Wikipedia:Arbitration Committee/CheckUser and Oversight/2019 CUOS appointments

The community consultation phase is closed. The Committee has announced the appointments.

The current time and date is 20:36, Thursday, November 21, 2024 (UTC) .

The Arbitration Committee is seeking to appoint additional editors to the CheckUser and Oversight teams.

Prospective applicants must be familiar with (i) policies relevant to CU and/or OS and (ii) the global privacy policy and related documents. They must have good communication and team-working skills. CheckUser candidates must be familiar with basic networking topics and with SPI tools and techniques, and preferably are willing to volunteer at ACC or UTRS. Applicants must also be:

  • available to regularly assist with the workload;
  • familiar with Wikipedia processes, policies, and guidelines;
  • an administrator on the English Wikipedia;
  • at least 18 years of age and have legal majority in their jurisdiction of residence;
  • willing to disclose all other accounts they have operated to the committee;
  • willing to agree to the WMF Access to Non-Public Information Policy (L37) and the OTRS Users Confidentiality Agreement (L45).

We welcome all applicants with suitable interest to apply, but this year we have particular need of applicants who are:

  • Familiar with common ISPs and editing patterns from Asia and Eastern Europe.
  • Familiar with IPv6.
  • Familiar with identification of factors that may change a result or block, such as ISP, location, activity, or type of network.
  • Experienced in analyzing behavioral evidence for sockpuppetry investigations.
  • Interested in mentoring editors who wish to become SPI clerks.
  • Active users of non-standard venues, such as IRC, the account creation interface, OTRS, and/or the Unblock Ticket Request System.
  • Interested in handling sockpuppetry investigations related to paid editing.

Applicants must be aware that they are likely to receive considerable internal and external scrutiny. External scrutiny may include attempts to investigate on- and off-wiki activities; previous candidates have had personal details revealed and unwanted contact made with employers and family. We are unable to prevent this and such risks will continue if you are successful.

Appointment process

edit
Dates are provisional and subject to change
Applications: 23 Sept to 29 Sept
Candidates self-nominate by email to arbcom-en-c@wikimedia.org. Each candidate will receive an application questionnaire to be completed and returned to the arbcom-en-c mailing list before the nomination period ends. This should include a nomination statement, to a maximum of 250 words, for inclusion on the candidate's nomination sub-page(s).
Review period: 30 Sept to 2 Oct
The committee will review applications and ask the functionary team for their feedback.
Notification of candidates: 2 Oct to 3 Oct
The committee will notify candidates going forward for community consultation and create the candidate subpages containing the submitted nomination statements.
Community consultation: 4 Oct to 10 Oct
Nomination statements will be published and candidates invited to answer questions publicly. The community is invited to participate. Please note changes from previous consultation phases:
  • Editors may ask a maximum of two questions per candidate;
  • Editors may comment on each candidate with a limit of 500 words, including replies to other editors. Discussion will be sectioned and monitored by the Arbitration Committee and the clerks;
  • Please refrain from bolded votes, as this is a consultation and not a community consensus.
Comments may be posted on the candidates' subpages or submitted privately by email to arbcom-en-c@wikimedia.org. Editors are encouraged to include a detailed rationale, supported by relevant links where appropriate.
Appointments: by 14 Oct
The committee will review community comments and other relevant factors, finalize an internal resolution, and publish the resulting appointments. Successful candidates are required to sign the Confidentiality agreement for nonpublic information prior to receiving permissions. Oversighters and CheckUsers who intend to work the OTRS paid editing queue must sign the OTRS Users Confidentiality Agreement.

Candidates

edit

To comment on candidates, please use section edit buttons to edit the appropriate candidate subpage(s).

CheckUser

edit

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.


ST47

edit

ST47 (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement
I am volunteering for Checkuser and Oversight. I returned to Wikipedia early this year from a long inactivity - I originally edited from 2006 - 2009. I am familiar with WP:SPI and investigate and resolve cases there regularly, and I have already signed the WMF NDA as a WP:ACC user. I'm a computer security researcher and a part time web admin, so I am very familiar with the uses - and limitations - of the tool. I am comfortable calculating IP ranges and issuing range blocks. My Recent Changes and AbuseFilter patrolling causes me to stumble upon likely sock puppet accounts fairly often, and access to the Checkuser tools would allow me to properly resolve those cases and help with backlogs at WP:SPI and elsewhere. Similarly, I do occasionally run into oversightable things from recent changes or sockpuppets, and report them to the oversight team. I often have IRC and email open even while I'm not actively on wiki. So, I offer to take on either or both roles, as you decide.
Standard questions for all candidates (ST47)
edit
  1. Please describe any relevant on-Wiki experience you have for this role.
    I regularly patrol WP:SPI for cases that are ready for administration, either because a CheckUser has already commented or because no CheckUser is required, so I am familiar with investigating behavioral evidence of sockpuppetry as well as the procedures at SPI. I come across enough likely socks through patrolling Recent Changes, abuse filters, and a few other venues, to be familiar with the common LTAs. I also issue my fair share of range blocks, balancing the size of the range and the duration against the level of disruption in order to minimize collateral damage.
  2. Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
    I work in computer security, and I'm a developer/sysadmin for a small hobbyist website, so I regularly work with IP addresses and ranges, WHOIS and port scan data, user agent headers, and so on.
  3. Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
    No.
Questions for this candidate (ST47)
edit
Editors may ask a maximum of two questions per candidate.
  1. You went almost an entire decade with minimal activity [1]. While I think it's great that you have returned, some might say that you should have been desysopped for inactivity. CU/OS are particularly sensitive permissions if put in the wrong hands, even more so than just administrator. If given the tools (and you are applying for both tools), do you think that you will be active enough over the next few years to put them to good use? --Rschen7754 01:14, 5 October 2019 (UTC)[reply]
    Hi Rschen, thanks for the question. I won't wade too far into topic of sysop inactivity except to say that I probably wouldn't have started back up if I would have had to go through RfA again. Aside from a few new buttons, the learning curve hasn't been too steep, and I'm far from the only administrator to return from a long period of inactivity. If WP:RBM is any indication, we should be working to retain and recover experienced editors, particularly those who have left under non-controversial circumstances.
    On point, I do believe I'm here to stay. I went inactive due to college; I now hold a stable full-time job. I've gained some maturity and life experience, and I'm returning with a fresh motivation to contribute to the project well into the future. I've learned the few new tools and processes that are relevant to my work, and I've found ways to apply my skills here that I enjoy and find productive. So yes, I do believe that I would be able to put the tools to good use.
    Now, if I'm wrong about all that, the activity requirements for CU and OS are also quite a bit more stringent than for sysop. I believe it is 5 logged actions (with the functionary tools) in a year, and of course ArbCom has the power to change that or otherwise manage the Checkuser or Oversight tools as they see fit. I'm also aware of the experimental m:2FA support and while local CU is not one of the mandatory users, I'd certainly look closely into using it if appointed, as another option to improve account security. (My password is already a long random string that is not used for any other site.) ST47 (talk) 06:15, 5 October 2019 (UTC)[reply]
Comments (ST47)
edit
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-c wikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.

