Training modules/Online harassment/Final draft

Drafts: Keeping events safe (FirstSecondFinal) • Dealing with online harassment (FirstSecondFinal)

The content below is designed to be transcluded into the training dashboard, and not to be read here.

You can take this training module on the dashboard or help to translate these training modules.

Fundamentals

Purpose of this module

edit

This module is intended to help community leaders, users with advanced rights, and groups handle community challenges around allegations of online harassment and abusive behavior. Working with such reports can be a challenging and time-consuming process. Wikimedia projects' fragmented system can mean a lack of consistent approaches to the issue between different Wikimedia projects, or even within a single project or group. Harassment cases can cause emotional strain on those reporting the abuse as well as those experiencing it, and it is often very difficult to find solutions that satisfy everyone involved.

However, helping fellow community members deal with this issue is important. The experience of feeling harassed is a deterrent to participation. Volunteers often struggle with finding assistance when they feel harassed. Supporting them, and supporting each other in supporting them, may help us avoid losing good-faith contributors who could be helping build out content for readers.

These training materials will evolve over time. Approaches to online harassment, as well as policies and tools, are an expanding area of study. [[:Training modules/Dealing_with_on line_harassment/slides/what-is-harassment]]

Basics: Why do you need to care about harassment?

edit

Online harassment has been an issue for a long time, almost since the launch of the internet itself. Areas of the internet where many people converge and communicate openly with each other – for instance, forums, multiplayer games, and social media – are particularly susceptible to it. Harassment and bullying can lead to distress and depression in people subjected to those things (pdf link). In a survey published by the Pew Research Center in 2014, almost three-quarters of adults using the internet have seen someone be harassed in some way online. Two in five have experienced it first-hand.

A culture of harassment has been one of the major criticisms of the Wikimedia community since its inception in 2001. Researchers from the Palo Alto Research Center in 2008 found that less-active editors who make two to nine edits a month were seeing their edits reverted up to three times as often than they had been in 2004. But it's not only low-volume editors who encounter harassment – long-term contributor David Shankbone wrote in 2008 that "if you become a target on Wikipedia, do not expect a supportive community."

When vulnerable types of users are targeted by harassment, this can lead to a lack of diversity in editors and a lower quality of content. When users have their privacy compromised, it is likely that their involvement with online projects like Wikipedia is greatly reduced or stops altogether.

The Trust and Safety team at the Wikimedia Foundation (shortened to "T&S") is working to improve these processes on our end, but the majority of harassment complaints will be seen by the community first. It can be complicated to deal with often complex and subtle harassment claims and cases. This module will help prepare you for the best ways to deal with them.

Basics: Some common forms of harassment on our projects

edit

Harassment comes in many shapes and sizes. Some of it is childish and may seem easy to shrug off – throwaway insults by vandals, for example. But while it can be easy for an administrator or vandalism patroller to brush this treatment aside, newcomers to the movement can be discouraged or offended by it. They might also be goaded into breaking rules by entering into petty edit wars or meeting name-calling with name-calling.

Some vandals can become focused on the pursuit of one or a group of editors. This pursuit may take subtle forms, like "wikihounding" – the practice of "stalking" someone's edits to constantly revert or oppose them. Being wikihounded can result in the editor becoming disillusioned, upset, or frustrated. Wikihounding can also lead to more general online stalking in places like email, social media, and personal blogs. Harassers may collect personal information from these sources and use the release, or threat of release, of this information to intimidate contributors.

Another form of harassment is direct threats against an editor or editors. Threats to life and limb must be considered as serious and should be referred to the Wikimedia Foundation Trust and Safety team through the emergency@wikimedia.org email address. Legal threats are not uncommon and can be used to "force" editors to delete content or censor articles. Even if these threats are not plausible, they can be distressing.

Immediate action: Blocking users

edit

Once you have been made aware of obvious harassment or threats, there are actions you may take immediately that don't require in-depth investigation. You might already be familiar with these actions, as they are fairly commonly used by local administrators or users with advanced rights.

If you are experienced with using the block tool, feel free to skip this section.

The block is one of the central tools available to administrators and those with advanced permissions. It prevents a registered user account from editing and an unregistered user from editing from a specific IP address. Blocking policies are project-specific. More information on performing blocks, and when they're appropriate, can be found on those projects.

Range blocks

edit

Range blocks, where a group or "range" of IPs are blocked, can be a powerful weapon against users moving through multiple IP addresses. However, it is also a solution with a lot of potential collateral damage. Consider consulting a fellow administrator with experience in these kinds of blocks before applying a range block for the first time, and make sure you are aware of and respect local policies about their use.

Immediate action: Revision deletion or suppression

edit

Revision deletion (sometimes shortened to "revdel" in English) is available to administrators. It is used to hide deleted content from those without administrator rights. This is a reversible action which can be a good first response to obvious attacks, even if you feel the larger issue needs to be discussed more thoroughly.

Suppression (also called oversight) is a tool that can be used to hide content even from administrators. Policies on suppression can vary a little by wiki. A global oversight policy can be found on Meta-Wiki. Of the criteria, those which most relate to harassment are:

  • Removal of non-public personal information such as phone numbers, home addresses, and workplaces or identities of pseudonymous or anonymous individuals who have not made their identity public, or of public individuals who have not made that personal information public. Users with advanced rights are encouraged to use common sense and intuition when making a call like this. Suppression can be reversed, so it is usually safest to remove when in doubt.
  • Removal of potentially libelous information on the advice of Wikimedia Foundation counsel or when the case is clear and there is no editorial reason to keep the revision.
  • Hiding of blatant attack names on automated lists and logs, where such an action does not disrupt edit histories. A blatant attack is one obviously intended to denigrate, threaten, libel, insult, or harass someone. Note that usernames are created globally by default. You can "block-suppress" locally, but it's usually best to have a Steward "lock-suppress" the account globally. (Remember that, when it comes to registered user accounts, "blocks" are local actions, but "locks" are global.)

If the harassment in question doesn't meet these criteria, it might still be revision deleted as described above. Where there's doubt, refer the case to users with "oversight" rights or stewards.

Immediate action: Cross-wiki blocking and tracking

edit

In the event that an obvious harasser is abusing someone across multiple wikis, it may be necessary to take global action. It is possible to globally lock accounts, though only stewards have this ability. They can also globally block the underlying IP address to prevent the creation of alternate accounts (known as "sockpuppets") or "sleeper" accounts.

Global sysops are users with administrator rights on more than one wiki. They can also help to keep cross-project abuse to a minimum. They can also help support projects without administrators, or with very few. However, the role of combatting global abuse is generally best left to the stewards.

The Small Wiki Monitoring Team can help to track and prevent obvious vandalism or harassment through their own methods. They might be worth contacting to help keep track of harassment on smaller wikis and may have background knowledge of problem users on those projects.

Advanced

Handling personal information: Publication of personal information

edit

"Doxing", or "outing", is usually described as the publication of personal information online, generally in order to intimidate or threaten. In some cases, this personal information is used to actively seek out and harass online users in real life. Real-life outcomes can involve someone unwelcome literally showing up at the target's door or place of employment. Unfortunately, doxing has become a common method to intimidate, harass, or punish people online.

Handling personal information: What counts as "personally identifying information"

edit

As previously covered, "personally identifying information" (often shorted to "PII" and sometimes expanded as "personally identifiable information") covers a fairly wide range of data that can be used to identify or trace a person in real life.

On Wikimedia projects, the category of PII includes information about a user such as phone numbers, home addresses, and workplaces, unless the user has chosen to publish that information on a Wikimedia project themselves. PII includes the real names of pseudonymous or anonymous individuals who have not made their identity public on a Wikimedia project. Private information about public individuals, such as addresses or phone numbers that the individual has not made public, are also considered PII. It also includes IP addresses and user agents of those who have not made this connection in the past.

Because the right to participate without giving away personal information is guaranteed in the Wikimedia Privacy Policy, it's usually advisable to be vigilant and conservative when dealing with anything that could be used to "out" an editor.

Handling personal information: Handling PII on-wiki

edit

You may be asked to handle PII that is posted in a variety of locations, deliberately or otherwise. It isn't always with malicious intent. Sometimes a person will post something about themselves on a project without realizing how public that page is. Or perhaps someone mentions a link between another user and their PII that they thought was known, but it wasn't. No matter the intentions of the person who posted it, PII that isn't willingly divulged generally needs to be handled with caution and removed and suppressed as necessary.

PII can be revealed on Wikimedia project noticeboards and talk pages, such as those used for mediation. This is not always done maliciously. Some examples of accidental publication of PII might include:

  • Someone attempting to make a link between a user and their location, their employer, or an IP address to prove a point in a debate;
  • Someone referring to another person by name (assuming the other person had not publicly linked this to their account);
  • Someone uploading an image of an event that shows another user and their name badge, thus connecting a user to their real name, or that contains the user's real name in the tags or metadata.

In all of these cases, even if no action is merited against the person who made the edits, the edits themselves should be suppressed. Refer to the "Immediate action" section of the Fundamentals module for more information.

There is also the additional possibility of articles being used in harassment of this variety. This is of particular concern when the harassment is targeting an individual with a Wikipedia article of their own. Most of the time, such targets are fairly low-profile, if notable, individuals. Most projects' policies on biographies of living people contain information on how to treat articles on people such as this. Situations involving articles such as these might include:

  • Posting home addresses or phone numbers into infoboxes or article text;
  • Inserting unsourced or false material that is controversial or purports to reveal personal details (usually where those details are excessive – details of divorces, children's dates of birth...);
  • Adding links to unreliable websites or blogs that reveal previously unpublished or unverified personal details

Be wary of treating article content issues as harassment. Undue weight given to sourced content – such as criticisms or controversies – is a different matter and ought to be handled with on-wiki discussion.

