Wikipedia talk:Sockpuppetry/Archive 8

Latest comment: 15 years ago by WereSpielChequers in topic restoring an example
Archive 5Archive 6Archive 7Archive 8Archive 9Archive 10Archive 15

Privacy

This has been in and out of the policy at various times, so I'm bringing it here for discussion, as I don't think it's a good idea.

*Privacy: A person editing an article which is highly controversial within his/her family, social or professional circle, and whose Wikipedia identity is known within that circle, or traceable to their real-world identity, may wish to use an alternative account to avoid real-world consequences from their involvement in that area.

This is avoiding scrutiny. We don't want people splitting their contribs up in this way, because it's basically encouraging Dr Jekyll and Mr Hyde behavior, which is a large part of what this policy seeks to prevent. If people have concerns such as the above, all they need to do is not tell their professional circle what their WP user name is. If we want a privacy section, I would suggest instead:

*Privacy: An editor may create an alternate account to edit articles that might serve to identify him; for example, he might want to edit articles about his home town or about an unusual hobby he's associated with in real life.

That allows privacy for legitimate reasons, but doesn't allow people to create alternate accounts for the express purpose of editing in controversial areas, because the latter violates the "avoiding scrutiny" prohibition. We don't want User:X—admin, checkuser, oversighter and all-round good guy—being allowed to create User:Y to make edits promoting Holocaust denial, for example. SlimVirgin talk|contribs 12:31, 4 October 2009 (UTC)

I have always thought that editing in controversial areas was the strongest case for making undisclosed alternate accounts; for example, an editor who sometimes edits about sexual fetishes or holocaust denial but does not want to draw criticism about this to their regular account. Indeed, apart from "making a new start", this is the only example given on the policy for why an undisclosed alternate account might be legitimate.
As for edits that might help identify someone's identity, usually we rely on the fact that accounts are pseudonymous to accomplish this. So it seems to me that the new rationale above would only apply to editors whose main account was actually a variant of their name, since it doesn't violate anyone's privacy to know that some pseudonymous account seems to have an interest in Cleveland. — Carl (CBM · talk) 13:45, 4 October 2009 (UTC)
An editor who is editing collaboratively about motherhood and apple pie as User:X, and contentiously about Holocaust denial as User:Y, is a good example of what we don't want to encourage, which is the point of the "avoiding scrutiny" provision, which I recall was inserted on the basis of something Jimbo said. I'll try to remember what the background of that was.
Someone who edits their home town, and the hobby they're well known for locally, might be outing themselves, in effect. That was always the point of the privacy provision -- to safeguard privacy, not to safeguard controversial editing. SlimVirgin talk|contribs 16:09, 4 October 2009 (UTC)
As long ago as 2004, this policy said [1]
"Users with an expertise in mathamatics, for example, might not wish to associate their contributions to detailed mathamatical articles with contributions to articles about less weighty subjects. Sock-puppeteers sometimes use sock puppets in talk pages to avoid extending conflicts about a particular area of interest into communitywide political conflicts related to user identity rather than to article content. A person participating in a discussion of an article about abortion, for example, might not want allow other participants an opportunity to extend that discussion by engaging a particular user in unrelated but philosophically motivated debate outside of that discussion."
This language about using different accounts to segregate edits on different subjects remained, in various forms, up until the present version. For example, by 2006 it had become [2]:
"A person editing an article which is highly controversial within his/her family, social or professional circle may wish to use a sock puppet so that readers unfamiliar with NPOV policy will not assume his/her information edits are statements of personal belief."
So it appears that safeguarding controversial editing was indeed one of the underlying motivations for permitting sockpuppets. — Carl (CBM · talk) 16:29, 4 October 2009 (UTC)
I know the policy has contained the latter, which is why we're having this discussion. The former point from 2004, I didn't understand after the first sentence.
This has always been a contradictory and badly written policy, in part because a lot of editors who were socking turned up to weaken it. As a result, no one really knows, except for the most obvious cases, what counts as valid and what not. That gets editors into trouble, because they misjudge where the lines are drawn. That's why I'm suggesting now that we remove the privacy clause that suggests it's okay to edit controversial subjects with an alternate account, because it contradicts the "no scrutiny" clause and the spirit of the rest of the policy, which is one editor = one account, except in very limited circumstances.

We can't maintain that position, and at the same time say, "But hey! If most of the time you edit articles about Judaism as User:Smith, by all means turn up in the evening as User:Jones to edit in promotion of Holocaust denial. We totally understand!" SlimVirgin talk|contribs 17:16, 4 October 2009 (UTC)

Data mining techniques are getting to the point that people can figure out who you are from your choice of topics and writing style alone. Consider a biology professor who happens to collect guns (anathema to many in academia). He is within his rights to edit biological articles with one account and use another to edit gun articles. Also, how will such people be caught? They're editing in two entirely different circles, and everything is controversial. Whatever this incident with socking by The Undertow has done to Wikipedia, putting in place an toothless statement against privacy is not the solution. Abductive (reasoning) 17:56, 4 October 2009 (UTC)
There is also the issue that certain areas of editing can expose you to real life harassment. Your primary account may be tied to your real name because you have released your creative commons photos here and put your name on them. If you want to edit an article about a group that is known to attack people to criticize them then using an alternate account would be protecting your privacy and safety. This is not theory by the way, I have gone through this. Chillum 18:31, 4 October 2009 (UTC)
The difficulty lies in knowing how to word a privacy exception so that it will help the good-faith editors, but not the bad. Chillum, how about my suggestion above: *Privacy: "An editor may create an alternate account to edit articles that might serve to identify him; for example, he might want to edit articles about his home town or about an unusual hobby he's associated with in real life." Is that not extensive enough, in your view? It's the "controversial article" clause that I'm concerned about, because that is so prone to misuse. SlimVirgin talk|contribs 18:38, 4 October 2009 (UTC)
I would like the addition of "that might serve to identify him or expose him to harassment or other unwanted real life consequences", or something worded better with the same meaning. I do think it is a move in the correct direction. Chillum 18:42, 4 October 2009 (UTC)

One pseudonymous account should be sufficient for any editor who wants to maintain their privacy. Allowing multiple undisclosed accounts, except for exceptional circumstances that are declared to a functionary in advance, is a bad idea. Using multiple undisclosed accounts deceives other editors and thus damages the community. Whether the deception is intentional or an unintended consequence does not matter. Jehochman Talk 18:49, 4 October 2009 (UTC)

I don't understand this; using a separate account in two areas only deceives an editor under the very faulty impression that they should look at a list of contributions and make determinations based on the full extent of any editing they have ever done. Who has this impression, and why would we appear to support it? Regarding the community, my understanding is that it has always been based on principles to allow people to work together without disclosing all potentially relevant information about themselves. If we no longer believe that then I'd think there should be full identification, but not unenforceable half-measures that only create more centralized, but far less transparent, control over Wikipedia's editing. Mackan79 (talk) 02:29, 5 October 2009 (UTC)
One in addition to their main one? Abductive (reasoning) 18:54, 4 October 2009 (UTC)
I've considered making a separate account not publicly linked to this one so I could edit articles on my favorite television shows, actors and actresses without feeling judged. (for the record, I have not done so, if only out of sheer laziness) It is deceptive, but I don't find it particularly problematic. I've heard that some people have alternate accounts they use solely for no drama content work.--Tznkai (talk) 19:09, 4 October 2009 (UTC)
(ec) Okay, here's a scenario. As you may know, I edit quite a bit in the area of animal rights. I try to keep my edits neutral, and although it's obvious that I'm sympathetic to the animal rights position, I try not to over-egg it. Now supposing I have much stronger AR sympathies than I let on, and I want to edit in a more aggressive way about these issues. I create User:ThinMary, and I start editing articles about animal researchers and people who own slaughterhouses, adding details about the things they've done that I can find in reliable sources -- editing that's within policy, but clearly designed to expose what I see as wrongdoing.

If caught by checkuser, I could site the privacy provision of this policy, by pointing out that very committed animal rights advocates are often harassed and persecuted, which would be entirely true, and because SlimVirgin is a known editor whom people have tried to out, I didn't want to taint her with extremist editing. Is User:ThinMary someone this policy should support? In my view, no, because her editing would inform people about SlimVirgin's editing. For me to split the contribs would be to deprive Wikipedians of important information about me, information that's needed to judge how closely my edits need to be watched, or whether I'm suitable to be given tools, and so on. SlimVirgin talk|contribs 19:01, 4 October 2009 (UTC)

You guys are too far into Wikipedia to see it from the point of view of a new editor. Recruiting people to Wikipedia who actually know something about science or Iranian politics or whatever and are willing to waste their time editing here should not be hindered by fear of being exposed. We don't all live in free countries. These provisions are unenforceable, except for dissidents in countries like China, who can't switch IPs as easily. Let's confine any changes to this privacy policy to people who have accepted nominations to become admins, clerks, etc. Abductive (reasoning) 19:08, 4 October 2009 (UTC)
One pseudonymous account is enough to protect privacy. Privacy is keeping your Wikipedia editing isolated from your real world identity. If an editor starts with their real name and wants to go sub rosa, they can abandon their account and have a fresh start. They shouldn't use two accounts without making a disclosure. Jehochman Talk 19:10, 4 October 2009 (UTC)
How do you propose to stop them? A person can edit from work, home, Starbucks, the library, and open wireless hubs with a different account from each, and never get caught. All you would be doing is potentially exposing people in unfree areas of the world to risk of political violence. Abductive (reasoning) 21:51, 4 October 2009 (UTC)
SlimVirgin points to one part of an important distinction. It is okay, if one's primary account is associated with one's real-world identity, to have an alternate account for editing on subjects that are controversial in one's part of the world. It is not okay to use a secondary account to make edits that are controversial out of fear of bringing disrepute or scrutiny on one's primary Wikipedia account. For example, I sometimes Wikignome around articles about sex fetishes, porn stars, etc., correcting some spelling and grammar, fixing cite formats. That's probably okay in my world but if I were an elected official in a conservative jurisdiction I would probably want to have an alternate account for that. By contrast, I am sometimes on sock-and-troll patrol on articles about American politics, something that earns considerable enmity among, well, certain editors. It would be wrong of me for all kinds of reasons to go all Bruce Wayne and create a secret sock-fighting sock, while maintaining the outward respectability of one who is above it all. So again, with an alternate account, controversial topics good, controversial edits bad. - Wikidemon (talk) 20:49, 4 October 2009 (UTC)
This isn't a particularly realistic recommendation. If I wanted to edit an article anonymously, I would certainly just create an alternate account. Nobody is going to abandon accounts with 10000+ edits and the bit in order to edit anonymously on a few articles. Christopher Parham (talk) 21:52, 4 October 2009 (UTC)
Why not? Having an account with a lot of edits doesn't mean much to some people. Are you speaking from a reputation point of view? Many people don't care about reputation; they are happy just to get their information onto Wikipedia. Abductive (reasoning) 21:58, 4 October 2009 (UTC)
Because it's generally more convenient to use Wikipedia from a known, admin account than a brand new account. It's a much better way to get more information onto Wikipedia faster. So it's best and easiest to just ignore/violate the rule; it's unlikely you would ever be caught and even if you were, the worst likely to happen is that you would lose your admin privileges and be forced to use just one account. Which is exactly what would have happened if I had followed the rules in the first place. Christopher Parham (talk) 22:15, 4 October 2009 (UTC)
In other words, because of massive WP:OWNership of articles, even an experienced editor has problems getting valid information on to Wikipedia if s/he uses an IP or alternate account. I say we should all start using alternate accounts to combat article OWNership right now. Abductive (reasoning) 22:35, 4 October 2009 (UTC)
It's not an ownership issue -- the ability to edit semi-protected articles, to say nothing of deletion, protection and other admin tools, are useful in contributing. Christopher Parham (talk) 22:57, 4 October 2009 (UTC)
Well, I did mention above that I think any alteration of this privacy section should apply to admin/checkuser/etc nominees only, not to regular editors. Contributing slightly slower is not much of a price to pay for true privacy, and has always been true. And I'm serious; everybody should try contributing as an IP, just to feel the pain of WP:OWN for themselves. Abductive (reasoning) 23:08, 4 October 2009 (UTC)
I really do not think we can just go and remove this privacy provision. Think of all of the people that created alternate accounts to avoid associating their true identity with areas of editing where harassment are common only to be told they suddenly need to reveal this link? They created this account with the expectation of privacy and it is not ethical to take the privacy away after the fact. Chillum 22:03, 4 October 2009 (UTC)
  • Remove the "privacy" claims in general - Users have the ability to be private - have a user name that is not identifiable. If it turns out your account is identifiable, stop using it and start a new one. This policy is about co-current uses of accounts or starting new ones while banned. One user, one account. Not one user and multiple secret accounts, nor multiple users for one account. If you are concerned about your actions having ramifications then you shouldn't be performing said actions. Ottava Rima (talk) 22:16, 4 October 2009 (UTC)
  • SlimVirgin, are you stating that these accounts should not be permitted at all, or only if the Arbitration Committee is notified and raises no objections? Risker (talk) 22:51, 4 October 2009 (UTC)
  • I've slightly lost track of exactly what we're talking about. I'd support this privacy provision without ArbCom's permission: "An editor may create an alternate account to edit articles that might serve to identify him; for example, he might want to edit articles about his home town or about an unusual hobby he's associated with in real life." But the "controversy provision," I'd say ArbCom or functionaries would need to be told about the two accounts, and the provision would have to be worded carefully, along the lines suggested by Wikidemon: controversial topics are allowed with a second account, but not controversial editing. SlimVirgin talk|contribs 01:55, 5 October 2009 (UTC)
Ahh. I am afraid I was unclear, then, so will give an example. User X has a long history, but wishes to edit controversial subject Y in an entirely appropriate manner but not linked to his main account because of the nature of controversial subject Y. He thus creates alternate account Z, notifies Arbcom of the alternate account and is acknowledged, edits the subject. This would no longer be permissible if the privacy section is removed, nor does it appear to be acceptable under the proposal you have put forth at the top of this section. Risker (talk) 02:15, 5 October 2009 (UTC)
Yes, I'd support that, so long as he's editing appropriately, and so long as there's no clash with his other editing that might give cause for concern. That's where the wording gets tricky.