L235

edit

L235 (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement
Greetings: I’m Kevin, and I’m applying for CheckUser and Oversight access to help with some of the backlogs we’ve seen, particularly at SPI. I’ve been an SPI clerk since December 2015, where I’ve been actively involved in sockpuppetry investigations. As a clerk and patrolling administrator, I am responsible for making initial determinations on the use of CheckUser (endorsing or declining CU requests prior to CU review), evaluating evidence, and blocking users for sockpuppetry. I’ve made over 500 blocks in the ~1 year since my RfA, and many SPI-clerk recommendations for admin action before that.
I have an extensive track record as a thorough evaluator of behavioral evidence in SPI cases, and I have a technical background as a Stanford computer science student. I am regularly available and accessible on IRC, and I am glad to perform CU/OS functions on ACC, UTRS, and OTRS (all of which I currently have access to).
Standard questions for all candidates (L235)
edit
  1. Please describe any relevant on-Wiki experience you have for this role.
    My nomination statement describes a number of pertinent areas in which I've contributed; in particular, I've been an SPI clerk for nearly four years, an ArbCom clerk for over four and a half years, and an administrator for over a year. In these roles, I have worked closely with functionaries and arbitrators, especially in sockpuppet investigations, and have developed experience in evaluating evidence and using the block and revdel tools.
  2. Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
    I have a technical background as a student of computer science at Stanford; although networking is not my area of research, I know the basics and I'm confident I can pick up relevant skills fairly quickly. As for experience dealing with private information, I have held a number of positions requiring NDAs and/or background checks.
  3. Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
    I do not have other advanced permissions, but I do have OTRS access to the info-en queue.
Questions for this candidate (L235)
edit
Editors may ask a maximum of two questions per candidate.
Comments (L235)
edit
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-c wikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.
  • Anyone around SPI will know the good work Kevin does. Thoroughly vetted and clueful administrator. --qedk (t c) 17:02, 6 October 2019 (UTC)[reply]
  • A relatively new admin but combined with their ArbCom/SPI clerking experience I feel comfortable supporting both tools. Only hesitation would be increased workload, but these are in areas that generally overlap, so I'm not really concerned. --Rschen7754 05:08, 8 October 2019 (UTC)[reply]

Oshwah

edit

Oshwah (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement
I am applying for the CheckUser permissions in order to extend my participation on Wikipedia and help put a stop to sock puppetry, disruption, and abuse. I'll be available to help with processing requests that I see go unanswered on IRC, as well as help with the backlog at SPI and ACC. I've been an administrator for three years, an oversighter for one year, and have been consistently active, available, and happy to help with requests and urgent matters on IRC and other communication methods. Having the checkuser tools will help me to be able to help more people, as well as help protect this project from sock puppetry and abuse, and put an end to harassment. If you have any questions, please do not hesitate to ask and I'll be happy to answer them.
Standard questions for all candidates (Oshwah)
edit
  1. Please describe any relevant on-Wiki experience you have for this role.
    My time has been mostly spent in recent changes patrolling and attempting to mentor and help new users on Wikipedia. I patrol recent changes and revert vandalism, respond to instances of long-term abuse, username violations, blatant sock puppetry, page protection requests, and (occasionally) AFD, AN3, and ANI. I'm also an ACC Tool Administrator on WP:ACC, and assist with processing account creation requests, as well as helping tool users with difficult or complex cases. I'm also an SPI clerk and help with responding to evidence and accusations of sock puppetry. I'm also highly active on IRC and I respond to requests for assistance and input from other users, and I respond to emergencies such as LTA activity, threats, blocking requests, revision deletion and suppression requests.
  2. Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
    My user page explains the extent of my background in a nutshell - I've grown up around computers and my IT-related experience goes very far back. I performed computer and network administration throughout my youth while in school, and held jobs in IT-related areas ever since. I have a BS in Computer Software Engineering Technology and a Minor in Applied Mathematics. I have extensive IPv4 and IPv6 experience that I actively use during my daily tasks at my current job, including networking, traffic routing, VPN, encryption, and security. I also have basic and advanced certification with Dell SonicWall firewalls and have written packet sniffing, ARP, and ICMP software GUIs and tools completely by myself using C++, Win32, and the WinPcap library.
  3. Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
    I am an oversighter on the English Wikipedia here, a bureaucrat on the test protect, and a steward on the Wikimedia beta project. I have OTRS permissions and access to the oversight-en and info-en queues.
Questions for this candidate (Oshwah)
edit
Editors may ask a maximum of two questions per candidate.
  1. Your candidacy in 2018 was unsuccessful. What is different about it this time around? --Rschen7754 01:32, 4 October 2019 (UTC)[reply]
Since last year, I was promoted to a full clerk on SPI. I've also extended my participation on Wikipedia by not only responding to suppression requests and suppressing content that required its use with the oversight tool, but also helped to remove missed content that needed supression. I also expanded the oversight page to make it more clear, detailed, and easy to read for newcomers. I've also helped to improve the ACC process for users by increasing deflection. This was done by helping to create necessary pages in order for users to assist themselves and create their own accounts instead of making them wait up to six months to have one created for them by creating a new ticket request.
Comments (Oshwah)
edit
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-c wikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.

