disruption / harm caused by this activity.

Do you feel any clarification regarding the use of CU is needed? What are your thoughts on the role CU plays in undisclosed paid editing by socks now? Do you feel it is currently used maximally and efficiently? Doc James (talk · contribs · email) 13:59, 8 August 2017 (UTC)[reply]

• Just in follow-up of this, several people who have been involved in this discussion, including both Doc James and myself, participated in the meetup at Wikimania related to this topic. I have responded to the question about crossing boundaries when dealing with the Orangemoody sockpuppetry/paid editing case on English Wikipedia; the concern was related to the potential for someone within the community to make a complaint to the Ombudsman Committee due to either (a) the very large number of checkuser checks carried out in relation to the study or (b) the deletion of the articles created by these sockpuppets which was (in particular) a question of policy that was not yet settled. As it turned out, the deletions were accepted by the community and since then, it is increasingly the normal practice to delete the [new] articles of UPE socks.

  The attendees also had a vigorous discussion about the reality of checkuser practices when dealing with likely UPE accounts (bottom line - checkuser is not all that effective if not comparing two acccounts, but either disruption including creation of spammy articles and possible socking are reasons for checking, which covers the checkuser requests coming in.) We also talked about the privacy aspects - about a third of all checkusers will show information of other "good" editors including administrators - and the fact that most of the "large" UPE socking groups use rotating VPNs, which are also being used ever more commonly by ordinary Wikimedians for privacy/security reasons.

  There was good agreement that undisclosed paid editing, particularly in certain spheres, is very undesirable and that there are potential partial solutions in policy/guideline strengthening, slight modifications in "usual practices" and the addition of certain tools. Risker (talk) 03:10, 12 August 2017 (UTC)[reply]

Not being a resident of North America or anywhere near it, Risker, I was not able to attend that meeting, but if numbers count, please add to the minutes that I support 100% anything Doc James said or suggested. I look forward to being notified of any upcoming official discussions. Kudpung (talk) 03:24, 12 August 2017 (UTC)[reply]

Based on the comments above I have withdrawn this RfC to allow further discussion of potential rewording. Based on discussion at Wikimania:

1. There was agreement that it is reasonable to G5 obviously paid content created by obviously not new accounts.
2. There was agreement to look further at ORES tools to help pick up undisclosed paid editing.
3. There was interest in further discussion around setting up a group of functionaries to allow the balancing of maintaining privacy and dealing with undisclosed paid editing.
4. The need for further CUs was mentioned.
5. It was clarified that the evidence needed at SPI for socking concerns is often only a couple of diffs.
6. The percentage of SPI cases that related to undisclosed paid editing was estimated at 50 to 75% and it was estimated that 30 to 40% of new business articles were paid for.

Doc James (talk · contribs · email) 04:31, 12 August 2017 (UTC)[reply]

I attended the session on unpaid undisclosed paid editing at Wikimania 2017 in Montréal, and here are a couple of takeaways from the comments by a couple of WMF lawyers that attended:

• They clarified situations where the legal team can step in
• They advised us that it is the communities' job to enforce project policies

Checkingfax (talk) 06:04, 13 August 2017 (UTC)[reply]

Example of good checkuser case edit

One of the topics that was discussed in the session was how much evidence is required for a checkuser case. People have a tendency of providing walls of text explaining everything, but often only a few diffs are required. I looked though my history and found an example of a particularly concise case. Simple and concise cases not only make it easier for the user putting them together, but also make turnaround faster since it's easier for a checkuser to determine whether a check should be carried out. Hopefully the example is helpful. If anyone can think of anywhere else I could post it, please let me know. --Deskana (talk) 17:47, 12 August 2017 (UTC)[reply]