The policy currently says, "A person editing an article which is highly controversial within his/her family, social or professional circle, and whose Wikipedia identity is known within that circle, or traceable to their real-world identity, may wish to use an alternative account to avoid real-world consequences from their involvement in that area."

So let's imagine we have User:A, very respectable, helpful editor, featured articles, adminship, everyone trusts him, so he runs for ArbCom. Unknown to the electorate, he's been running User:BZGHY for years, with the knowledge of ArbCom, which has run up thousands of edits to articles about pedophilia, in a way that makes clear he's a sympathizer. But he will benefit from having avoided scrutiny by being elected to ArbCom because the electors don't know about User:BZGHY, and this policy will have explicitly allowed it. So the question is: do we want this policy to allow that kind of scenario? SlimVirgin talk|contribs 04:35, 5 October 2009 (UTC)

For the record, we have a User:B, who is a fine editor (although it appears he resigned yesterday), so I have changed your example "bad" username. I will give you a more realistic example, Slim. Tonight some very serious privacy violations were brought to the attention of the Oversight list. On reviewing the article in question, there were clearly edits that needed to be suppressed. There were also edits that needed to be deleted but did not meet the criteria for suppression. I could not do them, and asked that another oversighter do the work. It wasn't that I was incapable of doing them, or was too busy to do them. It was because the article is about a porn movie, and I know that there are people who will use the fact that I have edited/carried out administrator functions on such an article as a weapon to demonstrate that I am unfit to be an arbitrator. It's time to change this culture, Slim. We need to stop believing only the worst of people. The only thing that really matters on this project is the content, and this obsession with who does what with what account entirely loses sight of that. That doesn't mean that problems should be ignored when they present themselves, but that we need to clearly identify what are and are not problems, and what weight those problems should get. Any use of an alternate account to adversely affect the content of the encyclopedia (including double voting on discussions related to content) would be at the top of my list of problems, with use of an alternate account to antagonise or otherwise harass another editor being a close second, but YMMV.
Back to your example. Accounts that show a paedophilic sympathy are closely monitored and/or blocked on a regular basis; it is one of the tasks that several of our former arbitrators in particular have continued since they have been out of office, and there are several other administrators who watch for such problematic accounts. That is part of protecting the content of the encyclopedia. I would be quite surprised to find an account with paedophilic sympathies that has managed to rack up thousands of edits without having been carefully scrutinized, checkusered, and probably shut down. I find your example unrealistic. I'm also worried that you seem to be vesting a great deal more authority into the Arbitration Committee than the Committee has or claims. Risker (talk) 05:39, 5 October 2009 (UTC)
This is like the discussion people have in aesthetics classes or art history. Does it matter that we know about artist X that he was mad, that artist Y was a pedophile, that artist Z was disabled? Does it change our view of their art? And the answer is, yes and no. We had an editor a while back, an anti-Zionist, turned up on a page about Israel, started making anti-Israel edits, and arguing strongly for them on talk. Lots of talk, lots of editors involved, many of them also anti-Zionists taking his side. It turned out, and as I recall it took a few weeks before this came out, that he wasn't an anti-Zionist at all, he was an old-fashioned anti-Semite, and I mean a real one, not a borderline case. He'd had other accounts that had made that crystal clear.
Did knowing that change his edits? No. But it made everyone uncomfortable. All the editors who'd supported him felt cheated and used. Everyone was annoyed at having wasted time discussing the issues with him. Even though not a single word of his was actually changed by our knowledge of his other accounts, at the same time, they all were. SlimVirgin talk|contribs 06:02, 5 October 2009 (UTC)
Then I think we may have found a point of agreement between us, SlimVirgin: this clearly affected the content of the article, even if it didn't change a word in it, and I agree that the use of another account was unacceptable, and I will take it as understood that his prior account(s) had already been topic- or site-banned. I'm unclear if you're saying he was concurrently editing in other areas at the same time with another account, though. Regardless, if he (in a past or current account) had been banned from editing, he had no place being there, and I do feel badly for the editors who were caught up in this. At the same time, I am well aware (because I can see the list held on the arbitration wiki) that there are several very good editors who have separate accounts to edit in certain areas or for special reasons; I did a cursory look at the edits of a few of them, and they appeared to be good content edits or otherwise compliant with policy. I would like to think that if we give people a way to honestly report these accounts without making them fully traceable to the entire world (which is what happens when they are linked on-wiki), they will be far more likely to be policy compliant in their use, and will still go on to continue the development of the encyclopedia within our policies. There are real issues with criminalising good behaviour. I would hate to see some of our fine editors who have quietly returned after being harassed onwiki being removed from the project, or having to sanction reputable editors because they had the fortitude to improve a problematic article about a controversial subject (such as anything relating to unusual sexual practices or attractions) using an account separate from their "public face". These editors are doing us a service, and we need to make at least an effort to protect them from harassment or other harm. Risker (talk) 06:42, 5 October 2009 (UTC)
  • Separating accounts for privacy has always been protected, and is obvious for situations where editors want to be pseudonymous but also edit relating to their geographic location or topics of personal interest. If we want to crack down on sockpuppetry, it should be done in ways that focus on the problem and not on the vast majority of editors who are not a problem. I'm also not convinced people are considering the negative side effects when you ignore subtlety and just ban a large set of behavior, such that editors who wish to avoid illegitimate scrutiny then lack incentive to follow Wikipedia's principles at all (that, among other similar problems). Mackan79 (talk) 01:45, 5 October 2009 (UTC)

A certain user whose real identity is fairly widely known (and can likely be uncovered by a determined researcher) regularly visits a certain country with a terrible human rights record. He uses an alternative name to edit articles related to that country, to protect himself and the people he meets in that country. I didn't make this up; it is a real person. Whatever change is made should not outlaw this usage of a sock. I don't think this user should have to confide in any officials either. Zerotalk 12:18, 5 October 2009 (UTC)

Yes, good points, and I agree with Risker's last point above too. There's clearly no consensus to jiggle with the privacy provision, so I won't push it. SlimVirgin talk|contribs 19:55, 5 October 2009 (UTC)
I would like to see the privacy section tweaked to include some aspects of SlimVirgin's original suggestion. Zero000's example is an excellent one, but a reverse situation is also possible. Suppose a pseudonymous editor wished to make some edits, was aware that this would make his/her real life identity obvious? Using Zero000's example, perhaps the editor was travelling on a well-publicized Human Rights Watch country visit and wanted to contribute some pictures and information gained on this visit, also to protect him/herself and those met. I can think of several other situations where editors limited to one account might be forced to choose between contributing and losing their anonymity. The current wording does not seem to cover this, to my mind, legitimate reason for separating edits with another account, and I support some considered expansion of this section to cover this too.--Slp1 (talk) 19:16, 12 October 2009 (UTC)

A method for alternate account identification

I figured I'd dust off an old suggestion I made from the archives without further comment:

The essential problem of sockpuppetry is deception - and this is usually where an admin needs to get involved. Creating the illusion of consensus, avoiding accountability, stuff like that. What do people think of having legitimate alternate accounts be identified by a deleted edit in the user page history? Would save admins the trouble of having to run to a CheckUser only to find out there are legitimate alternate accounts.--Tznkai (talk) 10:48, 16 January 2009 (UTC)

That seems reasonable. Personally I hate the idea of undisclosed alternate accounts, but seeing as the community allows them, too bad for me. A deleted edit on a user subpage (to avoid popping up on watchlists) would handle disclosure nicely. //roux   17:30, 16 January 2009 (UTC)
A good first step in the progress towards the prohibition of unidentified alternative accounts. But both this and the total prohibition needs to have way of handling of the occasional need for one with hidden identification, accessible only to checkusers. DGG (talk) 22:59, 25 January 2009 (UTC)
A good first step would be to gain a consensus that such a requirement would even be a good idea. Chillum 21:57, 4 October 2009 (UTC)
I don't see any harm to this being one method of identifying alt accounts, I can see objections to this being the only method as it includes far more people than declaring it to arbcom. ϢereSpielChequers 13:39, 5 October 2009 (UTC)

The other direction

I am struck by the lack of thought toward more focused ways to address problems relating with socking. As someone who sometimes sits around thinking about these kinds of things, here is a little list I recently worked up based on four categories:

1.) Remove the incentives

a.) Do more to prohibit revert warring.
b.) Do more to promote civility, or other ways of maintaining a more efficient “market place of ideas.”
c.) Give editors opportunities to restart in a non-destructive manner.

2.) Strengthen the culture

a.) Clarify sock policy so it focuses only on clear abuse, to ensure that the policy is widely supported.
b.) Increase transparency with private sock-related findings, to build faith in the system.

3.) Focus enforcement

a.) Check editors who consistently violate policy by edit warring, incivility, or in other manners, since these often turn out to be socking.
b.) Provide clearer avenues for less experienced editors to report problems in private.

4.) Increase structure

a.) Increase identification among voluntary positions.
b.) Increase the role of these positions in evaluating disputes.

Potential problems to avoid:

  1. Over-reaching, and creating limitations that are counterproductive or unnecessary.
  2. Systemic biases (by carelessly increasing authority to run checkuser, for instance).
  3. Non-transparent controls.