Handling personal information: Responding to posters of PII

edit

There are a few ways you can respond to those who post personally identifiable information. Policies on assuming good faith vary greatly by project, but you will generally be able to use common sense to determine whether something is done on purpose or by accident.

If the PII was posted by accident, treat the actual PII as serious, but try to communicate with the posting user as quietly as possible about why posting this type of information is not allowed. For example, a user may have posted their email address for further correspondence. Or they may have posted what they thought was a known connection between two online identities that had actually not been previously linked.

If the posting of this information was obviously deliberate, or if a seemingly accidental posting is repeated, more severe action might be needed. Cases of deliberate PII release might include an attempt to "out" another editor, perhaps to link their account to a purported employer. It could also include leaking personal emails or other communication which could be compromising.

In cases of deliberate PII release, use your judgment to decide whether a stern warning will suffice or whether a block is necessary. If you choose to use a block, be aware that you may also need to restrict the blocked user's ability to edit their talk page in order to keep them from posting the PII there.

Possibly the hardest part of dealing with the public posting of personal information is corresponding with those experiencing harassment.

Handling personal information: On-wiki steps they can take

edit

In a case like this, the first and most important step someone experiencing harassment should take is to contact oversighters directly. If oversighters don't exist on the project in question, instead contact the Wikimedia stewards through email or on IRC. ("IRC" stands for "Internet Relay Chat", and is a popular form of communication among the Wikimedia community.) This should be done as quietly as possible to avoid drawing attention to the personal information and to prevent its spread.

Administrators might wish to take action against the poster of this PII, assuming it was posted with malicious intent or is posted repeatedly.

Handling personal information: Off-wiki steps to recommend

edit

Off-wiki posting of information is much more difficult to remove than on-wiki edits. Once information is posted online, it can spread quickly and be difficult or impossible to completely remove.

It can be a good idea to contact the hosts of the website on which the leaked content has been hosted and ask them to remove it. This is especially effective when the website in question has a Trust and Safety team set up to deal with these situations. If they don't, it can be more difficult to have content removed, but it is usually possible.

If the person experiencing harassment has concerns for their safety as a result of the leak, they may contact their local law enforcement. This should ideally be done by the person experiencing the harassment themselves, as some authorities may not accept reports by a third party. The posting of personal information online may be illegal depending on where those involved are located, especially if that information is illegally obtained.

It's important to remember that, because of laws regarding charities in the United States, the Wikimedia Foundation cannot provide legal advice to Wikimedians. Legal help varies by country or area, and may be worth investigating should the harassment be serious enough.

Handling personal information: What not to do – The "Streisand effect"

edit
 
Photo by Kenneth & Gabrielle Adelman, California Coastal Records Project, www.californiacoastline.org, CC BY-SA 3.0

The "Streisand effect" is a term used to refer to cases where trying to hide something actually makes it more visible. It is named after American actress Barbra Streisand, who, with a court order, attempted to stop the media from publishing a photograph of her house. The press attention from this court order led to more people seeing and sharing the photograph.

When attempting to handle doxing claims, keep in mind things that could make the situation worse. Of course, the number one priority should be ensuring the information leak is contained and doesn't spread any further.

  • If you are not an oversighter, and cannot deal with this information right away, don't explicitly link to it in public. This includes on IRC and on administrative noticeboards. Doing so increases the chances of bad actors copying the information and leaking it in the future. Instead, contact an oversighter or oversighters directly, by email or on IRC. If the leak was on a wiki that doesn't have oversighters, contact a steward instead.
  • If suppressing PII will require hiding many revisions, be aware that this will look strange and can look suspicious. There is every chance that such an action will raise suspicion and that the reason for the suppression might be questioned. Be sure to clarify this risk with the reporter and ensure they are willing to take the potential extra scrutiny.

"Off-wiki" harassment

edit

The Wikimedia projects' low tolerance for harassing behavior sometimes leads people to take Wikimedia-related harassment to other platforms and websites. This often, but not always, occurs after a Wikimedia account has been blocked; less commonly, a user in good standing will go off-wiki to target an opponent in the belief that doing this off-wiki means they cannot get in trouble on-wiki. Off-wiki harassment is among the most difficult types of harassment to deal with because local administrators and users with advanced rights cannot directly stop or remove the harassment.

Often, helping a harassment target with off-wiki harassment means educating yourself on the policies and procedures of the site where the harassment occurs, so that you can help the person figure out what options are available to them. Some websites have good procedures to help people remove harassing comments or images, while others may expressly ignore the problem.

Off-wiki harassment: Forms it can take

edit

There are a number of different forms off-wiki harassment might take, including but not limited to:

  • Doxing – publishing personally identifying information about another user.
  • Impersonating users – pretending to be somebody else, and carrying out behavior that would embarrass or harm the target.
  • Brigading – advertising at an off-wiki venue for other users to come to Wikipedia and attack or revert other users.
  • "Revenge porn" (real or forged) – this may involve publishing actual photos of someone in sexual situations, or the forging of such images.
  • Phone calls or emails directed at a specific user – a harasser may use these communication venues to intimidate, issue threats, or carry out sexual harassment. Even in a situation where a harasser themselves doesn’t do these things, publicizing someone’s phone number increases the chances they will receive things like “prank” phone calls.
  • Phone calls or emails directed at a specific user's family or job – often used to make negative accusations about someone, or to intimidate them by showing they can access loved ones. This type of intimidation can be particularly frightening.

Off-wiki harassment: Investigating reports

edit

When you receive a complaint about off-wiki harassment, it may or may not say who the reporting party believes the perpetrator is. If it does include such an allegation, your first priority should be to verify, if possible, this claim: is the Wikipedia user actually the same user as whoever is doing the off-wiki harassment? A user in distress may not be a reliable judge. It is always possible for a malicious third party to be carrying out an impersonation that victimizes both the alleged target and the alleged perpetrator, or for someone to take advantage of our system to target a good faith user they disagree with.

Verifying the identity of the harasser may be a simple task, or it may be essentially impossible. It is your team's or community's responsibility to determine what amount and type of evidence is adequate to take action. In general, you should remember that a wiki is not a court of law, and your team has been entrusted with your advanced rights because your community trusts you to make good decisions.

Some ways you may be able to investigate the identity of the harasser include:

  • Comparing the off-wiki perpetrator's interests or writing style with the alleged on-wiki user
  • Using search engines to try to connect the off-wiki perpetrator's username on that site with the details of a Wikipedia account
  • Checking to see if the Wikipedia username has ever mentioned the other account being theirs anywhere on-wiki (the reverse, where the off-wiki account identifies itself off-wiki as a Wikipedia account, is not verification of the linkage.)

Some ways your team may be able to request more information about the identity of the harasser from outside parties include:

  • Reaching out to the off-wiki site's Trust and Safety team for assistance
  • Filing a complaint with the perpetrator's ISP, if it is identifiable
  • In extreme cases, a legal representative may be able to subpoena information about the perpetrator

In all cases, you must remember that there is a difference between investigating a harasser and doxing someone. Rarely will you need to find actual personal information about the harasser; most of the time you will simply be trying to find a link between one account and another. Even in cases where real-life identity becomes relevant, it is your obligation to not do more research than you must, and to think carefully about how to store such information.

Off-wiki harassment: How to request takedown of content on other social media

edit

Most social media websites (for instance, Reddit) have, for their own legal protection, explicit policies about when and how they will remove ("takedown") content that infringes their terms of use or violates the law. Similarly, they will usually have guidelines that determine whether certain behavior or content is desirable.

Where harassment is taking place on external websites, it can be possible to request intervention from these websites themselves. Many of the major social media networks now have Trust and Safety teams, though the existence of and best practices for these teams are often quite new. As a result, many of these teams are still trying to firm up policies and procedures for dealing with cases, and may not have a definite, immediate response to give to a complaint. That having been said, most trust & safety teams care about protecting their users and are receptive to complaints about these issues.

Some websites have streamlined the process of requesting content be taken down; for instance, Facebook allows users to report problematic content of many types with a button and Twitter accepts reports of copyright violations via an online form.

Off-wiki harassment: Assistance you can offer

edit

Protecting their personal information

edit

For a more extensive list of ideas, see RAINN's list

A user who has been doxed or threatened off-wiki will often be extremely concerned about their personal safety, given that the perpetrator has such information about their life. While you cannot directly protect a user's information or safety, there are some resources you can direct them to about how to protect their information:

  • They should verify, and potentially tighten, their social media privacy settings. Most of these websites offer a help page or wizard to help users choose what privacy settings work best for them. For instance, here is a guide to Facebook's privacy settings
  • They may want to request removal of their personal information from "people search" websites. In some countries, personal details such as names, addresses, and phone numbers are considered public information, and for-profit websites gather and package this information for re-sale. Most such websites include an "opt-out" method for people who do not want their information shared this way, but those methods are not always easy to locate. A "how to" guide like this one may help a user have their information taken down.

