Stewards/confirm/2010/Pathoschild

logs: rights, globalauth, gblblock, gblrights, crosswiki logs & activity | translate: translation help, statement

Comments about Pathoschild edit

• I love you … okay, just a joke. ;) Excellent steward, very helpful on all areas. —DerHexer (Talk) 00:14, 7 February 2010 (UTC) P. S.: The raised issue weighs heavily. How long was that page visible? There are not just mirrors and index robots which can visit articles … It would have been much better to work with a non-public list to get the job done, imho. It's hard to excuse that decision and I cannot even see one here. I'd really appreciate if you could internali(z/s)e what was made wrong and why, excuse yourself then and undertake that you will never to do a similar thing again. Otherwise I could not support you with a good feeling.[reply]

  DerHexer, another user, and I had a long discussion about the list on IRC. He asked me to summarize that discussion here.

  We concluded that an editable list provided a record of the otherwise invisible oversights, and allowed collaboration on processing the listed names (for which a private IRC channel was set up). However, a public list was not a good way to do this; better alternatives would have been a private wiki, the stewards mailing list, or a private spreadsheet file. It is obvious now that the public list was an error in judgement, for which I sincerely apologize. —Pathoschild 01:38:05, 28 February 2010 (UTC)

  That's fine at least for me. I will continue supporting. —DerHexer (Talk) 01:40, 28 February 2010 (UTC)[reply]