Mz7 (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement
Hello, I'm Mz7, and I would like to apply for checkuser rights this year. I have a history of evaluating SPIs going back to when I became an administrator in January 2017, and I am experienced at identifying the behavioral peculiarities that may indicate that two accounts are related. CheckUser would just be another tool in the toolbox to help with the work I already do in that area. Apart from SPI, back in January of this year I joined the account creation team (ACC), which typically has a backlog of requests awaiting checkuser (the oldest request in that queue at the time I am writing this is from 7 months ago). I would be happy to help out on that front as well. As far as my personal background goes, I am familiar with networking principles and IPv4/IPv6 range blocks, and I consider myself a quick-learner. If there is a tricky or unfamiliar case, I would not hesitate to consult with a fellow checkuser. I am very active on IRC, and I find that I get along pretty well with others on Wikipedia. I look forward to working with the team if appointed.
Standard questions for all candidates (Mz7)
edit
  1. Please describe any relevant on-Wiki experience you have for this role.
    As I mentioned in my nomination statement, I have commented on numerous sockpuppetry investigations in the past several years I've been an administrator. Specifically, I have experience spotting behavioral peculiarities that carry over between multiple accounts (which are the key in investigations—checkuser is just complementary evidence in that sense), and I am familiar with the kind of information that checkuser would return and how it would factor into the outcome of an investigation. I joined WP:ACC back in January 2019, where I have handled approximately 400 requests, about three dozen of which I had to refer to checkusers.
  2. Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
    I have a technical background and am familiar with basic networking principles and IP address assignment. I consider myself a quick learner, and if there is any technical aspect of a case that I am unfamiliar with, I will not hesitate to ask a fellow checkuser for advice. I also have experience fulfilling confidentiality obligations.
  3. Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
    This is my first time applying for advanced permissions beyond sysop on any WMF project. From November 2016 to April 2019, I was an active member of the OTRS team with access to the info-en and permissions queues. I voluntarily requested that my access be removed in April 2019; although my activity level was still within the activity requirements of OTRS, I decided I wanted to focus my time more on content work and administrative work on-wiki.
Questions for this candidate (Mz7)
edit
Editors may ask a maximum of two questions per candidate.
Comments (Mz7)
edit
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-c wikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.