Securing their accounts on other sites

edit

When a user reports that an account they own has been compromised, or "hacked", you can suggest some important steps they should take immediately:

  • Ask the user to check their password security. It is usually a simple matter for the user to reset their password for the compromised account, and they should be sure to do the same for any other online accounts for which they have used the same, or a related, password.
  • Contact the administration or Trust and Safety team of the website their account was compromised on, if it has been. These teams can often secure or restore an account with the tools available to them.
  • Consider enabling two-factor authentication on sites where it is available. This service will mean that even if someone has their username and password, they will still not be able to access their account without the second "factor". This process usually involves linking an account to a mobile device.

Image-based problems

edit

In some cases, users can be the targets of harassment involving images. This can come in many forms, but all have the potential to be upsetting or intimidating. Some examples of how images might be used to harass a user include:

  • An attendee of a Wikimedia event being photographed without their consent, with the resulting photographs posted to Wikimedia Commons or a sister project;
  • Sending them offensive or otherwise shocking images;
  • Editing an existing photograph of the user;
  • Using a user's image to illustrate an article that has negative connotations

Image-based problems: How and when to get an image deleted

edit

Getting an image deleted can be a complicated process. The most important aspect to consider is whether the image actually breaks any rules. Sometimes the image itself isn't causing the issue, but the harasser is using it maliciously. Commons has some shocking images and images that might cause distress to users. This by itself is not normally a reason to have them deleted.

A common form of image-based harassment is the posting of images taken of volunteers without their consent. At events, there are usually precautions taken to ensure those who do not wish to have their images taken are not photographed. This is usually done with stickers or lanyards. In some circumstances, these may be ignored – maliciously or otherwise – by photographers or camera operators at events. It can be distressing to have a photograph linked to a username, especially if the link wasn't apparent before. It's also treated as a form of personally identifying information on the projects.

Note that images used to harass users are often posted "off-wiki". Learn more about dealing with harassment taking place on external websites.

Image-based problems: Wikimedia Commons versus local projects

edit

Most images found on our projects are hosted on Wikimedia Commons. You can identify if an image is hosted there, rather than on a local Wikimedia project, by the appearance of the "View on Commons" tab along the top of the page. There will also be a note just below the image stating that the file is accessible on Commons.

Wikimedia Commons has a guideline around images of identifiable people which can be useful in situations like this. It states: "The subject's consent is usually needed for publishing a photograph of an identifiable individual taken in a private place, and Commons expects this even if local laws do not require it."

Wikimedia events are usually considered private places. This can be less obvious if the event is held somewhere that is normally open to the public, like a library or a university. A well-run event will have either something to sign if you are okay with photographs being taken or, more commonly, stickers or lanyards to indicate you are not comfortable being in photographs.

Even in public places, country-specific rules exist on consent. These rules can be complicated, and not all are legally binding. Check whether or not the country in which the offending photograph was taken is covered by a rule such as this.

"Selfies" or other images of editors which are uploaded by themselves are fairly common on Wikimedia Commons. Of course, while these are usually fine, users should be aware that images of themselves have the potential to be abused.

Images hosted on local projects are processed slightly differently. Policies on this tend to vary by project. On most, the unauthorized posting of someone's photograph counts as the release of personally identifying information.

Image-based problems: Images involving minors

edit

Where there is a suspicion that an image might contain child abuse or child pornography, please immediately report it to the Wikimedia Foundation through legal-reports@wikimedia.org to alert the Trust and Safety team. Include a URL link to it so that it can be reviewed quickly. Even though situations like this are rare, the material must be reviewed promptly – having all relevant information available at first contact helps speed things up substantially. The Trust and Safety team at the Wikimedia Foundation is tasked with reporting and otherwise handling such images.

Even if there's no obvious abuse or suggestion of pornography involved with an image of a minor, it can still be upsetting. There currently is no hard rule regarding the treatment of images of younger editors, uploaded by themselves or by others. Generally, it is best to use your common sense – would this image be harmful if it remained? Is this image within the scope of Wikimedia Commons?

edit

This module will periodically present you with multiple-choice questions you can use to test your knowledge of the module you are studying. While more than one of the suggested answers may seem suitable, remember that you should try to pick the most suitable of the options.

An editor who edits under the pseudonym User:K is known to edit controversial articles on the Chinese Wikipedia, including articles about Hong Kong's past as a British colony. The edits they make there are arguably in a pro-British style. They are routinely involved in brief edit wars and heated discussions related to these edits, but their conduct has never been deemed serious enough for the community to sanction them.

Now, however, User:K has discovered that a photograph of them has been stolen from their social media account and used to illustrate parody articles on a pro-China Wikipedia fork (split-off site). It's not immediately clear who has done this, but User:K suspects it is the fault of pro-China User:L, with whom he has argued many times in the past.

Test yourself!
Do you...
  1. Advise User:K to create an account on the Wikipedia fork and remove it from the offending article himself. Provide User:K with guidance on maximizing their security and privacy on external websites to prevent this from happening again in the future. (click to expand or collapse)
    This answer might be useful if User:K is willing to get involved with such a community, though it seems likely to make the situation worse.
  2. Advise User:K to contact the Wikipedia fork to request the removal of their image directly, and recommend they look into legal action against the offending site if they don’t agree to remove it. Provide User:K with guidance on security and privacy on external websites to prevent this from happening again in the future. (click to expand or collapse)
    Well done! This situation is difficult, though this the most effective of these actions. This allows the website (which may not otherwise be aware that the image is hosted by them) a chance to remove it or open discussions to begin that process. There may also be local laws which protect the privacy of User:K which the sharing of this image is breaking.
  3. Block User:L immediately, as it's obvious they are the one involved with posting this image on external websites. Provide User:K with guidance on maximizing their security and privacy on external websites to prevent this from happening again in the future. (click to expand or collapse)
    There is not much to be gained from this answer, since while it is possible User:L is involved there's no real way of knowing if that's true. Blocking without process in this instance makes little sense.
  4. Provide User:K with guidance on maximizing their security and privacy on external websites to prevent this from happening again in the future, but otherwise take no action. (click to expand or collapse)
    To do nothing at all may not actually not as bad as it may sound – there is every chance the "fork" isn't widely read, and intervening may just make things worse further down the line. Though there is a better answer which may help in this situation.

(Discuss this question)
Communication

Communication: Communication style

edit

Appropriate communication with a harassment reporter should focus on two areas: first, appropriate communication style, and second, appropriate information and expectation sharing.

One of the most important things to remember when you are communicating with someone who reports suffering harassment is that harassment is, by design, intended to intimidate and upset. As a result, you will likely be addressing someone who is frightened, angry, hurt, or a combination of all three. Reporters may be worried that they will receive a dismissive response. Whatever the merits of the report itself, you can go a long way toward making the reporter feel safer than they may have feared simply by approaching it, and the reporter, with empathy.

Your goal in empathetic communication is to signal to the reporter that you understand that this is a stressful or frightening situation for them.

Some ways to communicate empathy will involve your choice of words and phrases. Try to use language that approaches the report with concern and attention, like:

  • "I understand" or "Could you help me understand" – Let the reporter know that you are not just reading the words they wrote, but rather are truly trying to grasp the situation. If the initial report is clear and thorough, show them that you understand their situation. If you need to ask questions to get a handle on the situation, ask them in a way that communicates "seeking to understand" rather than skepticism or doubt about the report.
  • "That must be (frightening/hurtful/upsetting)" or "I see that you are (frightened/hurt/upset)" – Active listening is an important skill in these situations. Your communications to the reporting user should indicate that you understand why they felt it necessary to reach out to you.

Avoid using words and phrases that indicate skepticism or disinterest, like:

  • "I disagree" – Remember that they are reporting the situation to you as they understand it. Negative assertions and disagreement won't help you understand the situation better, and may lead the reporter to believe you are not here to help.
  • "Nothing we can do" – There certainly will be cases where you cannot take action. However, there is a difference between saying "nothing I can do", and offering advice or alternative routes forward. Even if a situation does not call for administrative attention, you may be able to help the reporter with suggestions of other venues, new communication strategies, or referrals to support organizations.
  • "The person accused of harassment has a good reputation" – Sometimes harassers have a good reputation on their project, which can act as a social "shield". Do not offer opinions on the person accused of harassment. Instead, focus on the reported behavior or actions.

Communication: Sharing information and managing expectations

edit

Though your communications to the reporter should be empathetic, as described above, remember that the investigation is your responsibility. For the privacy and safety of all parties, it is neither desirable nor appropriate to actively involve the reporter or the target in the actual investigation or communications about the investigation. You should, of course, make sure you have the full details of their complaint, and be prepared to set reasonable expectations about what information they will receive and when they will receive it.

  • Offer the target or reporter a timeline. Your goal should be to let them know what to expect. While you will never be able to promise a certain result or a certain closure date, you should be able to give them a sense of the projected progress of their investigation. Consider whether you can offer the reporter a "check-in" date.
  • Alert them to any substantial delays that may alter the timeline you offered. Remember that while, for you, this may be one of a dozen active cases, for the reporter it is likely a much higher (and more emotional) priority. Sudden, unexpected silence or lack of apparent progress may feel alarming to them.
  • Contact users in a timely manner to request any additional information your investigation requires. Particularly when an investigation involves multiple people, small delays can compound – try not to add to that by putting off simple steps like asking an important question.

Do not:

edit
  • Overshare. Again, this will be an emotional situation for the target, and you may be tempted to err on the side of giving them as much information as you can. Remember, though, that the parties involved in the case are not neutral or confidential parties. An alleged harasser does not lose their right to privacy simply by being reported.
  • Make promises you may not be able to keep. While you may wish to reassure a targeted user with "I promise we will stop this behavior" or "You will have an answer by Tuesday", such a reassurance will backfire if you are unable to follow through. Know your limits, both in time and in your role.