I don't know if any of this appeals to others (all aspects may not be feasible), but my view is that as long as you have pseudonymous/IP editing, and don't actively require 1 person/1 account at registration, these types of ideas are the most productive way to go. Mackan79 (talk) 08:08, 5 October 2009 (UTC)

Existing alt accounts

I can see that some editors want to use the recent sockpuppetry cases to justify tightening the rules about alternate or former accounts. Personally I thought these rules were about right, and find it bizarre that the response to breaches of these rules is to tighten them rather than find better ways to enforce them, such as checkuser on random admins.

I think we have an anomaly about clean starts, with the expectations of some !voters at RFA now in opposition to the concept of a clean start. It would be sensible to tighten the clean start policy along the lines of "however if in future you wish to run for administrator or other post within Wikipedia you would need to declare your previous account either publicly; or by informing arbcom and asking them to rule whether any blocks or other misbehaviour are sufficiently old that the former account can be treated as a former account in good standing and not publicly disclosed."

There is also an unpalatable hint of retrospective rule changing here. I think that if we do rule out some formerly legitimate uses of alternate accounts we should make it clear than any such tightening of the rules only applies to future edits. If we were to restrict admins to only using their admin account and declared accounts such as user:WereSpellCheckers, then admins who have been using alternate accounts within the rules should have the option of either using those accounts within the new stricter rules, or simply ceasing to use those accounts. Edits made in accordance with the policy of the time should continue to be good edits, even if similar edits would no long be allowed. ϢereSpielChequers 14:17, 5 October 2009 (UTC)

I agree about not being retrospective, if only because I am not sure all of us will be able to remember all the accounts we may have used for demos and the like. DGG ( talk ) 04:43, 6 October 2009 (UTC)

restoring an example

At some point in the recent changes we lost this example of an alternative account "For example, longterm users might create a new account to experience how the community functions for new users." Does anyone object to it going back in? I appreciate it adds slightly to the length, but strikes me as the most obvious example of why we need to allow alternate accounts. ϢereSpielChequers 08:04, 6 October 2009 (UTC)

  • I want it back. I have been advocating this in order to educate people about the high level of WP:OWN which is a far worse problem for the recruitment and retention of editors than any abusive sockpuppetry that might result from this example being in the text. Abductive (reasoning) 21:07, 7 October 2009 (UTC)
I want it back too. It is very educational to use Wikipedia without the benefit of reputation, ownership issues do become more obvious. 64.251.77.193 (talk) 21:15, 7 October 2009 (UTC)
This is now being used by a number of editors at wp:NEWT to identify some of the problems in the new page patrol and speedy deletion processes. ϢereSpielChequers 23:50, 11 November 2009 (UTC)

Which account is the main account

It seems in recent editing that a new provision was added to the lead:

Where an editor is using alternate accounts, the account with which the editor originally became known to the community is regarded as the main one.

This appears to be new as of the edit here. That edit changes it from a competing standard which would ask which account had the longest history, although that standard appears to have been newly added as well.

My understanding is that, to the contrary, the standard of which is the "main account" often depends on the situation, though if anything it would be regarded as either 1.) the far and away more active account, or 2.) the one used in community discussion. It could be argued of course that an editor should only ever use the first account with which he became known to the community for any community discussions, but that seems unrealistic. Consider the editor who has a "bad start" and quickly starts over, for one example which has always been at least tacitly permitted. There are other scenarios that challenge the "first known" standard (it could also be questioned what it means to become known to the community, and if this applies to all or most editors), but anyway, I'm just not sure it's possible to say categorically what will be the "main account" in every case. Since I'm also not sure why identifying a "main account" is needed, perhaps it should just be removed? See how the issue is treated previously here. Mackan79 (talk) 05:54, 7 October 2009 (UTC)

  • When disclosing accounts, lets not play games, but be completely upfront. On every new encounter, you shouldn't have to hunt down trails to find out that the user uses. Have every account list every other account. --SmokeyJoe (talk) 06:22, 7 October 2009 (UTC)
    • If a person is disclosing publicly, sure, I think the disclosure would need to be on each. My point here is only that calling one a "main account" doesn't seem to affect anything, unless there's something I've missed. The only place I've seen it come up is where sock accounts are being blocked for abuse, and they're trying to decide which one is the "main account" going forward. Mackan79 (talk) 06:43, 7 October 2009 (UTC)
      • If you can't find where that new provision was agreed to here on the talk page, you can remove it pending discussion here. I'm personally neutral on the matter. I can see the logic behind both arguments. Cla68 (talk) 06:55, 7 October 2009 (UTC)

Socking v. block or ban evasion

The use of multiple accounts should be focused on here and coverage of block or ban evasion dealt with separately. The overlap is problematic and treating them as if they are one and the same is confusing and misleading. ChildofMidnight (talk) 20:59, 7 October 2009 (UTC)

Unfortunately, the overlap makes it impossible to segregate the two without being able to divine intent, i.e. without being mind-readers. davidwr/(talk)/(contribs)/(e-mail) 21:39, 7 October 2009 (UTC)
Perhaps we should expand or rephrase Cleanstart as that is the relevant part of the policy. ϢereSpielChequers 09:43, 30 October 2009 (UTC)

Rename the page

I think the mistake is calling the page sock puppetry and then including legitimate accounts as a subsection saying that they aren't sockpuppets. It would be much clearer all round to rename the page Wikipedia:Multiple Accounts and have legitimate publicly declared alt accounts, allowed secret alternate accounts, clean start and sock puppets as different sections within that policy. Anyone object If I rename the page? ϢereSpielChequers 16:29, 15 October 2009 (UTC)
I created Wikipedia:Multiple Accounts as a redirect to Wikipedia:Sock puppetry#Legitimate uses of alternate accounts. Thanks for the idea. davidwr/(talk)/(contribs)/(e-mail) 03:15, 19 October 2009 (UTC)
Thanks but I'm not sure that works. To make sense, Multiple accounts should include sockpuppetry as that is the abuse of multiple accounts. Sockpuppetry however should not include legitimate alternate accounts as they are not sockpuppets. Does anyone object If I rename the policy Wikipedia:Multiple Accounts and make wp:Sock_puppetry a redirect to the section on sockpuppetry? ϢereSpielChequers 16:41, 19 October 2009 (UTC)
No objection in principle, but you'll need to clean up/rearrange the article because sockpuppetry is discussed throughout. Right now the overall tone of the article matches the "sockpuppetry" title. The tone and theme should match the main title. davidwr/(talk)/(contribs)/(e-mail) 13:55, 20 October 2009 (UTC)
  • I think this is a good idea, just on the basis of logic. Many of us have confused the two issues momentarily. No account begins as a sock; it becomes a sock as soon as it is used for illegitimate purposes. Two accounts are an essential part of the definition of "sock". Tony (talk) 14:12, 20 October 2009 (UTC)
  • My concern about doing this is in case the thrust of the page ends up being watered down. Some editors on this page, for example, want to remove that second accounts should be sent to ArbCom or checkusers, something that's been regarded as good advice for a long time. I'm becoming concerned that a very small number of accounts are changing the spirit of a long-standing policy. If we change the title of the page to emphasize the legitimate uses, with the sock aspects being discussed in a "oh and by the way" section, we're giving the impression that alternate accounts are more acceptable than they are. The default position is still one editor = one account. I'm wondering if it's worth opening this up to the wider community at some point. SlimVirgin talk|contribs 00:56, 21 October 2009 (UTC)
Good point, and yes if its renamed Sockpuppetry needs to be the prominent section. I suspect however that the difference between abusive sockpuppet and sockpuppet has been forgotten, ϢereSpielChequers 13:51, 29 October 2009 (UTC)
I don't think they are separate issues. The primary issues with sock puppetry are creating undue influence in debates, and the avoiding of scrutiny. Block/ban evasion falls under avoiding scrutiny. Chillum 13:53, 29 October 2009 (UTC)
Five years ago this page defined a sockpuppet as "an additional username used by a Wikipedian who posts under more than one name." and abusive sockpuppetry was a subset of this page. Since then the jargon has evolved, and most users now only use the word sockpuppet for abusive alternate accounts, though the page still has relics of the earlier meaning such as WP:SOCK#LEGIT. Hence my suggestion that we rename the page to reflect current use of the term. ϢereSpielChequers 14:18, 29 October 2009 (UTC)
It shows what is sock puppetry and what is not sock puppetry. I agree any sort of rewording that makes it more clear that a legitimate alternate account is not a "sock" is a great idea, but the policy is about sock puppetry. I think rewording rather than renaming will clarify things better. Chillum 14:22, 29 October 2009 (UTC)
The policy is about multiple accounts, by far the largest section is about abusive sockpuppets, but the section Legitimate uses of alternate accounts is policy as well. When people used Sock puppet as jargon for all alternate accounts that made sense - though I don't know if former accounts were ever considered sock puppets, and this is where Cleanstart is written up. I think that renaming would make the whole thing clearer. ϢereSpielChequers 09:06, 30 October 2009 (UTC)

Disclosure

We recently lost Editors who use more than one account are advised to provide links between them on the user pages (see below), or disclose the accounts privately to the Arbitration Committee (arbcom-l lists.wikimedia.org) or functionaries mailing list (functionaries-en lists.wikimedia.org) to avoid them being identified as sock puppets. Does anyone object to my restoring that? apart from the fact that I recently disclosed an alt account to arbcom, I think that anything that encourages people to declare alt accounts is a good thing, and can resolve concerns if you go to the talkpage of a highly experienced new users and see that they are a declared alt account. ϢereSpielChequers 16:23, 15 October 2009 (UTC)

I have no objection in principle, but ask arbcom for input. They may prefer a different recipient for such disclosures, such as a checkuser or a particular arbcom-related mailing address. —Preceding unsigned comment added by Davidwr (talkcontribs) 23:06, 15 October 2009
  • I object.

I put back the first sentence, referring to open disclosure. Removing that was by mistake. I removed the private disclosure part from below [3] as bad advice.

Reasons why the private disclosure instruction doesn't belong include:

  • Receiving such disclosures is beyond the arbs' scope, and we should not be expanding their roles from here.
  • The arbs are explicitly not agents of the WikiMedia Foundation, and are not tied to the WikiMedia privacy policy. If you have a privacy concern, it would be foolish to disclose to a group without a privacy policy.
  • The mechanism of disclosure, by email, is not secure. It is not hard to eavedrop on all such emails.
  • The logic of the advice is missing? If you are not abusive, you will not be detected, and certainly not be publicly revealed by the CUs, who abide by a strict and defined privacy policy. If you are abusive, prior disclosure won't, and shouldn't, offer protection. --SmokeyJoe (talk) 23:34, 15 October 2009 (UTC)
  • There are times when private disclosure should be done. If you use a single purpose account to edit controversial material, sooner or later it could get you called on the carpet. If a functionary knew ahead of time what was going on, and they told checkusers when asked, it would save a lot of work and possibly avoid being blocked indefinately for being a disruptive user. Example: User edits Palestine-related articles somewhat disruptively but not breaking any hard rules to the tune of 100 edits a month. He gets sent to arbcom and he's banned from the project as being disruptive. A checkuser reveals another account with 1000 quality edits a month, but it is summarily blocked indefinitely as a sockpuppet of the banned account. If this information was available in advance, the initial penalty would've been much lighter: Probably "user X is limited to 1 account and is topic-banned from Palestine-related articles."
  • Another time is if an editor is editing in an area where his very life would be in danger if the accounts were linked. If arbcom knows "user X is a sock of user Y, but it cannot be linked due to the fact that he could be arrested by his dictator's henchmen" they will be more likely to go out of the way to erase such linkage from edits and log entries, should the person ever be outed. davidwr/(talk)/(contribs)/(e-mail) 00:03, 16 October 2009 (UTC)
  • If you won’t publicly disclose, and I agree reasons exist, private disclosure might be a good idea (not entirely convinced, or opposed). That is not my problem. My problem is advising people to email a defined address, with recipients who are not tied to the WikiMedia privacy policy. Private disclosure needs to be secure, and to the CUs no less, CUs who are tasked with this sort of thing, with appropriate policies in place. I have made this point several times, and been agreed with. However, SlimVirgin repeatedly reinserted the instruction to email the arbs or functionaries, without engaging in this discussion. --SmokeyJoe (talk) 00:26, 16 October 2009 (UTC)
Arbitrators, checkusers, oversighters, Foundation employees, members of the AUSC, and former arbitrators make up the Functionaries mailing list, and all of us are bound by the WMF privacy policy. The process of emailing the Arbitration Committee for non-public disclosure of alternate accounts has been in place for several years, and is nothing new. As to email security, that is more a matter of the sender using a secure email system, not the recipient. Alternatively, one can go to User:Arbitration Committee and use "email this user", which goes directly to the Arbitration Committee's mailing list. Risker (talk) 03:53, 16 October 2009 (UTC)
While I suspect that this is true in practice, I do not see it as watertight. Where Wikipedia:Arbitration Committee says "Arbitrators are neither Wikimedia Foundation employees or agents, nor Wikipedia executives. They are volunteer users" I read a disclaimer saying that a failure on the part of an arbiter is not the responsibility of the Wikimedia Foundation. If arbiters and former arbiters are bound by the WMF privacy policy, then can you please verify that. I note that arbiters are not even required to identify themselves to WMF. It is beside the point that this year all members have done so. --SmokeyJoe (talk) 04:09, 16 October 2009 (UTC)
Making contact through https://secure.wikimedia.org/wikipedia/en/wiki/Special:EmailUser/Arbitration_Committee is probably reasonble. Asking someone from a Chinese university to email arbcom-l lists.wikimedia.org is not reasonable. --SmokeyJoe (talk) 04:16, 16 October 2009 (UTC)
I accept that users in China are in a different position, but notifying Arbcom seems a perfectly sensible route for editors who "create a new account to experience how the community functions for new users" such as in User:WereSpielChequers/Newbie treatment - I created an alt account for this a few days ago and notified Arbcom of it. They told me they preferred participating accounts to be notified to them, even if they are going to be revealed at the end of the experiment. So I suggest that notifying Arbcom option be restored as an option. ϢereSpielChequers 02:07, 17 October 2009 (UTC)
Will you accept that the notification be recommended to be done by the more secure method detailed above? Or at least provide information on the more secure method, noting that while many notifications, such as yours, are probably not really that sensitive, some may be?
I also don't understand the resistance to switching the party to disclose to from arbs to CUs. Multi-account abuse is the purview of the checkusers, not the arbs, and from many accounts the arbs are already plenty busy enough without giving them checkuser jobs. And with such large overlap between arbs and CUs, I'm sure the arbs will be collectively informed whenever there is a reason to. --SmokeyJoe (talk) 08:56, 17 October 2009 (UTC)

SlimVirgin yet again put the bad advice back again, amongst a flurry of edits, suggesting that it had been lost. No, I removed it because it is bad advice. Supervising all alternate accounts is not the role of the arbs, or of the functionaries, but of the checkusers, and policy advice must not invite the insecure release of sensitive information. I think the recipient of sensitive disclosures needs to be defined, and a suitable method of disclosure defined. --SmokeyJoe (talk) 06:57, 20 October 2009 (UTC)

I actually don't have a view as to whether it should be an Arbcom or Checkuser mailing list, but I'm happy to be guided by the people running that list. I recently declared an account to Arbcom as part of the project User:WereSpielChequers/Newbie treatment, and asked whether they wanted such accounts declared to them as they would only briefly be secret. They said they did, so I have put advice prominently in that project to declare all accounts created for that project to Arbcom. If they tell me to shift to notifying a checkuser mailing list I will do so. However I do not think that this policy should advise notification to one individual, as in my view that is just asking for trouble. Not only is there a single point failure, but an opportunity to game the system if you notify someone known to be on wikibreak etc. ϢereSpielChequers 14:45, 29 October 2009 (UTC)

Balancing technical and behavioural evidence of socking

Dear colleagues,

Since the effectiveness of our ability to technically identify sock puppetry currently lies at the heart of enforcing this policy, and because I've seen a general belief expressed from time to time that ultimately the smart sock master can evade technical investigation, I wonder whether someone could list the methods of such evasion. Are any of these methods emergent?

The point of posing this question is that I suspect the enforcers will never win the arms race, and that it might be worth considering a shift in SPI towards greater admissibility of behavioural evidence where technical investigation fails to nail what is highly likely to be an instance of sock puppetry. My experience tells me that there can be a critical mass of behavioural evidence that individually may not be enough to conclude "likely" or "highly likely", but that together would be.

I ask here rather than at WT:SPI because it would be useful to have broader input, and because I don't want to take up the time of our hard-pressed CUs and patrolling admins, who work hard to investigate possible SPs. Tony (talk) 06:23, 16 October 2009 (UTC)

I suspect that Tony is right, and that talk of disclosure (disclose or else what?) is a waste of time. How many times has someones disclosure had any purpose? The abusers won't disclose, and can easily work out how to avoid detection, and those who disclose wouldn't have abused anyway. --SmokeyJoe (talk) 07:01, 16 October 2009 (UTC)
WP:BEANS. A public discussion of ways to avoid detection would be counterproductive. But I agree that behavioral evidence is often better than technical, especially since the behavior which was the usually problem in the first place.
I disagree with SmokeyJoe's point. There seem to be situations where people Aren't sure what to do and having a procedure is a way of showing the right and wrong way. My concern is more what we'd do with the information. Should CU to whom the the disclosure is made review the accounts' edits to make sure that there isn't a current violation? Review them occasionally to make sure they are being used properly? If someone suspects a socks puppet and presents an RFCU then what should the checkuser say? "You were right" or "I can't confirm or deny that the accounts are linked, but there is no abuse"? If a functionary sees someone run for RFA or other position of trust, and knows they have alternate accounts one of which got a short block, must they say something? I don't think we've thought through how this information would be used.   Will Beback  talk  07:39, 16 October 2009 (UTC)
I think you only disagree with a digression. My main point is just that if private disclosure is to be recommended, it should be recommended that disclosure be made via a secure method, and under cover of a defined privacy policy (as already exists, explicitly, for the checkusers, here). Do you disagree with this main point? --SmokeyJoe (talk) 10:06, 16 October 2009 (UTC)
I agree that there should be a privacy policy and a secure method for communicating the disclosure.   Will Beback  talk  10:33, 16 October 2009 (UTC)
I have a case right now in which there is a vanishingly small likelihood that sock puppetry is not involved (the interface of many types of behavioural and circumstantial patterning), but where a technical investigation has been unable to produce a connection between the two accounts. Naturally, I can't disclose this publicly here, but you may empathise with the frustration. Tony (talk) 07:50, 16 October 2009 (UTC)
Speaking as an SPI clerk, I can safely say that at least 75% of all cases are decided purely on behavioral evidence, and technical evidence is not brought into play. It all really depends on the quality of the behavioral evidence and what the patrolling administrator feels is enough to make the block. Tony, I would encourage you to create a normal SPI case; I would be happy to look over it for you and make sure that any discussion stays on topic regarding the evidence and not about the accusation itself. NW (Talk) 15:59, 16 October 2009 (UTC)
NW, thank you very much for your post; I will arrange for this soon. Tony (talk) 09:03, 17 October 2009 (UTC)

Request for clarification

Under "Inappropriate use ...", it says, inter alia:

*Administrator sock puppets: Editors must not operate more than one administrator account (excluding bots with administrator privileges). If an administrator leaves, comes back under a new name and is nominated for adminship, they must give up the admin access of their old account. Candidates for adminship should normally disclose any past accounts they have used, because adminship reflects the community's trust in an individual, not only in an account. Administrators who fail to disclose past accounts, or are found to have used a second account in violation of this policy, risk being desysopped.

The underlined portion of text is the point of this posting. It does look as though, to be true to this policy requirement, RfA candidates should be asked as a fourth standard question whether they have used any past accounts. If this is the case, someone should inform the crats who run the RfA process, do people think?

The last sentence does look as though all admins need to disclose (on their talk page?) their past accounts ... like, immediately. Is this the case? If so, perhaps it should be made known widely? Tony (talk) 15:25, 16 October 2009 (UTC)

Whether or not past administrators should or must disclose past accounts should be discussed at WT:RFA. Please consider asking your question there. The text here should reflect whatever consensus develops there. davidwr/(talk)/(contribs)/(e-mail) 19:50, 16 October 2009 (UTC)
I think this is a fairly new addition which renders the whole policy ambiguous and flawed as it contradicts the longstanding clean start section. I suggest it be reverted to what it was a few weeks ago so that clean start still applies. If the RFA crowd want to change the cleanstart policy for new admin candidates the place to do so is surely here not at RFA. If anyone wants to retrospectively change the policy for all admins then RFA is definitely not the place to consider it. ϢereSpielChequers 01:39, 17 October 2009 (UTC)
I want alt-account policy to be as strict as possible. Yes, it should all be discussed here, but the current text does raise problems, as you say, and need to be discussed urgently. I'll alert RfA talk. Tony (talk) 01:52, 17 October 2009 (UTC)
I think we have an element of barn door closing going on in the community at present, and there is a risk of forgetting that the reason why barns have doors is that sometimes they need to be open. I'm not sure if there've been incidents where candidates legitimately exercised cleanstart, subsequently went through adminship and we had cause to regret it. Though there have been some recent cases that remind us why wp:CLEANSTART says "This is permitted only if there are no bans or blocks in place against your old account". ϢereSpielChequers 02:27, 17 October 2009 (UTC)
Why not replace should normally with usually and then swap or with and in the last sentence? I know it changes the meaning (quite) a bit, but it does keep the wording within the letter and spirit, and avoids all those nasty confusing barn door metaphors. ~ Amory (utc) 02:58, 17 October 2009 (UTC)

I'm not intimately familiar with all parts of Wikipedia policy, but my impression has long been that this whole style of telling editors what they "should" do is not usually how Wikipedia operates. For one problem with the standard here, how would it ever be applied? "Should normally" or "should usually" are as far as I can see both just about useless, unless there is a clear standard for what are or aren't normal or usual circumstances. Come to think of it, I suggest anyone check out void for vagueness (a much better summary of the reasoning is here)for some of the problems associated with wording prohibitions in such vague terms (this is an issue with Wikipedia policy generally, but I'd suggest one that worsens when you attempt to harden the perceived requirements on these pages). I agree with davidwr that this should be discussed where the RfA questions are set, just as long as we continue to stick here to describing those standards and not to creating vaguely-defined admonitions that could or could not apply in any situation. Mackan79 (talk) 05:47, 17 October 2009 (UTC)

(Full disclosure: I think I'm going to go try and clear up void for vagueness, if anyone cares). Mackan79 (talk) 06:32, 17 October 2009 (UTC)

  • Not vague at all, as currently worded. The implications are as I've outlined at the top of this section. I'm quite happy with them, since WP has to get a grip on this practice, which is too easy to abuse (even if most people don't abuse it). It is eroding the fabric of trust in the community. I started this section to determine how RfA and the crats and admins are to be informed of the policy. Tony (talk) 08:02, 17 October 2009 (UTC)
    • The ambiguity comes with the comparison to cleanstart below it "If you decide to make a fresh start, and do not wish to be connected to a previous account, you can simply discontinue using the old account(s), and create a new one that becomes the only account you use." So Cleanstart does not currently rule out becoming an admin. The newish sentence at the top would. As for eroding the trust in the community, when have we last seen someone legitimately use clean start and subsequently lose the trust of the community? ϢereSpielChequers 08:33, 17 October 2009 (UTC)