RoySmith

edit

RoySmith (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement
I am applying only for CU. Qualifications:
  • Admin since 2005.
  • Extensive unix DevOps experience, including managing web servers at Songza and Google.
  • Engineering team lead for Smarts/EMC's IPv6 network management product.
  • Have been active on WP:SPI, opening cases for investigation by CU holders.
Standard questions for all candidates (RoySmith)
edit
  1. Please describe any relevant on-Wiki experience you have for this role.
    I've been active for the past few months opening SPI cases. I got into that when I started working on reviewing new drafts, which has a fair amount of socking involved. My role at this point has been gathering whatever evidence I could with the standard admin capabilities. Commonality of editing focus, correlations between users of editing timelines, similarities in usernames, editing style, etc. When there seemed to be enough behavioral evidence, I would open a SPI case for further investigation by a CU.
  2. Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
    My last two positions (Senior Software Engineer at Google, and Director of Engineering at Songza) were both hands-on running web servers and applications. Much diagnostic work involved reading through server logs. In both positions I had access to confidential user information. Particularly at Google, access to any personally-identifiable information was tightly controlled, on a "need to know" basis, and with strict requirements to limit access to the minimum amount of data required to do the job, for the minimum amount of time, and quarantined to a secure environment. As a CU, I would have access to similarly sensitive user information, and would exercise the same diligence. I'm being vague here, but please feel free to ask questions if I've glossed over anything that you want to know.
  3. Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
    Other than being an admin on en, none. No OTRS permissions.
Questions for this candidate (RoySmith)
edit
Editors may ask a maximum of two questions per candidate.
  1. I'm a little surprised to see, given your apparent technical experience, that you've only blocked 5 IP addresses in the last 10 years. The CU role requires a lot of work with IP addresses, such as blocking, analysing or classifying networks, and evaluating collateral. Could you elaborate on how your experience has prepared you for IP addresses in the context of Wikipedia? Would you expect your blocking activity to massively change? -- zzuuzz (talk) 06:32, 4 October 2019 (UTC)[reply]
Every incoming HTTP request will have the remote IP address logged. For logged in users, there will be, in addition, a username. The IP addresses can be used as a clue to suggest that multiple requests may have come from the same place. For example, if I make a logged-in edit, then log out and make another edit, both edits will be associated with the same IP address, and that's a pretty good clue they're by the same person.
But, life is more complicated than that. For example, with my residential internet connection, I have a (mostly) static IP (v4) address. Inside my house, my router does NAT, making multiple computers on my WiFi all appear to have the same IP address. So, all you can really say about a request from that IP is that it was from some computer within range of my WiFi.
NAT is done on a much larger scale at universities, corporations, libraries, and the like. Even countries. Thus, indiscriminate blocking of IPs can deny service to a large number of users as collateral damage.
Commercial customers are more likely to publicly expose a range of IP addresses, commonly written using CIDR notation. For example, a small business I help out with their IT needs, has a /29. That means the top 29 bits are their network address, leaving the bottom 3 bits for internal addressing. Excluding 000 and 111 as reserved, that gives them 6 externally routable IP address, any of which might be visible in the Wikimedia server logs for requests coming from this location. If it were decided that this location was overrun with miscreants and we wanted to block the entire lot of them, we would block the entire /29 range (I don't think I've ever actually used this feature). Special:Block lists some particularly sensitive examples of this, along with cautions for use, and instructions for reporting to the WMF any such blocks.
NAT is theoretically possible with IPv6, but the extremely large address space eliminates the main technical driver (i.e. address space exhaustion) which gave rise to NATv4. It is still used at IPv6-IPv4 traffic boundaries.
On the other end of the spectrum, some users will come from multiple IP addresses. The most obvious case is somebody editing from both home and their office, or from public WiFi hotspots. Users with dial-up connections (increasingly rare these days) will get a different IP address on each connection (although, probably out of a limited-size pool). Mobile users (a large and growing segment, especially outside of North America) will get dynamic IP addresses. With all of those, the IP address won't change very quickly, so a user who logs out and logs in again as a sock will probably still have the same IP address.
Corroborating evidence would be identical user-agent strings. For example, I take my laptop with me and use it on various networks, including public hotspots and on mobile networks via tethering to my phone. In those various locations, I'll have different IP addresses, but my user-agent string will be the same. On the other hand, in large centrally-managed environments, software is usually rolled out onto desktops via automated processes, so every computer may have the same user-agent string. Thus user-agent matches or mis-matches are just another hint, neither conclusively proving or disproving anything.
And, of course, all of the above assumes a technically naive user. A more sophisticated user can intentionally mask their IP address using proxies. User-agent strings are likewise easy to spoof at the desktop (by installing multiple browsers, ua-switcher plugins, virtual machines, custom client software, etc). At the network layer, a security gateway could mutate HTTP headers (including the user-agent string) on the fly. I would be surprised if our most sophisticated and well-funded users (government-backed disinformation agencies, high-priced PR firms with Fortune-500 clients, national political parties) were not already doing this. I think it less likely that garden-variety SEO spammers are using technology like that, but it's not beyond reach of a mid-sized company with more money than ethics.
As for, "Would you expect your blocking activity to massively change?", it's difficult to predict the future. Certainly, as a CU, I would have access to more information than I do now, which would help me make better block-or-no-block decisions. Sometimes I suspect a sock, but not enough to bother opening a case for somebody else to follow up on. As a CU, I could see for myself, which might well lead to more blocks. I imagine I'll also be servicing the SPI queue and/or responding to requests from other queues (arbcom, etc) so that would lead to more blocks. Massively? That would be speculation, so I can't really answer that part. Not to mention, that just like with edit-count-itis, I don't believe there's much value in comparing block counts. With the tools I have now, I could certainly be doing more blocking, but I tend to be conservative about blocks, and I don't expect that would change.
-- RoySmith (talk) 14:26, 4 October 2019 (UTC)[reply]
  1. I'd like to discuss your approach to blocking suspected socks. Perhaps you recall this incident last year, in which I undid one of your blocks because it was based solely on your assertion that any new user who shows up at AFD is a sock. At the end of that discussion you seemed to understand that that is not ok, and why it isn't ok. To my mind this isn't something that should have needed to be explained to an admin with your level of experience, but since you seemed to get it that was that.
Or so I thought, but then earlier this year you stated " I generally work under the assumption that when a brand new account immediately heads for AfD, something's not right. It's simply not what you would expect a brand new user to be doing. There was a long AN thread (started by me) about this, which I've taken as an endorsement of this approach.". My read of the reference discussion [2] was that there was support for that specific block and it was not a community endorsement of this approach, and I said so on your talk page, and you seemed to indicate again that you got the point.[3]
So my question is, if you were granted CU access, could we expect that anyone who was new and made a comment at AFD would be checkusered by you, to try and find evidence to back up this assumption that "new user at AFD = 100% certainty of socking"? Beeblebrox (talk) 20:48, 4 October 2019 (UTC)[reply]
"New user at AFD = 100% certainty of socking" is overstating things. I'll certainly agree, however, that "new user at AFD = suspicion of socking".