Communication: Keeping yourself safe

edit

Protecting your personal information

edit

People who work on harassment complaints can become targets themselves and have their names and communications spread on the internet. When communicating with both the reporting party and the accused, use some simple rules to protect yourself.

  • Realize that anything you write may be shared or "leaked" publicly. Think about how your words could be taken out of context, or used against you, as you write.
  • For communications regarding your Wikimedia role, consider using a separate email address, one that does not give personal details in the address name.
  • Do not give personal details in your communications. Sometimes it is tempting to give personal experiences to show you empathize with someone suffering harassment (e.g. "I saw a very similar situation when I worked at my campus help center in Mumbai"), but you need to protect your own privacy.
  • Consider using a VPN or other tools to help protect your web identity, particularly when investigating through avenues which might track your activity.

Protecting your emotional well-being

edit

Try to remember that while empathy is valuable, over-empathizing with a case can make things more difficult for both you and the people you are trying to help. If you connect too closely with the reporter, they may develop unrealistic expectations about what you can provide. You also risk exposing yourself to "secondary trauma", where you begin to experience the same negative effects as targets do. This will limit your ability to help people long-term and could lead to recurring psychological problems in the future.

Be realistic with yourself about what you can and cannot do, and realize that some distance and barriers will help you perform your role better. You can't solve all problems by yourself!

Providing support and advice

edit

It's natural for you to want to offer as much help and support as you can to a person who is being harassed, but you must keep in mind that your skills and tools do not necessarily encompass all types of help and support that a target may need. At times, there will be advice you simply cannot offer, either because doing so may inadvertently harm the person you are trying to help or because it would be more useful to refer the person to someone more qualified to offer that support.

Before we go into types of support, remember: you should never feel obligated to counsel or advise harassment targets if you are not comfortable doing so. Your mental health and safety are as important as those of anyone else. It is much better for you to pass off a case to someone more equipped to handle it than for you to burn out trying to do it all yourself.

Providing support and advice: Actionable and non-actionable cases

edit

As someone investigating a harassment case, you are also the person best positioned to take concrete action to stop the harassment – when doing so is possible and called for. When a case is closed or a sanction put in place, you should let the target and, if appropriate, the reporter know that action has been taken. Try not to make this communication emotional. Your goal is simply to let them know what has happened.

For cases in which you can't take action, the most important part of offering support to those experiencing is something you've already read about in this module: empathy. Your goal should be to communicate to the user that you understand their feelings and that you are approaching the situation with those feelings in mind. Even in cases where you can offer no concrete action, providing emotional support can still help the user experiencing harassment feel safer. Your communications should balance honesty with sensitivity. However, being overly blunt or protective can lessen the effectiveness of your communications.

Providing support and advice: Malicious or mistaken reports

edit

A situation where a report was made to you in bad faith or with significant, compromising errors can be one of the hardest to address. You will be dealing with an alleged harasser who is defensive, anxious, and impatient as well as a reporter who is likely to be pushing hard for action and reluctant to reconsider their views. The key in many of these situations is to carry out communication without judgment. When talking to a mistaken reporter, remember that if they believe that they were harassed – whether you believe they were or not – you can still offer links to support venues like RAINN or the Victim Connect Helpline. Support venues exist for support in other languages.

When you speak to the accused subject of a mistaken or malicious report, keep in mind that you are delivering positive news to them. They are not in trouble, and you know they didn't do anything wrong. That doesn't mean you should communicate emotionally, however – you are a neutral, evaluative party, not a friend congratulating them on being vindicated or a prosecutor going into detail about the other party's guilt. Repeated malicious reports are a problem that should be communicated to others who may be receiving reports from the same reporter. Knowledge should be shared so that time is not wasted on evaluating reports without basis. People intentionally abusing reporting systems may need to be sanctioned, and this behavior can constitute a form of harassment itself.

Providing support and advice: What kind of support can the Wikimedia Foundation offer?

edit

The Wikimedia Foundation's Support and Safety team ("SuSa") is always available as a resource to both you and harassment targets. However, while SuSa is always happy to provide advice, it can only take action in the most severe of cases. This can include cases where a community has already taken unsuccessful steps to resolve the harassment or cases of harassment serious enough that the community cannot resolve it themselves. Here are a few types of help the Wikimedia Foundation can offer:

  • Emergencies: If a threat to someone's real-life safety has been made on a Wikimedia project (for instance, a harasser threatening to find someone's home and hurt them), you should immediately report that threat (including diffs) to the Support & Safety team's emergency email hotline (emergency@wikimedia.org). While the Support & Safety team is multilingual and will do their best to handle reports in any language, you may feel that it would be more useful to reach out directly to your or the target's local authorities. We encourage you to do so – especially in combination with reporting to SuSa. This hotline is monitored 24 hours a day, and the staff who monitor it are able to quickly pass such situations on to law enforcement or others who can help ensure the safety of the threatened person.
  • Terms of Use violations: Though many activities that violate Wikimedia's Terms of Use can be and usually are handled by local communities (for instance, undisclosed paid editing), the Wikimedia Foundation is the primary line of defence between communities and more severe violations such as threats, privacy violations, and injection of malicious software. In these cases, and when the situation is not a safety emergency that should go through the "Emergency hotline", you should reach out to the Support & Safety team at ca@wikimedia.org with details of the case. SuSa will review the situation and pursue appropriate solutions.
    • Please note: If you pass an investigation to the Wikimedia Foundation, you will not be given details of their subsequent investigation. While the Support & Safety team will try to keep you informed of the status of the case, investigation details are considered confidential.
  • Target support: The Support & Safety team exists to assist and protect our users, and team members are available to offer support to targets of harassment. In the past this has included things like providing letters of good standing for harassment targets to give to employers who are receiving negative contact about them, connecting targets to non-Wikimedia resources that may help them, and simply being a sympathetic ear. If you feel actions of this type are needed in a case, please direct the person who needs assistance to ca@wikimedia.org.
    • Please note, however, that Wikimedia Foundation staff are neither social workers nor trained mental health professionals. For the safety of all involved, staff cannot provide counseling or emotional support, though they can direct community members in need to other available resources for these things.
  • Legal support: The Wikimedia Foundation's Legal staff, under United States ethics guidelines, cannot offer legal advice to individual community members. However, when an eligible community member is the subject of a legal threat or lawsuit, the Wikimedia Foundation's Legal Fees Assistance Program may be able to help them locate and pay for their own counsel. In these situations, please contact the Legal team directly at legal@wikimedia.org.

Providing support and advice: What kind of non-Wikimedia support can you direct someone to?

edit

You will have noticed in the above sections that due to privacy, safety, and legal concerns, there are significant limitations to the types of assistance that community members and the Wikimedia Foundation can provide to users being targeted by harassment. This does not mean, however, that there is no help you can offer to those in need of types of assistance you and the WMF cannot provide; you are free to use your judgment in referring those in need of further assistance to organizations and resources that can offer that help! The following examples are by no means exhaustive; for a more detailed listing of resources, see the Support & Safety Resource List.

Support you should not offer: Mental health counseling

edit

There are some types of support and advice that you should not attempt to give to users. These include mental health counseling and legal advice, both of which should only be given by trained and qualified professionals.

If you handle harassment cases, you will be dealing with people in various levels of mental distress. Most people understand that users with advanced rights are not psychology professionals and will not expect you to provide counseling, but in cases where someone is in crisis or where you feel the appropriate mental health advice is obvious, it can be tempting to offer it – please don't.

Why shouldn't you offer counseling, even in a case where the person needs it or you believe you know what to do? For more than one reason:

  • Boundaries: As someone handling a harassment issue, your community expects you to act in a neutral, investigatory manner. Reaching past that role to counsel an involved user risks confusing them – "is this person an investigator or my friend/advisor?" – and overstepping the trust your community gave you.
  • Not dividing your energy: You hold advanced rights in your community because your community felt you had expertise in the skills that role calls for: discretion, knowledge of IP address technology, good judgment in resolving disputes, and so on. Even if you think advice beyond your role could be useful, remember that you are of most use to someone in a harassment situation by using the skills the community asked you to use; try not to get sidetracked by trying to offer other services as well.
  • Safety of the user: Unless you are a trained mental health professional, you simply cannot know the appropriate way to treat or counsel someone in a mental health crisis. Trying to do so without the necessary expertise means that, if you make a wrong treatment decision, you could inadvertently harm the person you are trying to help. In the case of mental health and crisis counseling, this kind of mistake could lead to a person in crises becoming even more upset, or causing a non-life-threatening situation to escalate into a life-threatening crisis.
  • Liability: By representing yourself as someone able to provide mental health advice, you could be violating laws in many places that govern who may give medical treatment. If such a law applies to you, you could be held legally responsible for negative repercussions from the advice you provided. Professional providers have insurance to protect them in this situation; you likely do not.

To sum up: In a harassment situation, it is in everyone's best interests for you to focus on assisting with your community and project expertise, not as a mental health counselor. You may optionally wish to suggest to a user who asks for counseling that they reach out to an organization like the National Association for Mental Illness (NAMI) (US only), which can help those in need find mental health treatment and resources. You can also provide links to a resource directory such as the Metafilter "There is help" page (international). You are not obligated to do so if you are not comfortable.