The relatively recent RFA, Wikipedia:Requests for adminship/A new name 2008, comes to mind here. In that case, a user running for adminship disclosed that they had a previous account, but refused to publicly identify it; however, they were prepared to identify it privately to functionaries to verify that it had not been used improperly. In that case, the RFA failed (partly due to events beyond the candidates' control), but with a comparatively high level of support and many people, myself included, felt it was acceptable. Would this new policy forbid such an approach? I agree that we do not want sock puppets running for adminship, and that admin candidates should be obliged to disclose their prior history; but I'm not sure they should have to do so publicly. I think admin candidates should be able to have any prior accounts privately verified by trusted users, as happened in this case. We don't want adminsocks, but we don't want to drive away potential admins for fear of privacy-violating information being revealed either. Robofish (talk) 13:24, 17 October 2009 (UTC)

I think I agree with everything Robofish said. There's a need to build into the SP policy text the privacy option for disclosure. Tony (talk) 13:27, 17 October 2009 (UTC)
Even if consensus did form to require admins to report their prior accounts, and no such consensus has formed(and I oppose the idea), it certainly cannot be retroactively applied to existing admins. When I became an admin I did so with the expectation of privacy and revealing other accounts that contain person information about myself was not part of the deal. You can't tell someone for 3 years that they can use alternate accounts to safe guard their privacy and then change your mind after the fact and ask them to expose this private information. If anyone expects that all admins must reveal their past accounts ... like, immediately... then don't hold your breath. Chillum 15:30, 17 October 2009 (UTC)

The quoted text is ambiguous. Do admins need to disclose all accounts, or just all alternate admin accounts? And when does this disclosure need to happen, before RfA or during RfA or after RfA? At the moment someone is asking all candidates about existing alternate accounts, and about alternate accounts that might be created in future. I'm not sure what your proposal will stopp. Non-abusive admins running more than one admin accounts will lose one account when they declare them both. Abusive admins with more than one admin accounts will keep them both and not declare either. NotAnIP83:149:66:11 (talk) 15:54, 17 October 2009 (UTC)

I'm not proposing anything at the moment; merely pointing out the possible ramifications of the current text in this policy. I should say that I've never edited WP:SOCKPUPPET, except for a small amount of trivial copy-editing some time ago. Tony (talk) 16:17, 17 October 2009 (UTC)

My concern with vagueness has to do with phrases like "should usually" and "should normally." "Usually" and "normally" are both non-standards. "Should" is ambiguous as to whether the described action is a requirement or always just aspirational (this is problematic in either case, since sometimes it should be considered a requirement, as when there are sanctions, and sometimes it is not reasonably expected at all). The point is our goal here should be to clarify policy, not just to hand out megaphones for people to shout into when one of these situations comes up. One problem in particular I have in mind is that a person should never be required to establish that their privacy is a legitimate concern; whatever is made policy, it can't require that (and indeed should not be evaluating specific needs at all). This is nevertheless the type of thing that's encouraged by language like "should normally," and indeed the most likely way it will be applied. Mackan79 (talk) 22:39, 17 October 2009 (UTC)

The last 3 times the issue has come up that I know of in the context of RFA (I give sketchy details at Wikipedia_talk:Requests_for_adminship#Undisclosed_multiple_accounts_and_RFA), I was comfortable with what people were saying about why they had to abandon and not publicly disclose accounts they had used previously, and if those accounts had been vetted (they weren't) by a trusted third party who understood what the RFA voters were looking for, I would have supported in each case. - Dank (push to talk) 03:25, 18 October 2009 (UTC)
I'm pretty sure we all know the reason that I started to ask my question about alternate accounts. I feel the phrasing is a positive way to ask the question, and indeed, I feel it remains a valid question whether admin candidates must provide the information or should provide it. How they answer might show a lack of policy knowledge, or they may answer it in such a way that you say "wow, well said!". (talk→ BWilkins ←track) 09:18, 18 October 2009 (UTC)

Check User all admins and admin candidates

I know this has been suggested before, but why not CU all admins, and admin candidates? I think that we would benefit from a process where CU results are disclosed first through email to the Admin/candidate, and that individual is then given a chance to explain/dispute the results. Personally, I know for a fact that there are at least two other user names out their which could appear to be sockpuppets of me. One of them was simply another person editing from my old office, while a second account was in fact from my house, but was a friend making fun of me for being a little too obsessed with Wikipedia at the time. Neither is a sock, nor even active, but both of them are known to me and would be accounts that I would disclose knowledge of if asked by a CU because I think they lend the appearance of at least having multiple accounts. Anyone who edits from a shared IP, or even a shared computer is going to have the same type of white noise linked to their account, and a robust CU process for existing and aspiring admins is a good way to sort the wheat from the chaff. Likewise, I'm sure that many admins maintain alternate accounts simply for the sake of editing in peace and quiet on a favored subject. I have never done this, but I would consider it to be a very reasonable way for admins who are either overworked, or often involved in heated areas, to prevent burn out. Likewise, a robust CU would be a good way for the admin/candidate to get a clear picture of what could be lurking in their closet, and knowing that this information is not hidden from at least the CU portion of the community would be a smart way to encourage everyone to stay on the straight and narrow. Think of it like a drug test for athletes. Hiberniantears (talk) 16:29, 17 October 2009 (UTC)

