I've started using tags in my CU log entries (in [brackets]) to help me analyze my activity. Obviously, only people with CU access can see these entries. Here's a breakdown of what the tags mean:
- spi: Check is related to an ongoing SPI - either an active sock or one from the archive
- 2o: I am providing a second opinion for another CU on some findings
- unblock: Checking someone who has requested an unblock where CU is necessary (such as an unblock following a CU block or when someone appears to be affected by a CU block)
- ipbe: Checking for evidence of abuse before granting IPBE
- q: Relates to a request on the CU or paid queues (other than IPBE). Should include the ticket number
- sock: A check of a user where I believe I know the sockmaster (but there is not a current SPI)
- lta: Like the above, but more generic; I suspect the editor is an LTA though I don't have a specific LTA in mind
- comp: Comparison to an ongoing CU, such as if I find new accounts during an SPI that I want to investigate in more depth
- coll: Checking collateral before hardblocking an IP or range
- fish: The dreaded discretionary check. The user does not fall into one of the abuse categories above, but nevertheless I believe that they are likely to be a sock and that checkuser would be helpful in identifying them.