If you believe a situation is an emergency where the target or someone else is in immediate physical danger, you should contact emergency@wikimedia.org or local authorities immediately.

edit

If you handle harassment cases, you will almost certainly eventually encounter one in which legal concerns come up. Perhaps a target will want to know if they can issue a DMCA to force another website to take down images of them; perhaps the harassment someone reports to you will be in the form of "I will sue you" legal threats; perhaps a target will ask whether they should pursue legal action against the harasser.

As with mental health issues, it can be tempting to offer a victim with legal questions or needs whatever level of advice you feel you can. Please don't. Why? Many of the reasons are similar to the reasons you should not offer mental health counseling:

  • Boundaries: see mental health counseling
  • Not dividing your energy: see mental health counseling
  • Best interests of the target or reporter: Though giving poor legal advice is less likely to lead to physical harm than giving poor mental health counseling, the damage it can do is nonetheless significant. Being given incorrect legal advice could lead them to take (or not take) legal actions that are not easily reversible; it could even lead to a target putting themselves in a situation where a harasser has grounds to file a legal case against their target.
  • Liability: In some countries, including the United States, it is illegal to carry out the unauthorized practice of law, which includes activities like "providing information about what actions to take or giving advice to someone that is specifically tailored to an individual's unique situation, under the guise of being a lawyer or person experienced in the law." Breaking laws of this type puts you in legal jeopardy of your own – you could be fined or imprisoned.

If someone involved in a harassment case asks for legal advice, you should explain to them that you cannot offer advice of that type. If you know of a resource that can connect targets to qualified legal assistance, you may wish to offer it, but you are not obligated to do so and if you are uncomfortable for any reason, you may choose to simply explain to the target that you cannot provide such assistance. Linked below are two resources that allow a target to search for legal aid by area, crime type, and other requirements:

Test yourself: Offering support and resources

edit

This module will periodically present you with multiple-choice questions you can use to test your knowledge of the module you are studying. While more than one of the suggested answers may seem suitable, remember that you should try to pick the most suitable of the options.

You have just concluded a harassment investigation reported to you by a user targeted by harassment, User A. User A received "prank" phone calls from someone who claimed to be another Wikimedian, User B, but you have been unable to either verify or refute the alleged identity of the harasser, though it seems likely that B is the culprit. User A has not been subjected to any harassment on Wikimedia projects, and since the phone call behavior does not rise to a level of threat that would call for reporting it to the Wikimedia Foundation or the local police, you have reached the conclusion that there are no actions you can take that will resolve the situation.

Test yourself!
What should your reply to User A look like?
  1. Hello A, My team have been unable to verify that User B is the person who called your phone number, and as a result, we are declining your request for action against B and closing this file with no action. Please feel free to reach back out to us if you have any new evidence in the future. If you feel that your personal safety is threatened, in this situation or any other, please don't hesitate to contact your local authorities and/or the Wikimedia Foundation Emergency email team. (click to expand or collapse)
    This answer, while not entirely unsuitable, is overly terse and may make the victim feel that you do not believe their report. It also does not provide any recommendations to the victim of where they can reach out for further help.
  2. Hi A, It doesn't look like there's any proof that User B called you, and he denies it. We consider this matter closed since we were unable to verify your report. Please do not bring these allegations against User B up on-wiki, since they are unverifiable and would be considered harassment against B. I suggest that if you want to resolve the situation, you contact B directly to discuss it. (click to expand or collapse)
    This is not a good option because it not only may leave the victim with the impression that you do not believe them, but also threatens them if they seek further help. While it is true that a victim who reacts by persecuting their alleged harasser would be a behavioral issue, this case outcome email is not the appropriate place to bring it up, especially if you do not have specific reason to think the victim will do this. If you do have reason to think the victim might do it, there are better ways to make the point without sounding threatening.
  3. Hello A, I wanted to let you know that my team has finished our investigation into the report you sent us. Though we conducted a thorough investigation, my team can only act in cases where we are able to definitively prove the identity of the harasser and take actions on-wiki to stop the harassment, and those were not possible in this case. I apologize for what I know is an unsatisfying conclusion to the case for you, and I encourage you to reach back out to me or any other local user with advanced rights in the future if you experience further harassment or need assistance. I would also like to offer you a few other resources in case you find them useful:

    • Most importantly, if at any time you feel that your personal safety is threatened, in this situation or any other, please don't hesitate to contact your local authorities and/or the Wikimedia Foundation Emergency email team.
    • You may wish to reach out to off-wiki resources for either emotional or logistical support in dealing with this situation. Some really great hotlines and service organizations, most of which do not charge for the help they offer, are listed at http://mefiwiki.com/wiki/ThereIsHelp
    • If you would like to try something proactive about harassment against Wikimedians, next month the Wikimedia Foundation is going to be running a round of grant applications centered around preventing harassment on its projects. Applications will be accepted at [example page name]; you would be welcome there to suggest projects or discuss other people's projects. (click to expand or collapse)
  4. Well done! This answer makes a non-judgmental statement of the case's outcome, acknowledges the feelings of the victim, and offers them further non-Wikimedia resources.
  • Hello A, I am sorry to tell you that we are not going to be able to take any action to help you in this situation. Please understand that this does not mean that we don't believe your report, or that we are declaring people "innocent" or "guilty" in this situation. To the contrary, I personally am convinced that B is the person who placed those phone calls to you, and I will be keeping an eye on B's behavior in the future. However, since we couldn't definitively link B to the phone number that called you, there is not much we can do in this case.

    • In addition, I want to let you know that the Wikimedia Foundation is going to be running a round of grant applications next month centered around preventing harassment on its projects. That could be your chance to get the community to do something about the kind of behavior you experienced. You may also wish to reach out to off-wiki resources for either emotional or logistical support in dealing with this situation. Some really great hotlines and service organizations, most of which do not charge for the help they offer, are listed at http://mefiwiki.com/wiki/ThereIsHelp
    • Lastly, if at any time you feel that your personal safety is threatened, in this situation or any other, please don't hesitate to contact your local authorities and/or the Wikimedia Foundation Emergency email team. (click to expand or collapse)
  • This is a good answer, and is on the right track for a response to an upset victim, in that it expresses no judgment about the validity of the case and offers further resources. However, this response goes too far in sharing your personal feelings about user:B's guilt and urging user:A to get involved in a round of Grants specifically to advocate for their particular situation.


    (Discuss this question)

    Handling reports

    Handling reports

    edit

    Reporting harassment publicly, or even privately, is a difficult thing for many to do. It's natural to feel uncomfortable accusing someone of harassing you or someone you know, especially when the person in question is powerful. It's possible also that the harassment is subtle and easily deniable. When people submit reports to you, they may be afraid that you may simply not take them seriously or that, even if you do, you won't care.

    When you or your team receives a request, bear in mind that it may have taken a great deal of courage and caused a lot of anxiety to the reporter. Treat every claim as serious, even if its tone seems bombastic or overwrought.

    Handling reports: What makes a good reply

    edit

    The best thing you can do with a claim of harassment is to respond to it actively – even if there is nothing you or your team can do about it.

    • Be prompt: This is arguably the key aspect to an initial response. Don't leave reporters waiting for a reply that may or may not ever come. If you are able to action the complaint immediately, do so and let the reporter know. If the case is complex and you cannot immediately offer a substantive response, let the reporter know in the meantime that you have received their message and will be investigating.
    • Be empathetic: Assume the report is genuine – at the very least, assume it is something that has genuinely distressed the reporting party. Respond kindly, letting the reporter know your team will look into it. Try to avoid boilerplate replies where possible – make it clear that you are responding to their specific situation and that you are responding as another human being.
    • Give concrete timing information, and stick to it: Where possible, give estimates to the reporter on how long things will take to get moving. Be sure to allow yourself plenty of time in these timing estimates; things can come up, and delays can happen – this is not your full-time job, and you are not expected to be able to drop everything when a case comes up.
    • Be informative: This one is difficult, especially if the report came in privately. Being informative doesn't always mean being public or detailed; however, it's usually a good idea to at least keep the reporter up-to-date about the status of your investigations. Follow up with more emails as appropriate as the case goes on.
    • Ask for updates: Let the reporter know that they should forward new developments to you as they occur. If you feel that you need more information to complete your investigation, reach out to the reporter to ask for it.

    Test yourself: Writing a good reply

    edit

    An editor has written to you saying that another editor has revealed personal information about them on-wiki in an attempt to intimidate them from working on an article about a contentious subject. They have supplied a link to a diff. Before investigating further, you want to acknowledge the report. Should you write:

    Test yourself!
    What should your reply to User A look like?
    1. "Hello, looks like the person you reported definitely screwed up, so this one should be no problem. I'll probably revdel and block when I have time if that's what's needed." (click to expand or collapse)
      This answer is too casual, gives only a vague timeline, and promises action before the investigation has happened.
    2. "Hello, I'm sorry to hear about this issue. I will take a look and will update you on our investigation by the end of the week. If there are edits that need to be removed from public view to protect your safety, we will work to have them hidden as soon as possible. If you feel your personal safety is in danger, please contact your local law enforcement. Please update me if there are new problems that come up." (click to expand or collapse)
      Well done! This is the best response out of this group. It is empathetic, gives a specific timeline, offers a potential solution without committing to it, and asks for further updates.
    3. "Hello, from a quick look, it's unlikely that we'll be able to do anything. But we'll look anyway." (click to expand or collapse)
      This answer offers no empathy, and makes a pre-judgement on the case before it has been investigated.
    4. "Hello, I'm sorry to hear about this issue. It's clear that it has upset you, but there is no need to worry; since I have verified the diff you sent as problematic, we will immediately deal with the edit." (click to expand or collapse)
      This response is vague, promises a fast response before investigation, and states a fact that may not be true.