One further thought to my own: All admins should definitely undergo a CU to verify that they are not in control of multiple admin accounts. We do need to have some reliable faith in our total number of humans with admin rights. Hiberniantears (talk) 16:35, 17 October 2009 (UTC)
We've been through this before. This is clearly "fishing" and is not appropriate use of checkuser; it's also an extremely inefficient method of trying to find alternate accounts. It is trivially easy to avoid having an alternate account show up on checkuser, so a clean check simply means that there is no technical link between the checked account and other accounts. More importantly, it results in the invasion of privacy of potentially hundreds of editors. Checkusering all admins and all admin candidates is not going to happen. Remember that the primary purpose of checkuser is to address disruption within the encyclopedia. Applying for adminship is not normally disruptive. Being an admin is not normally disruptive. Hiberniantears, if your good faith is going to be irreparably harmed by one bad apple (there has only been one case of someone having two admin accounts, and it would not have shown up on checkuser), then there is a different problem here, and it's not going to be solved by checkusering hundreds of good users. Risker (talk) 16:49, 17 October 2009 (UTC)
Very well, but my suggestion is considerably more expansive than that... Establish a process that involves the use of CU, but which is unique from the traditional application of CU, and which is also more private. Those of us who currently have the mop would obviously need to be handled differently since it is entirely reasonable for people to oppose this on the grounds that they didn't sign up for such treatment 3, 4, or more years ago. I've been editing since early 2005, and an admin since 2007, and I like to think that I behaved myself in that time. I would be happy to undergo a CU specifically because I have nothing to hide. This is not fishing, which is a misguided attempt to CU a bunch of accounts for the sake of a witch hunt. Rather, this is a background check, albeit a retroactive one which would go a long way toward augmenting the community's faith in the admin corps. I commented on the RfA talk page today about the ever present "RfA is broken" debate. The debate is a reasonable one because RfA is an inherently flawed process that relies more on popularity than credibility and integrity. It would behoove us to move toward some type of mechanism which effectively allows for the admin corps to be properly vetted while still protecting our privacy. Hiberniantears (talk) 17:02, 17 October 2009 (UTC)
The community's inability to assume good faith because (a year after either account had edited) it was discovered that one user had two admin accounts is not going to be fixed by checkusering people for no good reason. Checkuser is to address disruption. It cannot prove innocence and does not necessarily show guilt, either. All that would result from this is increasing paranoia and would change the primary behavioural assumptions on which this project is built. It would be more effective to insist that all editors must use their real names when editing than to checkuser everybody; however, that is in opposition to the fundamental tenets of the project. Risker (talk) 17:13, 17 October 2009 (UTC)
Just to be clear, I think we're talking past each other at the moment. I fully agree with what you're saying. However, what you're saying is not what I am talking about. I'm talking about developing a new tool, with a new framework. I am not dicatating the requisite components of this tool, except to say that privacy concerns need to be addressed. I am also not motivated by any one specific case. More importantly, we have had far more than one admin go bad. In some of those cases, a more robust but private inquest into an admin's background would have prevented the problems in the first place. This is also not a silver bullet for preventing abuse, but simply one tool (just as admins have more than one tool to do our jobs) in a larger workshop. Wikipedia does have a legitimacy problem. Our legitimacy problem does undermine our credibility. One facet of this legitimacy problem is based on public awareness of failings by members of Wikipedia's hierarchy who turn out to be something other than what they claim to be; in most cases something significantly less than what they claim to be. We don't, as a community, deal with this very well because we rely far to heavily on total anonymity except when someone does something so obviously eggregious for all to see. Anonymous users and honest behavior are not contrary to each other. Hiberniantears (talk) 17:29, 17 October 2009 (UTC)
What do you mean, a new tool? Seriously, there isn't any technologically available tool that will reliably link all edits by a single person together regardless of account. There are far too many variables in individual users, and far too many ISPs and IPs that are so dynamic that checking even a small range will show up the information of dozens or even hundreds of editors. As I sit here right now, I can be logged into three different ISPs from three different computers all within my reach, and there's no way that anyone could link those edits together technologically. ¶ Frankly, nobody outside of a subset of our own small community and a few interested gossips cares whether Editor #1 is also Admin #2 and Editor #3. What they care about is whether or not our content is any good. Do you really think that people stopped looking up Sodium chloride because RickK turned out to also be Zoe? or that people stopped improving Michael Jackson because an admin was running abusive socks? Please, let's get serious here. Our reputation outside of the project is almost entirely based on our content, and the only time that adminship was an issue outside of the project was because an admin deliberately misled a journalist about his personal background. What you are proposing here is a personnel management system, one based on inherent distrust of anyone who is interested in becoming or continuing to be an administrator, by using a tool that is not able to provide exonerating information. Risker (talk) 18:05, 17 October 2009 (UTC)
You're right. I'll go jump off a cliff for bothering to think conceptually. Flight wasn't technologically capable once, but we got past that limitation with a little deep thought. Heck, open and free encyclopedia's weren't even free until Wikipedia popped into the mainstream, and just because we can't do something now, or haven't bothered to think about how to do something now, doesn't mean we should be so dismissive toward anyone who bothers to think about possible solutions. That you are so ready to judge the possible as impossible through such a narrow focus as the RickK situation is troubling given your position of respect here, as well as your own open identity. Frankly, I would never be so open with my identity here as you are, and I value my privacy. That doesn't mean that I would be unwilling to undergo a process in private that seeks to more accurately account for whether or not I am legitimate. My career focuses on developing a product that requires a considerable amount of quality assurance at all points in the development process. Inevitably, things get through. However, it is imperative that when this happens we have a well devised and organic QA process which can be pointed to as evidence to a committment to quality. Sodium chloride or Michale Jackson are good articles in spite of our failings because they are popular topics in American English, with a high volume of available and credible sources, as well as a critical mass of knowledgeable and objective editors to keep watch on things. We don't have that in most places here, and this is often where the credibility of admins comes into play. Hiberniantears (talk) 18:28, 17 October 2009 (UTC)
Hiberniantears, probably the reason I react strongly and quickly to such ideas as "let's checkuser all the admins" is because this question is asked and answered so often; there's probably a similar thread on this page right now, and I routinely hear it at least once a month on one page or another. It is not a suitable tool for vetting admin candidates because it is not designed or intended to provide the answer to the question "is editor #1 operating other accounts?". Checkuser is designed to assist in determining if Account A is technically comparable to Account B; this is often difficult or even pointless unless one has both an Account A and an Account B to compare in the first place. The "weaknesses" in checkuser are not related to checkuser, but to the manner in which various ISPs throughout the world operate. There are some countries that have only a handful of IP addresses; Qatar and Singapore come to mind. There are other countries where ISPs have enormous dynamic pools of IPs to the point that checking even a single IP can pull up dozens, even hundreds of unique editors. ¶ For the past ten months, Hiberniantears, I have lived with nearly daily bad-faith accusations about almost anything I do or don't do with respect to Wikipedia, ranging from abusing oversight and suppression through poorly thought out reasoning for decision-making, to failure to include full personal details ("she must be hiding something if she won't reveal her full name and precise location!") and threats to my real-world personal and professional life. It is exhausting, and the similar experiences of prior arbitrators have significantly contributed to an over 80% resignation rate. The sad part of this is that the majority of this bad faith comes from within the project; nobody outside of the project, with the exception of banned users, questions my good faith or ability to carry out the responsibilities I have accepted. The same is true for administrators. What you're proposing is to extend the general atmosphere of distrust and bad faith that arbitrators are exposed to on a daily basis down to the administrative corps; the reasonably predictable result will be that administrators will be resigning in droves as well, once they're assumed to be acting in bad faith. There's no problem with removing permissions from administrators who are using them inappropriately or whose general editorial behaviour is inconsistent with continuing in the role; take a look at how many admins have been desysopped this year. Consider that there are considerably fewer successful candidacies for adminship (in both numbers and percentage of successful candidacies) than ever before. Consider that individual administrators do not have sufficient ability to seriously damage the content of the project; at worst, a poorly made decision can (and should) be easily reversed. Bad decision-making skills, inappropriate editorial behaviour, and abuse of administrator tools do not correlate in any way with checkuser results. As I say below, if you are after developing a quality improvement system for administrators, there are several other pages where this discussion is better suited. WP:SOCK isn't relevant at all to what you're discussing. Risker (talk) 20:39, 17 October 2009 (UTC)
Risker, please understand that I've been an admin longer than you have, and that much of my admin work and admin thinking has been focused on countering vandalism, and sockpuppetry. I don't say this because I think I'm smarter or better than you. I say this because you are speaking to me as if I'm ignorant of basic admin skills and duties. I'm not some naive rube tossing out an ill-considered concept here. AGF is a great idea, but we have to be mindful of applying the concept properly. For example, if a new editor makes what appears to be a bone headed edit, we should assume good faith that this editor is not actually a bone head, but rather a new editor who may benefit and appreciate some kindly advice. Credible editors who are serious candidates for the mop, on the other hand, should not have AGF applied to them carte blanche. Subtle "vandalism" in the form of long term collusion and tendentious editing is very much alive within the admin corps as it is anywhere else. See Piotrus for example. CU would not have uncovered this (as far as we know), but I would argue that he should have been CU'd by now for his behavior and involvement with a sock-heavy group. For the rest of us, we should be treated as if applying for a job. Potential employers don't assume good faith; they ask you to sign a statement indicating if you have or have not been found guilty of a crime. This is a volunteer project, of course, but CU is a valid tool, which while not definitive by any far stretch is still highly valuable. It is one tool, and this one tool will be helpful in identifying potential problems, as it always has. I have personally blocked numerous (or arguably not so numerous) individuals based on CU results. Davidwr does a fine job below of explaining other elements of a working framework into which CU could be employed. That you don't see a problem with socking admins, or individuals controlling multiple admin accounts is deeply troubling. Wikipedia will not be a well respected source of information until it has a reliable source of monitoring the behavior of people like you and I. We currently don't, and we have had plenty of situations where unquestioned members of the hierarchy have turned out to be nutcases who embarrased the project and tarnished our credibility. Again, your only thinking of what CU has been, and if anyone here is afraid to be CU'd, I ask what it is exactly they're hiding? Esspecially if the CU results are private. Hiberniantears (talk) 21:40, 17 October 2009 (UTC)
I do have a problem with individuals who control multiple admin accounts, and would desysop them in a second; I've written more than one desysop motion myself, and would do so in such a case, so please don't put words in my mouth. Not wanting to do mainly useless checkusers on thousands of editors has nothing to do with that. But to put it bluntly, I do not have a problem with administrators using alternative accounts within the accepted parameters of the project. Several administrators (some of whom edit under their own names) have assumed alternate accounts to deal with highly problematic articles in areas such as sexual paraphilias that would cause them considerable problem if they were associated with their usual accounts; this is a valid use of an alternative account, and is of active assistance in improving the project in subject areas that most other editors won't touch. Several administrators have obvious but not directly linked alternative accounts. Others who edit under a pseudonym have created an alternative account in their real name, not to edit but to protect it from the various vandals who take pleasure in wreaking havoc to the real lives of editors. Others yet again do their genuine editing under one account, with only their administrative actions linked to their admin account, or don't log in for anything other than admin actions. None of these things is against the current policy. Even if such actions were discovered on checkuser, there is no policy violation and no disruption to the project. I categorically reject your contention that the reputation of the project rests on whether or not administrators have alternative accounts, and put it to you that such a contention requires proof, from external sources, that it is even commented upon let alone considered a major reputational issue. I will put to you that I can speak with a fair degree of authority on the reasonable and unreasonable expectations associated with the checkuser tool, having done a fair number of checks in the past 10 months, and having learned its strengths and weaknesses. ¶ A few months ago, I was in a position where I couldn't get secure computer access, but was able to make arrangements to access a computer to do some nice casual wikignoming type editing. Within half an hour and about 40 edits, more than 30% of my grammar and spelling corrections had been reverted, and there were already 3 warnings on the talk page. One of those came from an admin, but the rest of them came from ordinary editors doing recent changes patrols with certain well-known tools. It is this kind of behaviour that creates a bad reputation for the project - and the problematic, chilling behaviour was in no way confined to administrators. ¶ Now, perhaps this discussion about reform of the administrator selection process can be moved to a page that actually deals with administrator selection rather than one that deals with only one small aspect of administrator selection. I can think of at least five other places where this discussion would be better suited. What say you? Risker (talk) 22:27, 17 October 2009 (UTC)
Well, we disagree, but probably not as funadamentally as you think. I'm not entirely convinced you fully understood what I'm talking about, and that is probably my fault for starting the thread off with too general a theme. On a slightly different note, and entirely out of my own curiosity, could you provide the difs to those 40 or so edits you made that triggered reverts and template warnings? I fully agree that trigger happy template warnings and IP/new user reversions are one of our greatest issues, so I would like to get a look at what type of edits you were making to encounter this issue. Hiberniantears (talk) 15:13, 18 October 2009 (UTC)
  • Generally opposed. As we have discovered, CU catches only those who it detects so just because someone was CU'd doesn't mean they haven't found a way around the protocol. Also what is to prevent them from starting an alt account after they go through a CU process? Or will there be random screenings through the year? -- Banjeboi 17:42, 17 October 2009 (UTC)
We can remove the CU component from this thread if we're all getting caught up on it. A poor choice on my part to lead off with it, but could we focus on my larger idea of developing at least a conceptual process for better vetting admins? Again, I don't know what would work best, but I think we would be well served to throw some ideas around and see if anything sticks. Hiberniantears (talk) 17:47, 17 October 2009 (UTC)
Well, if your purpose here is to discuss a way to better vet admins, you're on the wrong page. Propose you move this entire section to WT:RFAR. Risker (talk) 18:05, 17 October 2009 (UTC)
See my comments above Risker. I don't understand your abruptness in this thread. Again, it appears not to be a major concern to you for reasons specific to your apparent areas of content interest. However, I would expect more expansive thinking from anyone even tangentally associated with the ArbCom. Hiberniantears (talk) 18:28, 17 October 2009 (UTC)
Avoiding use of "check user" hot-button words. I'm not sure what you're trying to suggest? Some mechanism that admin-candidates go through where the IP of their main account is checked against, well, what? And what's to stop USERBOB keeping all edits from account1 on one IP, and all edits from account2 on another, unconnected, IP? Or do all admins confirm their identity through OTRS? NotAnIP83:149:66:11 (talk) 18:51, 17 October 2009 (UTC)
  • WP:AGF I think that we need to strike a balance between WP:assume good faith and protecting the project from harm. For "mere admins" the only real abuse-able power they have that cannot be undone is the power to see or restore-for-others-to-see/screen-capture deleted edits, and even that doesn't extend to WP:OVERSIGHTed edits. Given that, it should be sufficient for admin candidates to
  • 1) privately disclose to any previous accounts that caused trouble "recently," where "recently" is determined by WP:RFA participants: 1 year would clearly be recent, 5 years ago probably would not be, 2) privately disclose any accounts used to make edits "very recently," where "very recently" is some shorter time, and 3) publicly disclose any accounts that caused trouble "very recently," or 4) where arbcom or whoever received the private disclosures in #1/#2 requested a public disclosure. #4 is there for cases where a very significant event happened so long in the past that it was not "very recent," such as being banned from the project for a year.
  • If, for example, WT:RFA consensus set "recent" as 5 years and "very recent" as 2 years, then if I were a troublemaker in another account 18 months ago, I would have to disclose it publicly. If I edited under another account 18 months ago or was a troublemaker 3 years ago, I would have to disclose privately, but may have to disclose publicly if asked to do so. If all my other accounts were abandoned over 5 years ago, even if they were mega-troll/vandal accounts, I would not have to disclose them.
  • A more likely consensus would probably be "very recent" as somewhere in the 2-5 year range and "recent" as somewhere in the 5-15 year range, possibly "forever" seeing as the project is less than 10 years old. At some point, whether that's 5 years or 25 years, we need to allow even the worst troublemakers to make a fresh start. I'm thinking of the hypothetical immature editor who trolled and socked for months on end in 2004, but who left and came back under an unauthorized "fresh start" and in 2009 or 2014 or 2029 wants to run for admin, but can't remember his old account name to disclose it.
  • The definition of "caused trouble" also needs to be hammered out. As a first stab, I would suggest a non-clean block history or being involuntarily at editor review, arbitration, or any notification that you were subject to sanctions or arbcom admonishment would count as "caused trouble."
davidwr/(talk)/(contribs)/(e-mail) 19:58, 17 October 2009 (UTC) updated to clarify/remove self-conflict 23:30, 17 October 2009 (UTC)
Thank you davidwr, this is a well considered response toward my general line of thinking. I would probably fall in line with no bad behavior in two years, with behavior in the past five years coming into consideration only in the most egregious situations. Hiberniantears (talk) 21:40, 17 October 2009 (UTC)
The issue for people with undisclosed accounts is not "what will RFA participants tolerate in the way of old bad behavior" but "what will RFA participants tolerate in the way of undisclosed accounts that may or may not have had bad behavior" and is there any way to "vet" these accounts without public disclosure. In the extreme case, if a Wikipedia editor in China, say, had multiple accounts and one of them was used for activities that he could be arrested for and the other one was known to be him by the government, he could never risk having these tied together. If he were to accept a nomination for adminship, there would need to be some way for someone to say publicly "if this person has other accounts, none of them did anything major in the last 5 years and nothing minor in the last 2." Otherwise, the dissident is faced with a choice: Deliberately deceive all of Wikipedia, which could get him in major trouble later in real life if the connection were ever made public, or decline the nomination. Granted, we probably don't have many Chinese dissidents running for adminship, but there are a host of other legitimate reasons why a person might have multiple accounts, and there may be some people who formerly had multiple accounts that were mis-used who seek adminship after many years of clean editing. davidwr/(talk)/(contribs)/(e-mail) 22:46, 17 October 2009 (UTC)
That's why the sockpuppetry policy as it was a few weeks ago was about right, and reacting to people who broke that policy by changing the policy is counterintuitive and probably counterproductive. On a lighter note I for one would not object to us admins being subject to the occasional random checkuser if that would allay some community suspicions. However I would point out that you are going to get some interesting false positives, I don't know if any of the WiFis at Wikimania connected multiple laptops through a single IP, but I've certainly seen a laptop passed round at a London meetup with multiple wikipedians logging on and off on it. ϢereSpielChequers 00:54, 18 October 2009 (UTC)
In answer to your question, WSP, the answer is that yes, everyone who posts from Wikimania is on the same IP, and this has happened at multiple meetups both formal and informal. I heard tell that, shortly after I left the NYC Wikiconference, the actions of one editor resulted in the university's IP being blocked, triggering a cascade autoblock as there were so many legitimate editors trying to edit through it all. Risker (talk) 01:40, 18 October 2009 (UTC)

I agree with Risker: it is impractical and unwise to enforce a mandatory checking system for admins. There are issues of (i) an overt lack of trust, and (ii) the labour-intensive requirement. This is, in fact, why I started the thread on the policy text overleaf that seems to be requiring such a mandatory system, like drug testing in professional sports. It looked too severe, and it didn't seem to me to have been discussed widely. I am still in favour of a mandatory declaration by RfA candidates that they have never operated alt accounts in breach of this policy; or that they have informed ArbCom functionaries of their alt accounts. That is not an active checking procedure.