WP:NOTFISHING talks about legitimate, credible concerns of bad-faith editing or sock-puppetry. Under "Grounds for checking", it gives "double voting" as one of the disruptive behaviors we're trying to defend against. We know socking is a problem. We know WP:UPE is a problem. We know socking at AfDs to prevent paid articles from being deleted is a problem. It's not a huge leap of logic to suspect that, when a new user's first edits are to AfD, maybe it's a sock.
So, what we're really talking about is how I would make the judgement call to suspect socking when I see unusual behavior at AfD. I can't give you an exact answer. That's why we still employ humans to make judgement calls instead of relying on AI algorithms to do it for us. Certainly, when a user's first edit is to AfD, that's something that raises suspicion. When several new users all comment on the same AfD, that's a (much) bigger suspicion. And, while I can't put into words exactly what I'm looking for, I've certainly read things that people have written and thought, "Hmmm, that sounds fishy".
Wielding more powerful tools implies the need for greater discretion when using them. The ability to access a user's confidential and personally-identifiable information is indeed a more powerful tool than the ability to block somebody.
If a block is made in error, it can be reversed with no lasting harm. Well, that's not quite true; if the act of blocking somebody ends up chasing away a potentially valuable new user, that's harm. From the point of view of the user's account on the site, however, they've been restored to their previous state.
The same cannot be said of accessing confidential information. Once I've seen something, I can't unsee it. There's no way to completely undo the disclosure, and you never know what you're going to see before you look. Behavior-based blocks should not be made willy-nilly, but the decision to breach a user's confidentiality has to meet an even higher bar.
Should you expect that I'll automatically run a CU investigation on every new user that pops up at AfD? No, of course not. Will I look at brand new users who are commenting at AfD and wonder if they're legitimate? Yes. How will I decide that my initial suspicion is strong enough to justify digging deeper? The simple answer is, "I'll make my determination is accordance with the policies outlined in WP:CHECK. The deeper answer, however, will always be, "I'm human and I'll make human judgements based on my experience and intuition, plus WP:CHECK." And, obviously, I'll avail myself of (off-wiki) advice from other functionaries on close calls, especially as I'm getting up to speed.
  • Thanks for your detailed reply. I've just realized I missed a whole other aspect of this, now at Wikipedia:Sockpuppet investigations/JimKrause/Archive, the entry for 6 October 2018, in which you state "Behavior and depth of understanding of wiki processes makes it impossible to believe claims of being new users."(emphasis added) A Checkuser found one of the accused to be unconnected, and the other, the one whose block was the subject of the previous AN discussion, they declined to CU at all. Given your answer above, I'm curious as to how you feel about the CUs refusal to even run a check? Beeblebrox (talk) 20:35, 6 October 2019 (UTC)[reply]
Obviously, I felt what I was seeing was suspicious, for the reasons stated, and deserved greater scrutiny. Based on their SPI comments, User:Atlantic306 shared my suspicion, but User:AGK felt a CU investigation wasn't warranted. How do I feel about that? I'm fine with it. I made a request, and the CU declined. That's fine, that's their job to decide which ones are justified and which aren't. I'm not trying to be evasive, but I don't know what else you're looking for me to say. -- RoySmith (talk) 22:18, 6 October 2019 (UTC)[reply]
I guess what I was getting at is if you think you would have run a CU or if you agree with the decision not to. Beeblebrox (talk) 02:46, 7 October 2019 (UTC)[reply]
This all happened a year ago, and I barely remember the details. But, I suspect that if, at the time, the magic CU fairy had come down and granted me three wishes, I probably would have used one of them to run a CU. But, that was a year ago. In the intervening time (and especially more recently as I've considered applying), I've read a lot more about CU policy. I've also opened a bunch of SPI cases and gotten to observe how things get handled in real life. So, let's look at WP:CHECK#CheckUser and the privacy policy...
Point 1 says, to prevent or reduce potential or actual disruption, or to investigate credible, legitimate concerns of bad faith editing. I think it's clear that this example was potential disruption, since we're talking about (potentially) influencing the result of an AfD for illegitimate purposes. So, then we're down to whether this was credible, legitimate concerns of bad faith editing (and I'm sure that's what you're getting at). Credible just means "believable", and obviously at the time, I believed it. So, yeah, my reading of the policy is that this would be a legitimate check. And thus the answer to your first question, (do) you think you would have run a CU?, is, yes.
But, the real answer is that I expect that initially, I'll be seeking a lot of input, and go along with the advice I receive. It's quite clear that if I were to ask you, you would say not to run it. Given that AGK declined this a year ago, I expect they would say the same thing. So, yeah, if this were my first case, and I asked for advice, and the two people who came back were you and AGK, I expect I'd have two people advising me not to check, and I'd go along with that. So the answer to your second question, (do) you agree with the decision not to is also, yes.
I'll leave you with one last thought. In my career as a software engineer, I've learned to embrace egoless programming. The same concept applies here. Assuming I'm granted CU, I recognize that on day one, I'll be the least experienced and least knowledgeable of the entire CU cadre. My first job will be to learn as much as I can from those who have more experience than I do. It's one thing for me to read WP:CHECK and think I understand it, but I know that there's nothing that can replace real-life experience. -- RoySmith (talk) 03:46, 7 October 2019 (UTC)[reply]
Comments (RoySmith)
edit
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-c wikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.
  • I'd like to thank RoySmith for their extensive reply to my question above. For the benefit of readers who are less technically minded, it's not to be faulted on technical grounds, ie it shows a fair general knowledge of some of the issues that we face. I remain a little concerned about inexperience of blocking on Wikipedia in general, and IP addresses in particular, which as I mentioned above are a staple of CU work. I am not looking for large numbers of blocks, just enough to be able to identify quality and a level of experience. For example, it is one thing to know what an IP address range is - it is another to range block it and deal with all the collateral, complaints, block evasion, and other mess that comes with actually performing such a block. We all learn things from blocking IP addresses. Anyway, the decision is not mine, and I've probably had my say, so I'll step aside and wish you good luck. -- zzuuzz (talk) 18:48, 6 October 2019 (UTC)[reply]
  • Inclined to say not right now - the concern isn't lack of technical expertise but expertise in when running a CU is allowed under policy, and issuing rangeblocks (that could be CU blocks as well). Would be happy to reconsider after serving as a SPI clerk, or more relevant experience (like at WP:ACC or even m:SWMT). --Rschen7754 06:11, 7 October 2019 (UTC)[reply]
  • The written policy for CU is of course our basic rule, but in actual work it, like all policies, needs interpretation. Various CUs interpret it differently, because so much of this is judgment. In discussions on the CU list, there are frequently disagreements. Of course, most checks are not and need not be discussed there, but I think that for a good percentage of checks here might be one or two of the current checkusers who would disagree with it, and I know that I often see declines to check where I might have run one. to I think someone with Roy's experience on and off WP will have good judgment, and will especially know enough to go carefully at first.
Additionally, it seem that he has anexceptionally wide background in related technical issues, and we could certainly use his support on the team. DGG ( talk ) 03:12, 8 October 2019 (UTC)[reply]
  • I'd also like to thank Roy for his detailed responses to my questions, and for totally not calling me out for kinda stretching the rules with 2 and 1/2 questions. Whatever else I may think, in both the past incident in question and here on this page Roy has been forthright and civil despite my rather pointed questions. Beeblebrox (talk) 23:59, 8 October 2019 (UTC)[reply]