    (Discuss this question)

    Handling reports: What to do with third-party reports

    edit

    Sometimes, you will receive reports that are not from the target of harassment. For instance, someone might observe harassment occurring against someone else which they feel is serious enough to report on the other person's behalf. When investigating these situations, a good first step is to privately contact the person who is the reported target. Their opinions and any background they can provide will be valuable.

    Remember, however, that your investigation and any outcomes will usually not be decided by the wishes of the targeted user. The reported problem may represent a threat to other users and the community at large and may need to be investigated whether the target desires that approach or not. In these cases, however, it important to conduct your investigation in a way that respects the target's privacy – some targets of harassment may fear retribution if they are identified as the reporting or targeted party.

    Handling reports: Replying to non-actionable reports

    edit

    When a report is non-actionable or contains inaccuracies, it can be tempting to just ignore it or dash off an abrupt "nothing we can do here" reply. Remember, though, that the reporter – for reasons stated earlier in this module – may have put a great deal of emotional effort into putting the report together. So, how do you respond to these kinds of reports?

    The key here is to be empathetic. Sympathize with the reporter. Use soft language where possible, even if the reporter hasn't. If there really is nothing that can be done, and this is confirmed through an investigation, let them know. Give some potential next steps for the reporter. Your target here is to make sure they have at least some way forward, though it may not be totally possible to completely satisfy them with your response.

    It's also important to remember that the person who was reported in a non-actionable report may also be upset by the report. This doesn't mean the report was in poor faith; it may be a misunderstanding, or a genuine overreaction. Offer and provide advice to the person reported as well, whether that be cooling an editing conflict or avoiding the user altogether.

    Handling reports: When to contact the Wikimedia Foundation

    edit

    The Trust and Safety task force (T&S), within the Support and Safety team (shortened to "SuSa"), deals with severe harassment complaints, performing investigations where appropriate. These can, and have in the past, led to global "office bans" in the most serious of cases.

    There are several situations where it might be appropriate to refer a report to T&S:

    • Threats to life and limb: Serious threats, such as death threats or threats of terrorism, may be sent immediately to emergency@wikimedia.org. If you are comfortable doing so, you should also consider contacting your (or the target's) local authorities to report such threats. Assume all threats are serious, even if they don't sound plausible. If you are not comfortable making a call yourself, email the threat into the emergency email.
    • Serious complaints of harassment: In the case of ongoing and serious harassment, serious enough that you or your team don't feel comfortable handling it yourself, the report may be forwarded to ca@wikimedia.org. All members of the SuSa team are on this mailing list and can assist with investigating reports if need be.

    Handling reports: Directing reports

    edit

    What types of problems should be redirected to community noticeboards?

    edit

    Community noticeboards are great for getting more attention onto a problem and for finding people willing to deal with difficult situations. They also enable transparency, and bringing an issue to a noticeboard avoids the appearance of underhanded dealings in disputes. For problems like a single instance of edit warring or a personal attack, a community noticeboard may be a more appropriate and effective place to deal with the problem.

    That having been said, noticeboards are highly visible and open to everyone. They can result in unwanted attention and potential blame being focused on harassment targets. Noticeboard discussions are also often adversarial and hotly contested, and can flare out of control quite quickly. For this reason, we'd recommend not redirecting harassment reports to community noticeboards if there is a better option available.

    What types of problems can be handled by individuals?

    edit

    Clear-cut cases of harassment, involving obvious targeting and bullying, can, of course, be processed by an individual administrator in accordance with local policy. Such types of harassment are normally easy to spot and, on many projects, uncontentious to deal with, though they can also be among the most persistent of case types. When in doubt, or if a situation expands beyond your comfort zone, it is always appropriate to escalate for assistance.

    More difficult cases, such as more subtle harassment or cases involving long-term or otherwise constructive editors, should be discussed by more than one person prior to any investigation being closed. SuSa would recommend these discussions be done in private, unless it is more appropriate, based on other considerations, to use a noticeboard for this purpose.

    What types of problems should be redirected to advanced rights holders or arbitrators?

    edit

    If you receive a report addressed directly to you, that doesn't mean you have to deal with it alone, or that you are responsible for resolving it at all. (Though you can do both if it's appropriate.) Sometimes, these reports are best processed by local users with advanced rights, such as "checkuser" or "oversight", or arbitrators. For the reasons stated above, it might be more appropriate to pass cases like this on in private, rather than on-wiki.

    All but the most complicated of cases can usually be processed by local administrators, though the venue in which they do this depends on the severity of the accusations and, at times, the status of the reporter or reported party.

    You'll usually receive reports of harassment from users in good standing. However, you might also receive them from users under editing sanctions or even users who are blocked or banned from editing. Never dismiss a report due to the community status or reputation of involved users. Though knowledge of reputations may help you decide on the appropriate venue for handling a case, the facts of the case, not the reputations of the involved parties, are going to be the basis of your investigation.

    Investigating reports: Verifying facts

    edit

    There are a number of steps involved in a thorough investigation of a harassment report. It is not enough to simply look at the description or diffs a reporter submits – in almost all cases, deeper investigation is needed.

    Your first step in an investigation, after replying to the reporter to acknowledge that you received their report, is to verify as many of the reported facts as possible. This will involve:

    • Opening any diffs contained in the report and verifying that they say what the report says they say.
    • Verifying the identity of the reporter and/or victim: Are they actually operating the user account they claim to be, or might they be only pretending to be that account's owner? (This might be done under the pretext of a disposable, single-purpose account.)
    • Verifying the account status (if applicable) of the reporting party: do they omit any material facts, such as sanctions on their account? Are there any security issues related to this account, such as a compromised password, that may call for you to take immediate action?
    • Verifying the identity of the alleged harasser. Be aware that situations have occurred in the past where someone pretends to be another person and misbehaves in the hopes of getting the imitated party in trouble. In most cases you will not be able – or want – to verify a "real life" identity; your concern here is making sure that the account the reporter says is doing the harassing is actually the one doing the harassing
    • Verifying the account status (if applicable) of the alleged harassing party: are they under any sanctions that might be related to this situation? Are they blocked or banned? Does their account appear to have been compromised in any way?

    Investigating reports: Background research

    edit

    The facts you verified usually come with context that helps you to navigate the issue and understand what has happened. That makes the background an important component of evaluating a case; if you skip it, you risk overlooking history or facts that are vital to resolving the current issue.

    Your background research should cover researching the involved parties along the lines of below:

    • Regarding the target:
      • Has your team dealt with this person before (whether as a target, a reporter, or a harasser)? Were their reports and/or opinions reliable in any previous dealings you have had with them?
      • Does this person have a history of having been harassed, whether by the current alleged harasser or by others? (If yes, you may find that you are dealing with a new sockpuppet of an old harasser.)
      • What is this person's history in the community? Knowing that someone has participated in a gender-related WikiProject, for example, might lead you to discover that gender is the basis for the current harassment case.
    • Regarding the reporter (if different than the target):
      • Has your team dealt with this person before? Were their reports and/or opinions reliable in any previous dealings you have had with them?
      • Does the reporter have a known relationship to either the target or the alleged harasser? That is, might there be an ulterior motive in their report (backing up a friend who is in conflict, exaggerating a situation to make somebody look bad)?
      • What is this person's history and what, if anything, might you know about their approach to contentious situations? They may be known as someone superbly level-headed or as someone who overreacts; either of those being true will have some bearing on how you interpret the way they present their report
    • Regarding the alleged harasser:
      • Has your team dealt with this person before? Do they have a history of being reported for harassment? Have they been harassed themselves in the past?
      • Does this person have any known friction with either the reporter or the target? It may be that this reported harassment is simply the latest front in a long-term war.
      • What is this person's history in the community, and are the events in this report related to that history? Perhaps they have a history of being blocked or sanctioned when editing on a particular topic, or perhaps the reported behavior seems very unusual for them. Search the archives of relevant noticeboards and look at the block log and talk page of the user to help you determine whether that history may be related to your current case.

    Adequate background research will not stop at just the two or three involved parties, however; it will also take into account the relationships those parties may have to other editors or groups, as well as any general history of the point of dispute (if any) in the harassment:

    • Any organizations that any of the involved parties are affiliated with, and whether those organizations may also be in conflict
    • Any off-wiki activities any of the involved parties may be involved with that are relevant (for instance, someone may be known to participate in a forum that enjoys publishing the personal information of others, or may be open about having a certain gender identity or political view)
    • Whether the harassment report reflects a known long-term pattern of thematic conflict involving broader groups of users; for example, homeopathy-related editorial controversies.

    A caveat on background research: Context is not synonymous with rationalization or excusing. Your background and context research will help you understand the situation at hand, and they may explain why harassment occurred in a situation, but they will not make a valid report invalid and they will not justify harassment that has taken place. All contributors are responsible for their words and actions, no matter the context of a situation. A long history of quality contributions does not excuse bad behavior, nor does being objectively "in the right" or having been victimized in the past. Likewise, a history of bad behavior does not make a contributor "automatically" guilty when accused. Therefore, your analysis of a report's validity should focus on the facts described within the report rather than the parties involved in it.

    Investigating reports: Useful tools for gathering evidence

    edit

    The editor interaction analyzer can help you see where and how two users have interacted on a specific wiki. It can be useful in examining the background of a dispute between editors or claims of long-term harassment.