• we need him --Jan eissfeldt 00:27, 7 February 2010 (UTC)[reply]
• Exceptional steward, incredibly knowledgeable; confirm. Katerenka (d) 00:28, 7 February 2010 (UTC)[reply]
• confirm. –Juliancolton | ^Talk 00:28, 7 February 2010 (UTC)[reply]
• thanks for all Your work, --birdy geimfyglið _(:> )=| 00:40, 7 February 2010 (UTC)[reply]
• confirm. I'm not quite in love with you but otherwise DerHexer stole the words out of my fingers. delirious & lost ☯ ^~hugs~ + jh0367 ☯ ^~hugs~ 01:13, 7 February 2010 (UTC)[reply]
• very good steward, has to be confirmed --Church of emacs talk 01:14, 7 February 2010 (UTC)[reply]
• Competent, available, and a valuable asset. Ottava Rima 01:48, 7 February 2010 (UTC)[reply]
• keep, per all other comments ;-) —Innv {ru-ws} 02:15, 7 February 2010 (UTC)
• Another steward without which the projects would asplode. Keep. Kylu 02:49, 7 February 2010 (UTC)[reply]
• Keeper. -- Avi 03:03, 7 February 2010 (UTC)[reply]
•   Keep Enslave him! --Jyothis 17:37, 9 February 2010 (UTC)[reply]
• We all love him. Great toolsmith, unflappable, tireless contributor, and manages to put up with Shanel. Reconfirm. ++Lar: t/c 03:25, 7 February 2010 (UTC)[reply]
• Excellent steward! --Holder 06:41, 7 February 2010 (UTC)[reply]
• psh, I'm not joking I do love you ;) /me fights shanel.... loses :( tireless steward who apprently doesn't actually sleep. James (T C) 06:54, 7 February 2010 (UTC)[reply]
• Too lazy. ;) Excellent steward; echo James. Pmlineditor ∞ 07:10, 7 February 2010 (UTC)[reply]
• keep MoiraMoira 07:44, 7 February 2010 (UTC)[reply]
• Very good and active steward. Of course: reconfirm. --Bsadowski1 07:51, 7 February 2010 (UTC)[reply]
• Keep --Roberto Segnali all'Indiano 09:06, 7 February 2010 (UTC)[reply]
• Foundation will do what it wants, but I don't trust this user. Hégésippe | ±Θ± 09:09, 7 February 2010 (UTC)[reply]
• Quintessential. —Anonymous Dissident^Talk 09:38, 7 February 2010 (UTC)[reply]
• Good job. –Ejs-80 10:40, 7 February 2010 (UTC)[reply]
•   Keep If not he, who then?! --WizardOfOz ^talk 10:53, 7 February 2010 (UTC)[reply]
• confirm. -Barras ^talk 12:11, 7 February 2010 (UTC)[reply]
• useful, helpful... what else? :)--Nick1915 - ^{all you want} 12:28, 7 February 2010 (UTC)[reply]
• ..., versatile, always coming up with useful tools/scripts, ... --Erwin 13:50, 7 February 2010 (UTC)[reply]
•   Keep. Ruy Pugliesi^◥ 17:17, 7 February 2010 (UTC)[reply]
• OK. Marcus Cyron 17:43, 7 February 2010 (UTC)[reply]
• Done great things as a steward. Techman224^Talk 17:59, 7 February 2010 (UTC)[reply]
• helpful and friendly but please promise not to go for long wiki-breaks , when i can't find you on irc , lots my questions get unanswered --Mardetanha ^talk 18:12, 7 February 2010 (UTC)[reply]
• keep Nakor 01:50, 8 February 2010 (UTC)[reply]
• Keep. Obelix 02:23, 8 February 2010 (UTC)[reply]
• Keep.--Jusjih 04:29, 8 February 2010 (UTC)[reply]
• One of our most active stewards. Tiptoety ^talk 04:30, 8 February 2010 (UTC)[reply]
• keep, without a doubt --FiliP ██ 11:50, 8 February 2010 (UTC)[reply]
• Keep. Stefan64 16:27, 8 February 2010 (UTC)[reply]
•   Keep. Half human, half robot... one great steward - εΔω 22:38, 8 February 2010 (UTC)
• Promote to quality image. bastique ^demandez! 23:54, 8 February 2010 (UTC)[reply]
  •   Oversaturated, but maybe promote to valued image. Definitely a   Keep as it is within scope and in use at several projects. Finn Rindahl 21:49, 11 February 2010 (UTC)[reply]
• Confirmed - Mailer Diablo 00:02, 9 February 2010 (UTC)[reply]
•   Keep Favorite steward, definite keep. Razorflame 07:22, 9 February 2010 (UTC)[reply]
•   Keep Christian Giersing 14:37, 9 February 2010 (UTC)[reply]
•   Keep -   DustSpinner 22:23, 9 February 2010 (UTC)[reply]
• keep without a shadow of a doubt. oscar 00:58, 10 February 2010 (UTC)[reply]
• supported by --Sargoth 09:20, 10 February 2010 (UTC)[reply]
•   Keep Plot Spoiler 00:16, 11 February 2010 (UTC)[reply]
• tag as copyvio of shanel. —Dark ^talk 09:52, 11 February 2010 (UTC)[reply]
•   Keep--Dalibor Bosits ^© 12:07, 11 February 2010 (UTC)[reply]
• keep, in fact chain him down. In high regard billinghurst sDrewth 13:59, 11 February 2010 (UTC)[reply]
• hasn't done enough work yet... which is why we MUST keep him ! Alphos ^{[bother me]} 14:24, 11 February 2010 (UTC)[reply]
•   remove so the rest of us can do something too! ;) Laaknor 14:27, 11 February 2010 (UTC)[reply]
• mreow ! mreoooow   *javascriptally purrrrrrrrrr* DarkoNeko 23:41, 11 February 2010 (UTC)[reply]
•   Keep Thanks very much. Lymantria 12:59, 12 February 2010 (UTC)[reply]
• confirm. -Xqt 20:56, 12 February 2010 (UTC)[reply]
•   speedy: redundant image of Shanny. --Aphaia 07:09, 14 February 2010 (UTC)[reply]
•   pretty obvious. --Egmontaℨ♤ 11:15, 14 February 2010 (UTC)[reply]

I want to explicitly and strongly   reconfirm after the latest comments. Although it is obvious that Pathoschild made a mistake (I however think that before the mistake was identified, very few people would have predicted that this was actually a mistake, and indeed he was wise enough to have the page noindex'd) I find no reason for him not to be a steward anymore. Not to confirm someone is not a punishment for something they did or didn't, it's a matter of trust and I see no reason not to trust him, he is more experienced after that mistake, he acknowledges it with maturity and above all he has done a ton of work in this very matter protecting sensitive information. For me this makes him a highly trusted veteran steward that will offer much help in the future protecting sensitive personal data. --Egmontaℨ♤ 17:43, 24 February 2010 (UTC)[reply]