SQL (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement
Hi, I'm SQL. I have served as an Administrator since 2007.

I'm the developer behind:

  • IPCheck, a tool used by many functionaries daily to help determine if a given IP is a proxy / webhost / compromised.
  • ISP Rangefinder and NBCH, tools used to list hosts on hosting networks.
  • IPRange, a tool used to resolve a given subnet (often helpful to identify webhosts or proxies).
  • I was the original developer behind the account creation interface[4]

I am a regular at Requests for unblock, the account creation interface (mostly in the proxy check queue), the unblock ticket request system, and the Wikiproject on open proxies. I would primarily use the tool in those areas.

Standard questions for all candidates (SQL)
edit
  1. Please describe any relevant on-Wiki experience you have for this role.
    I mention in my nomination some of the various related tools I've written. I've contributed extensively at the Wikiproject on open proxies. I'm active in the proxy check queue at ACC.
  2. Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
    As I mentioned last year, I've had a lot of relevant jobs, NOC / internal support, and cable tech support.
  3. Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
    I do not. I suppose I don't know how much it matters - if at all, but I am a steward on the beta cluster. SQLQuery me! 03:06, 6 October 2019 (UTC)[reply]
Questions for this candidate (SQL)
edit
Editors may ask a maximum of two questions per candidate.
  1. Your candidacy in 2018 was unsuccessful. What is different about it this time around? --Rschen7754 01:31, 4 October 2019 (UTC)[reply]
  • Rschen7754, I apologize for the delay, it's been a busy week. By and large one of the primary concerns cited was a one-time issue shortly before CUOS2018. I won't rehash the debate, but I have read and re-read that discussion many times and have taken the feedback I received there to heart. I was too quick in that instance to use the tools, and should have proposed an action and solicited feedback before doing so. SQLQuery me! 04:05, 5 October 2019 (UTC)[reply]
Comments (SQL)
edit
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-c wikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Oversight

edit

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.


Stwalkerster

edit

Stwalkerster (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement
I am putting myself forward for Oversight. Having made quite a number of requests for oversight, mostly towards a small handful of oversighters, and as far as I'm aware and recall, (if not all) the vast majority have been actioned. I am quite active on IRC in the -revdel channel, and I've been noticing a dearth of activity from oversighters there at certain times of the day which is a hole I'm happy to help patch given I follow a European timezone. I'm experienced at handling private data, both through my work at ACC and as a current checkuser. I'm also familiar with the revdel tool having handled quite a number of revdel requests from IRC.
Standard questions for all candidates (Stwalkerster)
edit
  1. Please describe any relevant on-Wiki experience you have for this role.
    I have been handling revdel requests from IRC for a number of years now, and I'm confident in the use of the tool. I also have extensive experience in handling private data here on-wiki, with more than a decade of ACC and a year of checkuser under my belt. I also do a lot of attack page deletions, more than a few of which need suppressed too.
  2. Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
    I currently work as a software developer in the fintech industry, where there are extensive regulatory requirements regarding the confidentiality of information and network security. Due to this, I'm very familiar with the data security requirements and how to handle that sort of data safely.
  3. Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
    I currently hold checkuser here on enwiki, and I have access to the OTRS queues info-en and checkuser-en-wp. I also have bureaucrat on testwiki.
Questions for this candidate (Stwalkerster)
edit
Editors may ask a maximum of two questions per candidate.


Comments (Stwalkerster)
edit
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-c lists.wikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.
  • I've worked closely with Stwalkerster after joining the WP:ACC team. He has consistently acted with integrity as one of the ACC tool administrators, and has positively contributed to the collegial atmosphere that we have on the team and demonstrating WP:AGF to almost all users we deal with in the ACC queues. I strongly believe that he would be an asset to the oversight team. OhKayeSierra (talk) 01:19, 9 October 2019 (UTC)[reply]