    The revision history tool (sometimes referred to as "Wiki Blame") can help you locate the appearance of text strings within revisions on a specific page and can be helpful finding a specific comment or edit.

    Knowing how to search subpages of a given page (that is, to search pages under a certain prefix) will let you narrow an on-wiki search to the content of only those pages. For instance, if you wished to search all archives of the Meta Wikimedia Forum, and only those archive pages, for a specific term, you would put your search term in the search box, followed by "prefix:Wikimedia Forum/Archives/". The results Search returns to you will be occurrences of the search term only in pages whose names begin with Wikimedia Forum/Archives/.

    What would you do?: What counts as 'actionable'?

    edit

    This module will periodically present you with “what would you do?” scenarios - hypothetical accounts of difficult situations. The goal in these sections is not to test whether you arrive at an objectively "correct" single answer, but rather to give you a chance to think about the different types of situations you may encounter, and the many issues and decision points that affect any eventual outcome you settle on.

    User A contacts you to indicate that they feel unsafe because of the way User B has conducted himself in an on-wiki talk page dispute. In reviewing the talk page, you see some minimally aggressive discussion where User B is dismissive of User A's opinions and suggestions without giving a lot of explanation. Several edit summaries may be considered personal attacks, referring to User A's comments as "stupid" or "trolling," while User A's comments appear reasonable.

    On deeper review, you find a long history of disagreements between User A and User B, including an incident the previous year where User B complained about personal attacks from User A to local administrators and it was recommended that User A avoid antagonizing User B. What further context could be useful to you in determining your appropriate response?

    What if, all other circumstances being the same, User B had resorted to stronger language in the current confrontation? What if in your review you discovered that User A had been following User B's contributions?

    If you were in this situation... what would you do? Leave your thoughts here.

    Investigating reports: Understanding "actionable" versus "non-actionable"

    edit

    Not everything you investigate will ultimately turn out to be actionable. Even in situations where wrongdoing is confirmed, you may simply not be able to take measures against the reported user. For instance, if an attack has happened on social media and you are unable to reasonably connect the social media account with a Wikimedia one, you may have no options for on-wiki action. In other cases, the target may have been subjected to negative treatment by another editor, but the actions don't meet the standard for harassment or rise to a level that merits action under local policies and guidelines.

    In such cases, the best of your available courses of action is not to punish the alleged attacker, but rather to provide support to the reporter. Keep in mind that not taking action against a reported aggressor doesn't mean the reporter was necessarily wrong to report this as harassment. Nor does it mean the report was inaccurate, or that either party is totally innocent. A "non-actionable" report is not the same as a false report – it is simply one that you cannot take direct action to resolve.

    Investigating reports: Documentation

    edit

    Documentation of what you have learned and done in harassment cases is very important for a few reasons. First, private investigations performed off-wiki, as most harassment investigations will need to be, are not automatically documented the way on-wiki edits would be; the only thing that the future will know about is what you record. Second, no single person or set of people who performed an investigation can be expected to remain in their role forever; if you drift away from your role in the future, others will need a way to find out what happened and why it happened in any given investigation.

    On the other hand, be aware that "documentation" doesn't – and shouldn't – mean "public documentation". It also should not mean that you or your team compile a permanent dossier about any involved editors. The parties involved in an investigation are entitled to as much privacy as you can reasonably give them while still doing your job, and it is your responsibility to protect information about them and the investigation by storing it somewhere reasonably secure and not recording or saving extraneous information.

    Investigating reports: What does appropriate documentation look like?

    edit

    To a certain extent, what "appropriate documentation" looks like will depend on who is performing the investigation. If you are performing an investigation as part of a team (such as an Arbitration Committee), your team should:

    • Record a summary of your investigation on your team's private wiki, if appropriate based on that wiki's policies.
    • Record the names of those who investigated and/or voted on outcomes for the investigation.
    • Take screenshots or gather diff links of evidence that informed any eventual outcomes of the investigation. Store these somewhere accessible to your team, such as on a private wiki or in an email to your team's secure, archived mailing list.

    If you are evaluating an initial complaint before passing it on to users with advanced rights or to the Wikimedia Foundation's Support and Safety team, make sure that your communication to the other investigating group contains:

    • Contact information for you
    • Contact information for the reporting party and/or victim
    • A summary of the complaint
    • Functional links to any relevant URLs
    • Functional diff links to any specific on-wiki edits relevant to the complaint (if you have them)
    • A summary of any preliminary investigation work you may have done

    Investigating reports: Where should the documentation be stored?

    edit

    The answer to this question depends on your role. Some groups, such as Arbitration Committees, may have their own "private" wiki. Other groups may primarily use email in their communications. Individuals receiving reports may have no designated place to document. So, work either in your team's designated space or in a secure document of your own creation to store the information.

    Do not use an on-wiki "sandbox" for this, and avoid hosting your documents in publicly accessible places, such as an unsecured "cloud" storage account. Collaborative documents such as Google Docs can be useful; however, you should pay careful attention to the "sharing" or security settings (see Google's help page on this topic). Your documents may well contain personally identifying information, and a "leak" could permanently damage the reputation and public trust that users have in your group.

    Closing cases

    Closing cases: Documentation

    edit

    We've covered a lot of skills that are important for closing a case in previous lessons in this module. Let's review them now.

    Any case closure will need to start with documentation. Your documentation should have information about what the case was about, who investigated the report and what they found, and what the outcome was.

    This documentation may be stored on your team's private wiki, or in a post to your team's private, secured mailing list. Do not document your cases publicly or in a low-security location like an etherpad. Information that is private and personal should not be made public.

    Closing cases: Closing non-actionable reports

    edit

    Even in a case where you and your team take no action, there are some steps you will need to carry out as you close a case.

    First, you will need to notify the target of the outcome of your investigation. Remember to communicate with empathy and to offer the target further resources for help if such resources exist. You may wish to provide some detail about why the case was deemed non-actionable, but do not become over-detailed: it is rarely a good idea to go into detail about whether you, personally, believed their report or whether a particular piece of evidence was found lacking.

    After this, you may need to notify the subject of the report. Whether this is necessary will depend on the situation: was the report obviously mistaken, and you closed it at a glance without needing to do a full investigation? In that case, the subject of the report may not know a complaint was even filed, and will be surprised to hear from you. On the other hand, did you do a full investigation, including speaking to the subject and/or witnesses about the existence of the case? In that case, you owe it to the subject to let them know that the case is closed and what the outcome is.

    Closing cases: Closing actionable reports

    edit

    Closing an actionable report is a bit more involved, though it is based on most of the same steps.

    Usually, your first step in closing an actionable case will be to take any on-wiki action your team has decided on. The timing of this step is important; if it has become necessary to place a block or ban on a user, you want to avoid leaving them in a state of "nothing left to lose," especially if they have advanced user rights that could be misused in retaliation. That will mean placing any blocks or bans first, before notifying the sanctioned user.

    There should not be a gap in time where the sanctioned user is left wondering why a sanction has been placed on them; immediately after placing any blocks or bans that are needed, you should notify relevant parties. This will include the sanctioned editor, first; the target or person who reported the case to you, second; and possibly any on-wiki venues your community requires sanctions to be posted in.

    When communicating with someone you are sanctioning, keep your statements factual and as non-judgmental as you reasonably can given the situation. Communicate clearly what action is being taken against them and, in general terms, why, and what they can do if they wish to appeal your decision. Even in the context of explaining how to appeal, however, it is not appropriate to provide a sanctioned user with the name of, or detailed information provided by, their accuser or target. As always, you should attempt to communicate with both targets and reported users with empathy.

    Remember that in severe cases that involve advanced user rights, you may need to contact a steward or bureaucrat to request removal of those rights, and that these teams may not make instantaneous decisions on such requests. In a case where you must reach out to stewards or bureaucrats for higher-level action, you needn't delay closing your case or taking any necessary local actions unless you have reason to believe that the need for these actions will be affected by the decisions made by the stewards or bureaucrats.

    Test yourself: Closing an actionable case

    edit

    This module will periodically present you with multiple-choice questions you can use to test your knowledge of the module you are studying. While more than one of the suggested answers may seem suitable, remember that you should try to pick the most suitable of the options.

    Your team has just finished investigating a case where user:Q was shown to have harassed user:R through the Wikimedia email service. You have decided to ban Q from your project for this behavior.

    Test yourself!
    What set of actions best represents what you need to do next and the order you need to do it in?
    1. Document your investigation by summarizing the case on your team's private wiki (if you have one), then place the necessary block on user:Q. Send an email notifying Q that they have been banned for harassment, then send an email to user:R letting them know that the case has been closed and that Q has been banned. (click to expand or collapse)
      Well done! This answer is the most suitable option. It keeps private what should be kept private. It also involves telling those who need to know the status of the case, and its final outcomes.
    2. Document your investigation by summarizing the case on your team's private wiki (if you have one). Notify user:R that you will be banning user:Q from the project because of their behavior, then go ahead and place the block to enforce that ban on user:Q. You don't need to notify Q specifically, since they'll find out next time they try to edit, anyway. (click to expand or collapse)
      This makes the false assumption that you do not owe a blocked user a notification that they have been blocked and an explanation of why.
    3. Notify user:Q that they are banned from your project, then place the block to enforce that notification. Email user:R to let them know you have banned Q, then document your investigation by posting a summary and evidence analysis on your project's administrative noticeboard. (click to expand or collapse)
      Detailing the case publicly, as in this answer, would be a failure to protect the privacy of the involved parties.
    4. Document your investigation by summarizing the case on your team's private wiki (if you have one). Place the necessary block on user:Q, then send them an email officially notifying them that they have been banned for harassment. You don't need to notify user:R specifically, since no action is being taken against them. (click to expand or collapse)
      This response makes a similar mistake by assuming that the victim will not want to hear from you directly about the case's closure.