We should also be mindful of how much acid is sprayed in arbs' faces for just doing their job well; and that sometimes this applies to admins too. This nastier side of running WP is something that normal editors are usually not aware of. Admins are people we do not want to encumber with mandatory universal testing. But the assumption that the sock policy is being adhered to needs to be made clear and promulgated widely, which is a different matter. Tony (talk) 16:49, 18 October 2009 (UTC)

Is there any way we can make a policy that only administrators should report sockpuppetry?

I find it very absurd that us (peers, kids, or children) should be the "tattletales" on other people's behaviors. Nobody likes tattletales and this is the sole reason why we have administrators. These administrators act in the best interests for us (children). As I look over all the closed sockpuppet investigations, it seems to me that in some cases there are "children" who are reporting it and not the administrators. As an innocent editor, I find this unfair. My childhood days were filled with other kids tattling. Again, nobody likes a tattletale. Let the people in authority report sockpuppetry as they have more experience on what to do. It also prevents unnecessary tattling on innocent editors. Robert9673 (talk) 19:53, 17 October 2009 (UTC)

The problem is that many of the 3+M articles aren't regularly patrolled by administrators, and some of these may have tempest-in-a-teapot sockpuppet activity. I also think you misunderstand the role of administrators, and I think many of us non-admins would not like to be equated with children. By the way, it's not quite true that "nobody likes a tattletale" - if I see someone in a bank bathroom putting on a mask, you bet I'm going to tell the first employee I see, and everyone in the bank including other customers will thank me for it. As an person no longer in elementary school, I hope I have the maturity and presence of mind to know when I should "tattle" and when I should "mind my own business." davidwr/(talk)/(contribs)/(e-mail) 20:10, 17 October 2009 (UTC)
Well, I'm an adult, not a child, and would rather be treated as an adult. I've filed several SPI reports and they've resulted in action being taken. Why should I have to go through a proxy? It would also create a kind of meta level of SPI, where first you take it to an admin SPI noticeboard so they could bring it here. Not a practical idea. Also, admins are editors, and adminship is apparently nothing special. And I know plenty that behave like children :) Verbal chat 20:21, 17 October 2009 (UTC)
I am not talking about the major things like bank robberies. Just minor things that kids do. For instance, let's say we have a user who thought it would be funny if they created multiple accounts. His "peer" reports him for creating multiple accounts. But this user was never officially warned that creating multiple accounts was wrong. This is what I mean that tattling can result in serious consequence for the user. It would be appropriate if the administrator would kindly tell the user that what he was doing was wrong rather than have his peer report him. In this case, the peer simply wanted him to get into trouble. Now back to my original question. How should we prevent non-admins from accusing innocent editors? It makes innocent editors feel differently towards Wikipedia after they were accused without a fair trial. Robert9673 (talk) 20:36, 17 October 2009 (UTC)
Just because you use multiple accounts and your best friend "runs to the authorities" and reports you as a sockpuppeter doesn't mean you are sockpuppeting. But suppose you were. Suppose you are a noob and your best friend said "someone wants do delete our favorite TV show from Wikipedia" and you go home and create 10 accounts and post "keep it" in the resulting AFD. Well, it is possible he will do this before being warned, but the reality is he'll probably get a {{welcome}} message that points to the WP:PILLARS. These include Wikipedia has a code of conduct, which mentions acting in good faith more than once. Deception and !vote-stacking is not acting in good faith. davidwr/(talk)/(contribs)/(e-mail) 22:37, 17 October 2009 (UTC)
The welcome message is not given to every single user. It’s possible they have left a few users out. This unfortunate user will end up as being a banned user and having to wait for one year for him to ask for ArbCom for another chance. The first time was completely injustice as no one warned this user at all. But simply the other user just wanted him into trouble. Are you honestly telling you have never heard of kids when you were young who always wanted to see kids get into trouble?
If we did a policy stating that only administrators can report sockpuppetry, it means we are telling editors to not tattle on other people. But to let the people with authority handle it. If we see a bank robbery and told someone, this is not being a tattletale. A tattletale is someone who tells every single secret he hears even if it's not important for others to know. There is a difference.
I don't see how it will hurt to have this policy. It would only protect innocent editors from being accused of sockpuppetry in the future. Robert9673 (talk) 00:23, 18 October 2009 (UTC)
I think your concerns are a bit overstated. I trust admins and the arbcom to take a "but nobody told me" as a defense at face value until shown otherwise, especially if it's accompanied by an apology and a promise not to do it again. Remember, barring an arbcom sanction, any administrator can unblock. If someone were socking heavily and got not warnings and another editor blocked all the accounts, and I was asked to unblock, I would discuss it with the person, feel the out, and ask myself if they now knew the rules and were likely to follow them in the future. I trust that most admins feel the same way. Oh, of course, I would attempt to get input from the original blocking admin. If he was adamant that the block should stay, I would probably seek a 3rd admin's opinion. davidwr/(talk)/(contribs)/(e-mail) 00:43, 18 October 2009 (UTC)
Most innocent editors aren’t sure of what to do next after they are now a banned user. They are most likely not going to tell anyone since they don’t have a clue on how to bring justice. They will probably just create another account thinking they can evade the ban. And of course this probably won’t work. And the ban becomes extended. I don’t think this is fair. We have so many sockpuppet investigations. Clearly, something is not right.
If we just did the policy, it would protect innocent editors in the future. I am not exaggerating in those examples I told. It could easily relate to another person. Robert9673 (talk) 00:58, 18 October 2009 (UTC)
I don't see how only allowing admins to report suspected socks would help innocent users who don't understand that once you are blocked you aren't allowed to create new accounts to evade the block. Far better would be notes on the talk page by the blocking admin saying how to be {{unblock}}ed. Remember, even if 10,000 people report a sockpuppet, he won't be blocked until an admin reviews the complaints and does the block. If the sock-puppetry requires checkuser intervention, that's more work that happens before the block is placed. Even then, it's not a ban, just a block - any admin can un-do it. davidwr/(talk)/(contribs)/(e-mail) 01:34, 18 October 2009 (UTC)
If we allowed "regular editors" to report sock puppetry, then we will probably most likely have tattletales. If the administrators or "teachers" reported them, we wouldn't have to worry about the inaccuracy of the reporting. It's better to be safe than sorry. Robert9673 (talk) 01:43, 18 October 2009 (UTC)
With less than 2000 active admins, there aren't enough admins for this to be practical across a project of over 3M articles. Given the number of admins we have, the choice between "admins only reporting" and "everyone allowed to report" is analogous to "allowing anyone to call the police" and "requiring a police officer to witness a crime before an arrest is made." Obviously, both extremes have potential problems. Yes, the problems you raise are legitimate. It's just that restricting the privilege to admins not only doesn't solve all of the problems you mention, it introduces additional ones. If you want to eliminate inexperienced and low-intellectual-maturity people from the pool of those who can report sockpuppetry, you would be much better off saying something like "only those with accounts at least 90 days and 1000 edits old" or "only those eligible for WP:ROLLBACK" can ask for an investigation. davidwr/(talk)/(contribs)/(e-mail) 01:51, 18 October 2009 (UTC)
It is not going to introduce additional ones. At least it will prevent innocent editors from being accused of sock puppetry. The current policy doesn't address this. How are we going to solve the issue then if we don't enforce the policy? Is there any way we can reach consensus? I would like to add this in the policy. Robert9673 (talk) 02:49, 18 October 2009 (UTC)
I don't think it's clear what you're getting at with the word "tattletales." Editors here don't generally see themselves as students or political prisoners under oppression. I believe the reason for reporting sockpuppetry is usually that an editor feels they or Wikipedia are being cheated in a way that impedes their own ability to edit reasonably. In the least flattering sense, that's like a player telling the ref he's been fouled, but not like a child "tattling" on another just to get the other child in trouble. Unless you're referring specifically to the case of editors who have completely started over, rather than those who are using multiple accounts? If so this is something you might clarify. Mackan79 (talk) 04:57, 18 October 2009 (UTC)
OK, this is getting long. Let's start over: Please concisely identify what the problem or problems are, concisely state what your proposed solution is, and concisely explain how your proposed solution will solve the problem or problems. Yes, I know I'm asking you to repeat yourself but with bullet-points it will be easier to follow your argument. davidwr/(talk)/(contribs)/(e-mail) 03:13, 18 October 2009 (UTC)
The key points:
  • We have innocent editors being accused of sock puppetry.
  • The only solution is to just have administrators to report sock puppetry. "Regular editors" who report is sometimes inaccurate and can lead to further problems for innocent editors. Their block log will always state that they were accused of sock puppetry.
  • How can we claim to represent the name of Wikipedia if we don’t uphold the most cherished principle? (Assume good faith if you don’t know)
  • We can still fight vandalism. But it takes all of us to do it the right way. Accusing innocent editors will just get them to vandalize to "get back" at us. Robert9673 (talk) 05:07, 18 October 2009 (UTC)
Ah, looking at line #2 I think you have a fundamental misunderstanding of the process: Only administrators can block, and they do not, or rather should not, block without doing their own investigation. When a "mere mortal" "reports" someone for sockpuppetry, they are asking for an investigation, or in cases where it's clear-cut, they are asking any administrator to look at the available evidence and take appropriate action. It is the responsibility of the administrator to read all the available evidence and do his own investigation before taking any action as strong and a block, or rely some other functionary such as a checkuser to do so. As discussed elsewhere, checkusers do more than check IP addresses, they check edit histories and the text of edits as well. If the administrator doesn't do this, that is a problem with the administrator, not with the policies and guidelines. If many administrators are failing to do this, it is a problem with administrator training, not with the policies and guidelines.
Now, as to your issues: Yes, we have innocent editors being accused of sock-puppetry. Most will not be blocked because the administrator will do his job and find that this is not the case. Some will be blocked because the administrator doesn't do his job or doesn't do it well. Some will be blocked because the evidence would convince any reasonable administrator that the person was in fact a sock-puppet. Some of these will result in people leaving the project in frustration, some will result in an appeal at which time new evidence will show the person is not a sock, and the block will be lifted, ideally with a note in the block log that the block was in error and should be disregarded, and some will not be lifted because the editor's new evidence is much weaker than the existing evidence that supports the sock claim. Allowing only administrators to initiate sockpuppet investigations won't eliminate this. It will reduce the number of false blocks, but it won't eliminate them. It will have the side-effect that many real socks that are reported, investigated, and blocked now won't be, to the detriment of the project.
Except for a few people who are either behaving like kids trying to get people into trouble and a few people whose wiki-inexperience leads them to make mistaken sockpuppet investigations, most reports are made in good faith and are, at least on their face, worth an administrator's time to look into.
Summary: Your concerns would be valid if non-admin-initiated sockpuppet reports routinely led to a block. They don't, at least not when admins are doing what they are supposed to do. They do lead to an investigation.
davidwr/(talk)/(contribs)/(e-mail) 13:43, 18 October 2009 (UTC)
I'm sure in that pile of sock puppetry investigation there has got to be a group of users who are evading their ban. And I'm sure their contributions are not detrimental of the project. How do we help these users? These users clearly should never have been banned. Obviously, one of their friends reported them so they didn't have the time to bring justice by asking their administrator for another chance. For them it's too late. Is there any way to let these users off the hook? Maybe we can change the policy by stating that ban-evading users who show good faith edits can resume to editing rather than waiting for an entire year. Robert9673 (talk) 16:05, 18 October 2009 (UTC)
First, a WP:BLOCK is not the same as a WP:BAN. Bans are handed down by the arbitration committee, after an investigation, typically during which time all parties get to present evidence. I doubt a "tattletale victim" who was really repentant would be subject to an arbcom proceeding and arbcom ban. A block becomes a community ban when no administrator will un-block the account. Blocked editors can edit their own talk page and use the {{unblock}} template to initiate a request for unblocking and state their case. They can also use email or, through email, appeal directly to the arbitration committee. In short, we already have mechanisms in place to address the issue of an editor who is blocked undeservedly, or whose block should not result in a community ban. As for those whose actions should result in a community ban but who have come back in "stealth" mode, the official rule is that they are treated as sockpuppets and banned on sight. The de facto rule is "if you don't attract attention to yourself, we won't hunt you down." This pretty much means staying away from the articles and discussion pages your previous account edited in, and not doing anything that attracts scrutiny, like running for administrator. Now, if after a year or two of good editing someone wanted to, say, run for administrator, they would have to fess up to arbcom who they were and beg forgiveness, possibly in a public proceeding. Of course, they take a risk asking for forgiveness: They may find their new account summarily blocked for sock-puppetry pending a discussion. I would hope that the more time since the original block, the less likely the new block would stick. The "expected outcome" would be a block for a couple weeks while the arbitrators discussed the matter, then a "parole" decision basically formally stating that the person must not repeat the mistakes of the past and possibly must stay clear of certain articles or discussions, but is otherwise in good standing. Of course, I'm not on arbcom and I don't know those people well enough to read their minds, so I could be completely wrong.
If your goal is to change policy, present a concrete proposal in a new threat here and see if it is endorsed enough to stick. Bear in mind that this could take months or years and might never happen.
If your goal is to help specific individuals, please contact the arbitration committee. Handling situations like this is part of their job. davidwr/(talk)/(contribs)/(e-mail) 17:26, 19 October 2009 (UTC)