•   Keep --Vituzzu 18:09, 14 February 2010 (UTC)[reply]
• Keep per all the above keeps. Durova 19:53, 14 February 2010 (UTC)[reply]

  Changing to neutral per Fran Rogers and Alison. Alison's privacy ought not to have been compromised at all, and certainly should not have needed proactive followup on her part afterward. Cannot maintain support in light of that. It can overshadow a thousand superb handlings of smaller matters to make those mistakes on a matter that required law enforcement intervention. Durova 02:08, 26 February 2010 (UTC)[reply]

•   Keep -FASTILY ^(TALK) 22:08, 14 February 2010 (UTC)[reply]
• Keep — Jack Merridew 22:58, 14 February 2010 (UTC)[reply]
• Keep. We would have many problems without his active work on steward tools. --Millosh 13:43, 15 February 2010 (UTC)[reply]
• Keep. No worries, Cirt (talk) 02:47, 16 February 2010 (UTC)[reply]
• Keep. Annabel 07:52, 16 February 2010 (UTC)[reply]
• keep Clearly helps out general coordination and clear benefits to keeping as a Steward. Edit: The concerns raised concerning private information below are very serious. They seem to be a very deep problem, and while I'm still favoring keeping, I'm very close to switching to oppose. I have to strongly wonder what Pathoschild was thinking in putting this info in a publicly accessible location. JoshuaZ 01:06, 26 February 2010 (UTC)[reply]
• Keep Will Beback 09:01, 18 February 2010 (UTC)[reply]
• definitely   Keep --Stepro 04:02, 21 February 2010 (UTC)[reply]
•   Oppose. Responsible for leaking large amounts of personal information (addresses, phone numbers, ...) by maintaining lists of hidden (for a reason) SUL accounts in a now-deleted "sandbox" that's now irreversably mirrored on external sites. Stewards are entrusted with the most intimate data on Wikimedia projects; slip-ups like these are wholly unacceptable (particularly if they happen repeatedly; see below). Fran Rogers 06:02, 21 February 2010 (UTC)[reply]

  Correction: the personal information was restored; it's still there in the page history. Lovely. Fran Rogers 06:22, 21 February 2010 (UTC)[reply]

  After a discussion with Pathoschild on IRC, I found that he restored the local copies of the list on Meta by mistake on February 11. So this was not just a one-time mistake. Fran Rogers 07:42, 21 February 2010 (UTC)[reply]

  Hello Fran. I sincerely apologize for the mirrored information, which occurred due to an oversight regarding spam mirrors not retaining the __NOINDEX__ directive. Globally hidden accounts were not oversighted at the time, and I was using the list to bulk-oversight them on all wikis. I have oversighted the sandbox revisions, and am contacting the operators of the mirror domain to have the mirror updated or removed. (I do understand why you oppose my steward access.) —Pathoschild 07:49:34, 21 February 2010 (UTC)

  Unfortunately, I'm still concerned you might make another mistake like this again with private information - especially considering your restoration as recently as February 11, ten days ago, when you mistakenly restored the deleted copies of the list here on Meta. Our stewards need to treat private data with the utmost security, especially when designing and using software that manipulates that data. Fran Rogers 07:58, 21 February 2010 (UTC)[reply]

  I've also been informed of another incident in late January where Pathoschild uploaded locked-account data to the toolserver, and the personal info and defamatory claims within ended up as top results for a person's real name in Google before they contacted Pathoschild to remove it. Fran Rogers 11:08, 21 February 2010 (UTC)[reply]

•   Oppose for the same reason as Fran Rogers. harej 07:40, 21 February 2010 (UTC)[reply]
• Fran, Pathoschild StewardBot is basically the only way the stewards were able to keep up with the oversighting of such abusive usernames. You are not really accomplishing anything by opposing this request. Say he was not reconfirmed. The issue with such usernames being made available to the public would only be increased. And confirm on that basis. NW (Talk) 16:47, 21 February 2010 (UTC)[reply]