The Blade of the Northern Lights

edit

The Blade of the Northern Lights (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement
I am applying for the oversight permission to increase my participation on Wikipedia, help protect the privacy of users, and keep defamatory content from proliferating. I have been an administrator for almost 8 years, active throughout that time, and am very familiar with both the deletion and oversight policies. I'll be available to help with the oversight mailing list and to handle any requests e-mailed to me, and while patrolling userpages, the user creation log, and new articles I have encountered many instances calling for oversight; I have never had an oversight request denied, and being able to handle such cases on my own would allow me to better serve the community. I am of the age of majority where I live, and have read the policies on non-public information and the confidentiality agreement; if selected, I will sign the confidentiality agreement. Thank you for your consideration.
Standard questions for all candidates (The Blade of the Northern Lights)
edit
  1. Please describe any relevant on-Wiki experience you have for this role.
    I have extensive experience with deletion and revdel across several namespaces. In particular, I regularly check userpages and subpages for various types of misuse, such as spam or NOTWEBHOST violations, and frequently find private information of various sorts. In addition, I frequently patrol WP:UAA and Special:Log/newusers. I have submitted dozens of oversight requests related to all of these, and all of them have been actioned.
  2. Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
    I work with disabled adults, and in my professional capacity I handle confidential information on a daily basis. Among many other responsibilities, this involves extensive case notes and writing about specific incidents. I must be able to describe client incidents in adequate detail without giving away any personally identifying information about other clients, sonI am very familiar with what is legally considered personally identifying information.
  3. Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
    Right now, my only advanced permissions are being an administrator here. I previously had OTRS access from 2012-2014, and handled a few tickets, but let it lapse; at the time I had decided to focus almost exclusively on content creation for a while.
Questions for this candidate (The Blade of the Northern Lights)
edit
Editors may ask a maximum of two questions per candidate.


Comments (The Blade of the Northern Lights)
edit
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-c lists.wikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.
  • I was reminded of April Fools Day on Wikipedia today which reminded me of something which happened last year. It wasn't his contribution (and re-insertion of it) to ANI which seems in-keeping of longstanding community commentary and, outside of marking it as a joke with-in WP:FOOLS guidelines. No it was the fact that the candidate thought it good judgement to make a joke at Arbitration Case Request while there was an active request and then basically responding to critics with "There's always someone."[5] and pride when asked not to do it. This is comparison to other jokes he made (e..g this Afd which outside of someone else having to tag as humor is well with-in norms). Now I have my own history of "humor" and don't think this should disqualify him from being a functionary. But the Arbitration business, and doubling down with pride, is less than I would want to see from a functionary. Best, Barkeep49 (talk) 23:45, 9 October 2019 (UTC)[reply]
I wouldn't consider what I did doubling down. On both the thread on my talkpage and an AN thread, I made a more important point of not restoring it and reminded people who ran into controversy on April Fools jokes not to get into it with each other. The Blade of the Northern Lights (話して下さい) 01:51, 10 October 2019 (UTC)[reply]

ST47

edit

ST47 (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement
I am volunteering for Checkuser and Oversight. I returned to Wikipedia early this year from a long inactivity - I originally edited from 2006 - 2009. I am familiar with WP:SPI and investigate and resolve cases there regularly, and I have already signed the WMF NDA as a WP:ACC user. I'm a computer security researcher and a part time web admin, so I am very familiar with the uses - and limitations - of the tool. I am comfortable calculating IP ranges and issuing range blocks. My Recent Changes and AbuseFilter patrolling causes me to stumble upon likely sock puppet accounts fairly often, and access to the Checkuser tools would allow me to properly resolve those cases and help with backlogs at WP:SPI and elsewhere. Similarly, I do occasionally run into oversightable things from recent changes or sockpuppets, and report them to the oversight team. I often have IRC and email open even while I'm not actively on wiki. So, I offer to take on either or both roles, as you decide.


Standard questions for all candidates (ST47)
edit
  1. Please describe any relevant on-Wiki experience you have for this role.
    Through recent changes patrolling, I occasionally find oversightable material that I report to the oversight email queue. I also use the revdel IRC channel to respond to requests for revision deletion by non-admins. As an oversighter I would be able to provide a faster response to people visiting that channel to request oversight, which can otherwise have a delay especially later in the evening when I am primarily active.
  2. Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
    I work in computer security, and I'm a developer/sysadmin for a small hobbyist website, so I regularly work with IP addresses and ranges, WHOIS and port scan data, user agent headers, and am responsible for protecting sensitive data relating to our users.
  3. Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
    No.
Questions for this candidate (ST47)
edit
Editors may ask a maximum of two questions per candidate.


Comments (ST47)
edit
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-c lists.wikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.

Mz7 (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement
Hello, I'm Mz7, and I would like to apply for oversight rights this year. I have been involved in the "behind-the-scenes" work on Wikipedia for almost the entirety of the time that I have been active here, and this has exposed me to numerous situations where I have had to request oversight. From November 2016 through April 2019, I was an active member of the OTRS team—I voluntarily relinquished my access in April because of changes in my real life situation which have now alleviated—so I would be readily able to handle requests to the OTRS queue. Being on the OTRS team exposed me to a more humbling side of Wikipedia: the people whom we write about and the people whom we interact with are real people, and the things we do and say can have real, tangible effects. We cannot forget that. For these reasons, I think I am intimately familiar with the principles underlying the oversight policy. I am very active on IRC, and there I help handle revision deletion requests in the #wikipedia-en-revdel channel—I would be more than happy to respond to the oversight requests there as well. As I mentioned in my CU nomination statement, I find that I get along well with other Wikipedians, so I look forward to working with fellow oversighters if appointed.
Standard questions for all candidates (Mz7)
edit
  1. Please describe any relevant on-Wiki experience you have for this role.
    I have a lot of experience in the behind-the-scenes areas of Wikipedia that have exposed me to situations where I have needed to request oversight. I'm active on IRC, where I've handled numerous revision deletion requests in the #wikipedia-en-revdel connect channel. I have already signed the confidentiality agreement for Wikimedia projects as part of my work on WP:ACC and my previous work at WP:OTRS.
  2. Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
    I have worked in the past at organizations, including a stealth startup, which required me to fulfill confidentiality obligations.
  3. Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
    This is my first time applying for advanced permissions beyond sysop on any WMF project. From November 2016 to April 2019, I was an active member of the OTRS team with access to the info-en and permissions queues. I voluntarily requested that my access be removed in April 2019; although my activity level was still within the activity requirements of OTRS, I decided I wanted to focus my time more on content work and administrative work on-wiki.
Questions for this candidate (Mz7)
edit
Editors may ask a maximum of two questions per candidate.