    (Discuss this question)

    What would you do?: Challenge question: closing a case that involves advanced user rights

    edit

    This module will periodically present you with "what would you do?" scenarios – hypothetical accounts of difficult situations. The goal in these sections is not to test whether you arrive at an objectively "correct" single answer, but rather to give you a chance to think about the different types of situations you may encounter, and the many issues and decision points that affect any eventual outcome you settle on.

    Your team has just finished discussing how to handle a case where user:X was alleged to have harassed user:Z. You believe the evidence shows that user:X, who is also a Steward, has used their access to Z's private information to harass Z off-wiki. While your team believes that banning X from your project is an appropriate action, you are also concerned about X's continued access to private information through their Steward user right. As a local project team, however, you have no ability to revoke the Steward user right. In fact, the only body with that power appears to be either the other Stewards, or the Wikimedia Foundation's Trust and Safety team.

    If you were in this situation... what would you do? Leave your thoughts here.

    What would you do?: Closing a non-actionable case

    edit

    This module will periodically present you with "what would you do?" scenarios - hypothetical accounts of difficult situations. The goal in these sections is not to test whether you arrive at an objectively "correct" single answer, but rather to give you a chance to think about the different types of situations you may encounter, and the many issues and decision points that affect any eventual outcome you settle on.

    Your team has just finished discussing a case where you were unable to agree on whether the evidence proved that user:B is the person who conducted a harassment campaign against user:A, with some team members being convinced and others remaining skeptical. Deadlocked as a group, you are therefore are taking no action. You are in charge of notifying the involved parties that the case has been closed with no action, and you write to user:A to explain that while you understand their concerns, your team will not be able to take action against user:B. You suggest a few support organizations that may be able to help user:A cope with the situation.

    User:A replies to your notification to express their disagreement with the conclusion of the case and make the following points:

    1. Asking you to give specifics about what evidence your team did not believe
    2. Suggesting that since the majority of your team is not part of the marginalized group A is part of, your team may have had a flawed perspective on the evidence

    User:A asks that, particularly in light of point 2, your team either reconsider the evidence or pass the case to another, more qualified team to evaluate. They add that if your team is unable to handle situations like theirs, they may be forced to apply pressure via public comment.

    If you were in this situation... what would you do? Leave your thoughts here.

    Reporting out: Deciding whether a public announcement is necessary

    edit

    Once you have finished placing any necessary sanctions, you may need to make a public notice of the case outcome. Doing so will not be necessary in all cases, and you will need to use your best judgment and the local policies of your project when deciding what to say publicly about a case and how to say it.

    Some projects, like English Wikipedia, publicly announce all removals of advanced user rights via a noticeboard. If your case's closure included one of these actions, your team will be expected to make a public statement about it. Other projects rely more heavily on individual administrator discretion, or on private discussion about these topics. If your project is one of those types, you should not make an undue spectacle of your case's closure. Training modules/Dealing_with_o nline_harassment/slides/choosing-what-details-to-release-in-a-public-announcement

    Reporting out: Responding to third-party questions about a case

    edit

    Remember after you release the statement that community members who see your announcement do not know the details of the case and may not know much about any of the involved parties. It is understandable that members of a transparency-centric movement might want more information about an investigation that was conducted off-wiki and without public discussion. Your team's decisions in such a situation may appear shocking or unjustified. Community members may want you to answer questions ranging from the general ("Does this outcome affect how we apply this policy?") to the very specific ("Is this about that post they made on Reddit?")

    Though these community questions are understandable, when attempting to answer them, you should remember that there is a reason that your community charged your team with handling these investigations in private when needed. A question being asked does not mean you are obligated to fully answer it if doing so would reveal case details that are best kept private.

    In a situation where third parties are asking you questions about a case, aim to provide as much detail as you safely can, but no more. Use your best judgment to determine where to draw the line; below are some general guidelines, but if you're not sure whether a question can be answered without stepping outside those lines, always check with your team or a colleague.

    1. Is the question answerable without violating the privacy of any involved parties? If yes, go to 2. If no, do not answer publicly.
    2. Is the question answerable without violating any confidentiality obligations that apply to your team's discussions? If yes, go to 3. If no, do not answer publicly.
    3. Is the question directly relevant to the case at hand? If yes, go to 4. If no, suggest the question be brought to a more appropriate venue.
    4. Does the question appear to be relevant to helping the community understand your team's decisions, or does it appear to be a matter of curiosity? If relevant, answer the question publicly based upon your best judgment. If it seems to be curiosity, respond by explaining why conducting harassment investigations privately is important.

    What would you do?: Answering questions about a case

    edit

    This module will periodically present you with "what would you do?" scenarios - hypothetical accounts of difficult situations. The goal in these sections is not to test whether you arrive at an objectively "correct" single answer, but rather to give you a chance to think about the different types of situations you may encounter, and the many issues and decision points that affect any eventual outcome you settle on.

    After an on-wiki dispute with user:A that escalates, user:B is blocked from Wikipedia for a month. During that period, user:B creates an account on Anti-Wikipedia, a wiki where users who have left Wikipedia for various reasons create satirical content about Wikipedia and its users. B uses their new Anti-Wikipedia account to create an article there about user:A, in which they post information supposedly about A, including a photo, a home address, and the names of A's children and the school they attend. The article encourages readers to call A's home "for a good time."

    Shortly before B's month-long block expires, A is made aware of the Anti-Wikipedia article about them. They contact your team to ask for help, noting that B does not seem to have let go of their disagreement and saying that they, A, are now concerned for the safety of themselves and their children. Since B has been open both on Wikipedia and on Anti-Wikipedia about owning both of those accounts, there is little question that the Anti-Wikipedia page was created by B. B rejects a private request from your team that they stop publicly posting information about A.

    Your team determines that this behavior is enough of a threat to community safety that B should no longer be allowed to edit Wikipedia. You place a ban on B and post the following statement on your project's administrative noticeboard: "For engaging in conduct that violates Wikipedia's Harassment Policy, user:B is banned from Wikipedia. They may appeal privately to [your team name]".

    Community members subsequently begin to ask questions about your team's justification for this action, noting that user:B has not edited Wikipedia, even on their talk page, for more than a month, and that B has no block log or sanction history involving harassment. Some of the community members asking these questions appear to believe your team may have exaggerated or misinterpreted whatever behavior you banned B for, since you aren't willing to describe it.

    Your team knows you need to post a reply to these questions, but you are concerned about how you can justify this action to the community without releasing information that can be used to identify one or more of the target, the venue for the harassment, or the content of the harassment.

    If you were in this situation... what would you do? Leave your thoughts here.

    After a case: Self-care

    edit

    Dealing with harassment cases is tough for all involved. This doesn't just apply to the parties of the case, but to the mediator as well. You should know how to effectively care for yourself after handling a case, no matter what the outcome of the case is.

    It's not uncommon to feel personally invested in cases, particularly ones which do not have an easy solution or which uncover information that upsets you. You may experience "secondary trauma" or "caregiver burnout" – a common feeling of guilt or mental exhaustion experienced by those providing care to others. Your ability to care for others depends on you keeping yourself safe and healthy enough to effectively give that care.

    Some resources around caregiver burnout include WebMD and Australia's HealthDirect, which provide steps on what to do to deal with this. Many other resources are available to help you deal with stress. It is most recommended to speak with your doctor if you feel this is getting in the way of your activities both on and off the projects.

    After a case: Debriefing

    edit

    Immediately after a case, you and the group in which you work (for example, local oversighters or the stewards) should gather to "debrief" on the case you just helped to mediate. Ask yourself questions to help with this, like:

    • Was the result the best possible given the circumstances?
    • What went well in this case? (Perhaps note down some things you did or said which were received well, or which led to progress.)
    • What didn't go well in this case? (Perhaps note down some areas where progress was slow, or where processes made things difficult.)
    • How could you work to make things better for next time? Are there policies that could be improved or discussed?

    While it may seem odd to discuss a case, finish it, and then return immediately to talking about it, this type of debrief is useful to work out better processes, as well as to keep at least an informal record of how things are going. It is best done soon after the case, before people begin to forget details. It should make future cases that are similar easier should they come up, or it might even prevent them from coming up at all. Your debrief doesn't need to be public – it can be done on an email thread or on a platform like IRC. The important thing is to think about whether your processes can be improved, and to start to understand where problems exist.

    After a case: Responding to questions from the community or in public venues

    edit

    Cases don't always end with a final decision and a report-out. Sometimes – especially in more controversial cases – your decision or actions taken will be questioned. Information on what to include in your answers to questions like these can be found in the "reporting out" section of this module. There is more to this than just answering the questions, though. You also need to be able to manage your own mental health here, balancing it with the well-being of those involved in the case.

    You are never obligated to take an action you aren't comfortable with, particularly in a case that involves the potential for harassment; however, the community should be able to expect that relevant and non-intrusive questions will be answered. If you're concerned that doing something like answering a public question might result in harassment directed at you either onwiki or on external websites, consider asking another team member to answer it, or referring the questioner to a more private venue like email for discussion. Training modules/Dealing_with_online_harassment/slides/follow-up -tracking-and-appeals

    [[Category:WMF training drafts.