  Note: There's also a gadget for that issue: MediaWiki:Gadget-hideuser.js. —DerHexer (Talk) 16:50, 21 February 2010 (UTC)[reply]

  There is now. But you made that just six or eight months ago, I do believe. And Pathoschild's script is still far more efficient than anything else's. Plus, Fran, do you honestly believe that no steward has ever made any mistake? With the volume of work that Pathoschild does, it isn't totally unexpected for there to be a few errors. There would have been no matter who did it; that's simply human nature. NW (Talk) 16:54, 21 February 2010 (UTC)[reply]

  It was at least earlier stable than Pathoschild's one. However, both things are useful. And each steward can use the one which he prefers. So I where I can do that on my own and not by bot. But both scripts will not be anylonger needed when vvv's bugfix gets online. Kind regards, —DerHexer (Talk) 16:59, 21 February 2010 (UTC)[reply]

  NuclearWarfare, it's understandable that stewards are only human, and humans make errors. But this chain of mistakes seems to indicate that Pathoschild is irresponsible at handling data even when others ask him to be careful. He was asked to keep his lists of sensitive data off Meta because Google was picking up and prominently displaying damaging information on there; so he moved it to his wiki pathos.ca, only to be informed Google was picking it up again; so he moved it to the Toolserver, only to be informed yet again that it was ranking high in Google for persons' names. And now, less than two weeks ago, he undeleted the copy on Meta again. That is at least four strikes, after each of which he was informed of his mistakes, but he still repeats them; a professional programmer would likely be looking at termination. He just doesn't seem to understand that peoples' livelihoods and reputations could be jeopardized by his mishandling of data. Fran Rogers 04:43, 22 February 2010 (UTC)[reply]

  Some of the listed names were sensitive—which is why I moved the list to increasingly private locations—but not private. The names listed contained information taken from public sources, like the personal résumé you maintain on your personal website and indexed by Google. Furthermore, the names were available from MediaWiki itself at the time the list existed—I was using the list to remedy that problem.

  Google never indexed my sandbox page, because it contained a __NOINDEX__ directive. The problem occurred when a spam mirror copied pages from Meta, then stripped __NOINDEX__ directives to increase its page hits. The undeletion of the sandbox did not increase the list's visibility, since the revisions were deep in its edit history.

  While I am sorry that the list was indexed, and I am certainly more wary of indexing now, I do not agree that livelihoods and reputations were at risk—certainly no more than they were by their user pages being indexed (another problem only resolved relatively recently) or the original sources being indexed. —Pathoschild 05:33:24, 22 February 2010 (UTC)

  That my own information is on the lists is beside the point; while my own contact information is readily available (though I find it rather intrusive that you linked it in this discussion), there are dozens of other folks' names and contact information on that list for which this isn't the case, and I personally know of two other users this has seriously impacted. Fran Rogers 08:56, 22 February 2010 (UTC)[reply]

  Pathoschild, even setting the list issue aside, there's now the matter of you digging up links to my résumé with my home address and phone number and posting them above to prove a point (which are now thankfully oversighted). Is this really conduct becoming of a Wikimedia steward? Do you think all of the above would have supported you if they knew you were willing to do something like this? Fran Rogers 06:32, 23 February 2010 (UTC)[reply]

  Pointing to your public home page is hardly a privacy violation, especially since it (and your résumé) are the second search result for your name, and you link to it from your enwiki user page. —Pathoschild 12:18:09, 23 February 2010 (UTC)

  For what it's worth, I have a very high opinion of our stewards in general and of Pathoschild in particular -- the accomplishments and endorsements listed above are sure signs of a vibrant career as a volunteer in the WMF sphere -- but I'm also more than a little concerned by the apparent thought process that seems to have led to the posting and later restoration of what sounds like very sensitive information, and that by someone who is specifically tasked with accessing, safeguarding and protecting that very same sort of data on a regular basis. It seems like a no-brainer that we should strive to avoid publicly posting or reposting information that may have been used, or may continue to be used, in systematic harassment or outing of upstanding community members. Perhaps this can't be fully discussed in a public setting, but if it is possible to do so, I'm sure I'm not the only one who might appreciate a slightly more complete explanation of how and why that information wound up on a WMF site. – Luna Santin (talk) 10:33, 22 February 2010 (UTC)[reply]

  Hello Luna Santin. The user names listed were publicly available at the time from MediaWiki's automated lists, Toolserver tools, and some of their user pages. Many of the names had been publicly available for many months. I created a temporary, __NOINDEX__'d list of these public user names so that I could perform bulk oversight using StewardBot. Hundreds of these attack names disappeared from every wiki (and their mirrors) during this process.