Comments (Mz7)
edit
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-c lists.wikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.

Xaosflux

edit

Xaosflux (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement
Hello, I am xaosflux and I am applying for an oversighter appointment. I have been a Wikipedian since 2005, an administrator since 2006, and a bureaucrat since 2016. I currently function as an oversighter on the meta-wiki project and have previously completed the confidentiality agreement for nonpublic information. If appointed, I will diligently support the oversight policy. Regarding oversight, some may recall I recently started a discussion on splitting oversight from ArbCom, to try to free up ArbCom for more dispute resolution activities – though it was a non-starter I still think that having non-arbcom oversighters is important so that the committee can focus on their core responsibilities. To that end, I'd like to think I have the trust of the community to both keep suppressed material secret, and to only suppress materials as supported by policy. Thank you.
Standard questions for all candidates (Xaosflux)
edit
  1. Please describe any relevant on-Wiki experience you have for this role.
    Locally, I have years of experience with deletion, rev-del, and redaction as an administrator. I am currently an oversighter on the meta-wiki, so have direct experience both with the tools and its logs, as well as keeping open communications with other functionaries. — xaosflux Talk 01:07, 4 October 2019 (UTC)[reply]
  2. Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
    I have lengthy off-wiki professional experience in the financial industry, information security, and computer security. My experience includes review and classifying information, maintaining technical and professional confidentiality, and information system auditing. — xaosflux Talk 01:07, 4 October 2019 (UTC)[reply]
  3. Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
    Yes. As listed in my CentralAuth listing I am an oversighter on the meta-wiki; a bureaucrat here, on testwiki, and on test2wiki. I am also an administrator on the Programs & Events Dashboard system. I am not a current OTRS agent. — xaosflux Talk 01:07, 4 October 2019 (UTC)[reply]
Questions for this candidate (Xaosflux)
edit
Editors may ask a maximum of two questions per candidate.


Comments (Xaosflux)
edit
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-c lists.wikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.

L235

edit

L235 (talk · contribs · blocks · protections · deletions · page moves · rights · RfA)

Nomination statement
Greetings: I’m Kevin, and I’m applying for CheckUser and Oversight access to help with some of the backlogs we’ve seen, particularly at SPI. I’ve been an SPI clerk since December 2015, where I’ve been actively involved in sockpuppetry investigations. As a clerk and patrolling administrator, I am responsible for making initial determinations on the use of CheckUser (endorsing or declining CU requests prior to CU review), evaluating evidence, and blocking users for sockpuppetry. I’ve made over 500 blocks in the ~1 year since my RfA, and many SPI-clerk recommendations for admin action before that.
I have an extensive track record as a thorough evaluator of behavioral evidence in SPI cases, and I have a technical background as a Stanford computer science student. I am regularly available and accessible on IRC, and I am glad to perform CU/OS functions on ACC, UTRS, and OTRS (all of which I currently have access to).
Standard questions for all candidates (L235)
edit
  1. Please describe any relevant on-Wiki experience you have for this role.
    My nomination statement describes a number of pertinent areas in which I've contributed; in particular, I've been an SPI clerk for nearly four years, an ArbCom clerk for over four and a half years, and an administrator for over a year. In these roles, I have worked closely with functionaries and arbitrators, especially in sockpuppet investigations, and have developed experience in evaluating evidence and using the block and revdel tools.
  2. Please outline, without breaching your personal privacy, what off-Wiki experience or technical expertise you have for this role.
    I have a technical background as a student of computer science at Stanford; although networking is not my area of research, I know the basics and I'm confident I can pick up relevant skills fairly quickly. As for experience dealing with private information, I have held a number of positions requiring NDAs and/or background checks.
  3. Do you hold advanced permissions (checkuser, oversight, bureaucrat, steward) on this or other WMF projects? If so, please list them. Also, do you have OTRS permissions? If so, to which queues?
    I do not have other advanced permissions, but I do have OTRS access to the info-en queue.
Questions for this candidate (L235)
edit
Editors may ask a maximum of two questions per candidate.
Comments (L235)
edit
Comments may also be submitted to the Arbitration Committee privately by emailing arbcom-en-c lists.wikimedia.org. Please note that the candidate will be provided the opportunity to respond to a paraphrased version of any emailed comments; the sender's name will not be provided.
The discussion above is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

Results

edit

The Arbitration Committee is pleased to welcome the following editors to the functionary team:

The Committee thanks the community and all candidates for helping to bring this process to a successful conclusion.

The Committee also welcomes the following user back to the functionary team:

The Committee also thanks Timotheus Canens (talk · contribs · deleted contribs · logs · filter log · block user · block log) for his long history of contributions to the functionary team. Timotheus Canens voluntarily resigned his CheckUser and Oversight permissions in September 2019.

For the Arbitration Committee,

Katietalk 15:47, 14 October 2019 (UTC)[reply]

Archived discussion at: Wikipedia talk:Arbitration Committee/Noticeboard/Archive 45#2019 CheckUser and Oversight appointments: Candidates appointed