  While the page never appeared in search engines due to the __NOINDEX__ directive, a problem occurred when a spam mirror website copied pages from Meta and stripped __NOINDEX__ directives to increase its search engine rankings. That mirrored page appeared in search results, and quickly led to the disappearance of the original list. Only a single page was indexed, instead of the many indexed pages that appeared before I began oversighting; I have contacted the owners of the domain to have the mirror page updated or removed.

  I do sincerely apologize for the indexing of a copy of the list due to my oversight. —Pathoschild 12:32:20, 22 February 2010 (UTC)

  The personal information about me (which is on that site and searchable through Google) was never made public willingly. I was outed on several websites after dealing with a certain banned user. Moreover, I do not agree with the way that you cavalierly refer to a list of account names like "<real name> rapes little kids." "<real name> = child molestor," "<real name> is a supporter of pedophilia," "<real name> has Asperger's syndrome," and "<real name> was abused by his Parents," which you posted to the wiki, as not having the potential to cause those individuals harm. Surely that's not what you are actually saying? Dominic 11:25, 22 February 2010 (UTC)[reply]

  Hello Dominic. Indeed, that is not what I am saying. The user names were already published by MediaWiki's automated lists and their user pages. Many of these were top search results, because of Wikimedia's high search engine ranking. (For example, some real names still match a few old mirrored user pages from those days in top results.)

  These highly visible names virtually disappeared as a result of my oversighting project; the mirrored list itself is typically so far back in search engine results that it's hidden by Google's "omitted some entries very similar to the n already displayed" feature. If all goes well, that too will disappear soon. I agree the names themselves are detrimental, and I'm sorry a mirror of the list was indexed; however, my actions greatly reduced the visibility of these names. —Pathoschild 14:02:51, 22 February 2010 (UTC)

  Most of these were one-off vandal accounts with no user pages, as you must know. They would not appear in search engines. You keep apologizing that the page was mirrored by another site without admitting that it was wrong for you to have ever posted any personal information regardless, a classic non-apology apology. You seem to be saying that there would have been no issue publicly posting the personal information if it were never indexed, even though that would mean that it would still be highly visible to Wikimedia's trolls and stalkers. I don't buy that posting these account names publicly was in any way necessary in order to suppress them. There is no reason that couldn't have been left on one's own hard drive. Dominic 20:40, 22 February 2010 (UTC)[reply]

  I recognize that the incident was poorly handled, and my apology is sincere. I would proceed differently given the choice, but that is not possible. If I respond to your comments, it is to clarify rather than justify what happened.

  The list served as a record of my actions as I proceeded, since oversighting is invisible on most wikis. As I processed usernames, they were removed from the list. The list was __NOINDEX__'d, in the obviously mistaken expectation that it would not be indexed. I felt the transparency outweighed temporary publication, since the user creations were already publicly logged by MediaWiki, and such lists were already made public by Toolserver scripts. —Pathoschild 02:44:27, 23 February 2010 (UTC)

•   Keep --Kaster 20:10, 22 February 2010 (UTC)[reply]

•   Comment - I've kept away from all the meta steward's elections/reconfirms this year, but have to comment. I really must concur with what Dominic is saying above; we have processes and policies for dealing with this stuff on enwiki, and the Oversight team works hard to ensure that defamatory usernames, etc, are redacted as quickly as possible to prevent the very problem that is being detailed here. As it is, there are two mirrored pages still up that cannot be removed - I've tried, and it's going to happen. You can see them here;

  • [link removed]
  • [link removed]

  And while I can understand how it happened, etc, this is the end result of keeping sensitive data in a place where it's publicly accessible. I contacted Pathoschild last September to point out this issue & he responded rapidly. However, I found myself having to go back again in mid-January with the exact same issue. Some of the contents of those pages relate to my full name, the full name of someone I had to report to the police, and some particularly nasty comments. Go find them yourselves :/ Either way, I'm particularly annoyed that these comments are now indefinitely on-line. It goes without saying that I'm annoyed by the perp, too, and would dearly love to name him in full here. But the failure of a steward to handle sensitive information just compounded the problem. Pathoschild has done some incredible work over the years on here - I've seen it myself countless times, but his failure to readily acknowledge the gravity of this issue concerns me greatly - Alison ^❤ 04:47, 23 February 2010 (UTC)[reply]

  Also, please tell me that this data is still not publicly indexible here, squirreled away somewhere? At the very least, encode it so it's not human-readable - Alison ^❤ 04:49, 23 February 2010 (UTC)[reply]

  Insert gratitious plug for either GnuPG or Truecrypt here. -- Avi 05:07, 23 February 2010 (UTC)[reply]

  The list is no longer public. —Pathoschild 05:10:15, 23 February 2010 (UTC)

•   Keep --LadyInGrey 03:18, 24 February 2010 (UTC)[reply]
• Keep, very helpful steward, trustworthy. − Elfix × talk (fr) 09:36, 26 February 2010 (UTC)[reply]
•   Keep EVula // talk // ☯ // 15:53, 26 February 2010 (UTC)[reply]
• I feel I must point out that Pathoschild is generally very conscious of making life difficult for vandals & trolls, and in particular dealing with vandalistic usernames requiring revision deletion. Indeed, he's been annoying me to no end by refusing to make public the source code for his StewardBot :D In light of this general awareness and his conscientious handling of such matters, I have to conclude that while posting usernames about to be oversighted on a public wiki (or any of the other locations) was clearly an error in judgment, keeping him around is a net benefit for our projects.  — Mike.lifeguard | ^@en.wb 00:12, 27 February 2010 (UTC)[reply]
•   Keep For someone so incredibly lazy, this guy is a machine and a valuable asset to the entire project. --Charitwo 04:08, 27 February 2010 (UTC)[reply]
• Confirm. In light of the mistakes, which I do not believe PC will repeat, I believe that his continued service here is worthwhile. Thank you for continuing. NonvocalScream 05:18, 27 February 2010 (UTC)[reply]
• Sure, a lot of good work (and tools). LeinaD (t) 17:36, 27 February 2010 (UTC)[reply]
•   Keep --micki ^talk 20:51, 27 February 2010 (UTC)[reply]
• Argh; the oversight log is private for a reason! That mediawiki (and wikis in general) publishes libel and private information immediately is not a feature, and it should never be used as an excuse for another person republishing the same information. It is a well known problem, and all tools which harvest data from the live logs should be concerned about contributing to & exaserbating this fundamental design problem. Still, I am confident that pathoschild is 100% part of the solution, so confirm and hope it doesn't happen again. John Vandenberg 07:27, 28 February 2010 (UTC)[reply]
• I felt comfortable this year with every single member of the team. This is true, regardless of the mere count of actions and the amount of interactions on wiki, mailing list, IRC, social networks or real life. Therefore I'd feel much more comfy if all current stewards are confirmed. --M/ 23:01, 28 February 2010 (UTC)[reply]
•   Keep --Djordjes (talk) 23:30, 28 February 2010 (UTC)[reply]
•   Keep - my only !vote this year. Yes, he's made mistakes here and there. However, he's one of the hardest-working stewards and plays a largely thankless but vital role for all the projects here. He's clearly demonstrated here that not only has he understood and acknowledged the gravity of what happened, but also took extraordinary steps to correct it. It doesn't get better than that - Alison ^❤ 03:02, 3 March 2010 (UTC)[reply]

Followup edit

I spoke with the domain registrar and site operators. The mirror has been updated to the latest revision without the list. The names should disappear entirely from search results within the week.

(Another steward has oversighted Alison's links above.) —Pathoschild 00:14:02, 03 March 2010 (UTC)

• Thank you so much for doing this. I really appreciate it. Thank you - Alison ^❤ 02:58, 3 March 2010 (UTC)[reply]