See Wikipedia talk:Requests for adminship#Undisclosed multiple accounts and RFA. davidwr/(talk)/(contribs)/(e-mail) 23:03, 17 October 2009 (UTC)

Original or main account

That the original account or the one that becomes best known is regarded as the main account, is something that admins have been acting on for years (certainly since 2005 when I became an admin), and has been in the policy in one form or another for years too e.g. "The original or best-known account of a user that operates sock puppets may be tagged with Sockpuppeteer," from October 2007. [4] Yet now it's being removed by Mackan who is saying there is no consensus for it. SlimVirgin talk|contribs 05:38, 18 October 2009 (UTC)

I started a discussion on this above, here. Regarding this statement from 2007, I don't believe it supports your text, which referred only to the account that "originally became known to the community."[5] That the "main account" is the "best known account" would be a different standard, as for instance with Sam Blacketer which was clearly the better known account but ostensibly not the first to become known to the community. But mainly I think the quote supports my suggestion that which is the "main account" depends ("original or best-known") and is not settled. Mackan79 (talk) 05:58, 18 October 2009 (UTC)
I see no justification for expunging an established point of policy. Please return it, Mackan. Tony (talk) 06:51, 18 October 2009 (UTC)
I'm sorry? Surely you see that "best known" and "original account" are different standards. SlimVirgin has just defended the former, while the text she added (for the first time in this edit) stated the latter. If you believe one is correct, or the other, or they're the same, please explain. Mackan79 (talk) 06:56, 18 October 2009 (UTC)

Isn't this very unimportant. The point is that all accounts belong to the same person, and the person has been abusing. Just tag them all the same, and cross reference them all the same, perhaps subject to WP:DENY? --SmokeyJoe (talk) 07:02, 18 October 2009 (UTC)

The point is that admins often need to decide which is the main account -- just to be able to discuss it, or decide which sanctions to apply to which account, or how to tag them, and so on. So what we're saying here is that the account that the person originally became known by (which is often the first account, but not invariably) will be taken to be the main one. I can't see why anyone would object to this. It has been in the policy in one form or another for years, and it's what admins do, as a matter of fact. Policy is descriptive as well as prescriptive. SlimVirgin talk|contribs 07:13, 18 October 2009 (UTC)
Please support your statements about what has been in the policy, if you are going to keep making them. It's visible here where you changed the standard from one to another, this month (though as noted above you added the other standard as well). In my experience users are given the choice of which account they want to continue editing with. Sam Blacketer and Privatemusings are two users who continued not with their original accounts. In any case, I do not see how admins should be instructed on which account they can tag, discuss, or so on. Mackan79 (talk) 07:35, 18 October 2009 (UTC)

To be entirely honest, I don't always pay much attention to that rule, but only because I tend to try and report based on which account I have perceived to be the main account. An investigation often leads to discovery of other accounts which may be more or less used than the original account. User:Shuppiluliuma for example, is often considered the master account of an endless number of socks, many of which rose to their own prominence in their own right and could easily be perceived (as they were by me) as unique individuals, such as User:Flavius Belisarius which I reported as a stand alone sockmaster some years back before realizing that this account was a sock of User:Shuppiluliuma. Because we're often dealing with gut instinct and vaguely associated accounts, you just have to take your best shot at composing a report that clearly associates a group of accounts. If these accounts then turn out to be subsidiaries of an earlier report, then they can easily be merged together. Our entire process for sock reporting is overly confusing as it is... I don't see an urgent need to complicate it further by arguing over the minutiae. Hiberniantears (talk) 17:42, 18 October 2009 (UTC)

New changes to the sock puppetry policy

I just don’t understand that anyone who acts or behaves like the puppetmaster should be penalized. Why can’t we just have a policy that states if you create multiple accounts and use them for disruption then we ban all of the accounts? Clearly, it is teaching the puppetmaster to not use multiple accounts. There is no need to punish the puppetmaster by banning him for an entire year. The puppetmaster clearly gets the point to only use just one account. Why make others suffer by banning them if they act or behave like the puppetmaster. I don’t think it’s fair that other people should be banned. It just makes no sense. We should assume good faith on new users. But we don’t currently. Policy should change that ONLY the multiple accounts and the puppetmaster if they are found to be causing disruption to be banned. Robert9673 (talk) 19:18, 19 October 2009 (UTC)

May I ask what account you were previously known by? It is clear that your experiences here are not represented by your contribution history. Chillum 05:03, 20 October 2009 (UTC)
I second Chillum's request for further information. The survey as currently framed is kind of tangential, isn't it, raising more issues than it would ever solve? Tony (talk) 05:18, 20 October 2009 (UTC)
Well if you saw my previous conversations with davidwr, I was mentioning this. And he told me if I wanted to propose this, I needed to put it in another thread. Robert9673 (talk) 11:29, 20 October 2009 (UTC)
Chillum - it is not important to know what account he was previously known by, unless of course he's using multiple accounts as sockpuppets (oh the irony) or he wants to disclose it, or perhaps if he is lobbying on behalf of that account. I'm going to assume good faith here until I see a reason not to. It's far more productive to just assume the obvious: "He's not a newbie," and go from there. I will say this in the interests of completeness and humor: Chillum != davidwr, and not a meatpuppet or split-personality-thereof either. davidwr/(talk)/(contribs)/(e-mail) 14:06, 20 October 2009 (UTC)

Survey

Feel free to state your position on the proposal by beginning a new line in this section with *'''Support''' or *'''Oppose''', then sign your comment with ~~~~. Since polling is not a substitute for discussion, please explain your reasons.

Discussion

Any additional comments:

Administrators with multiple accounts

I retitled the bullet point "Administrator sock-puppets" and added some HTML comments to note the current discussions surrounding what happens if a person runs for admin but does not wish to publicly disclose those accounts. I also restored and reworded the recently-removed text, to indicate that if an undisclosed account's negative behavior would have influenced RFA or would influence a de-sysopping action, then it is likely to put the person's bit at risk. davidwr/(talk)/(contribs)/(e-mail) 00:19, 20 October 2009 (UTC)

As far as I know nobody has ever been desysoped for having undisclosed alternate accounts that were acting within the bounds of the SOCK policy. What is more there is no such policy or community practice that supports the idea. We don't desysop someone because they improved the encyclopedia with an account they did not tell us about, we do when they are evading a ban or falsely creating the appearance of more support for an idea than there actually is(ie violating this policy). Undisclosed alternate account are allowed by this policy. I am not sure where the idea came from, but if this is to be then we need a consensus for it.
Saying "Administrators who fail to disclose past accounts risk being desysopped" is a falsehood, or at the very least an overstatement. It is only those whose use of alternate/past account were in violation of community expectations. My edit was an attempt to bring this policy in line with how things actually are. Chillum 00:36, 20 October 2009 (UTC)
Agree with Chillum. Admins who sock (the word for violating this policy) risk being desyssoped, but admins who don't violate the policy have never been desyssoped simply because they did not disclose a prior or alternate account to any group, and this has never to my knowledge been stated on this page. To say that admins "risk" this is a specific statement which should be based on some support. If people want to describe current policy, that's fine, but if they want to add a provision to policy which would impact large segments of the community (however unclearly under the terms here), then they need community consensus for doing it. Mackan79 (talk) 01:32, 20 October 2009 (UTC)
You can violate other policies and practices, such as minor vandalism that gets you warned but not blocked or simply being an ass, without violating sockpuppetry. You can also have accounts that were blocked then un-blocked but not disclosed during your RFA. I haven't checked my history thoroughly, but I think at least a few administrators have resigned under unfavorable circumstances surrounding non-sock bad behavior from other accounts.
Yes, I agree, if you have multiple secret accounts and all have clean edit histories and they stay clean, it won't be a problem.
davidwr/(talk)/(contribs)/(e-mail) 02:28, 20 October 2009 (UTC)
But being an ass with an alternate account does violate this policy, where it contrasts with the account used to gain adminship. That's good hand/bad hand activity. Let's be clear that a person does not have to violate another policy with either account to violate this policy; we define here a whole series of things that abuse just the use of alternate accounts. Of course people could still be sanctioned also for reasons that we don't foresee, but we shouldn't make it sound here like they can be sanctioned without any specific reason beyond that they had another account, when as you agree that isn't the case. Mackan79 (talk) 04:39, 20 October 2009 (UTC)
Mackan is right, using an alternate account to avoid scrutiny is a violation of this policy. I think the wording of the policy should reflect the fact that admins who violate the sock puppetry policy are often sanctioned, it should not however indicate that an alternate account that is respecting the policy would get you desysoped. Such a statement is patently untrue, it has never happened and no part of policy or any consensus I have seen suggests it, rather policy explicitly allows such alternate accounts. I think we both basically agree and that is may simply be the wording that is an issue. Chillum 04:59, 20 October 2009 (UTC)
I agree with Chillum here. On a related issue, I see talk above of the violation of other policies (even significant violations such as CIVILITY and 3RR) by an alt account. Why is it that a user can spread the block log around more than one account, as it were, without falling foul of this policy? Block records are often perused by admins and arbcom WRT potential further damage to the project (and thus the determination of appropriate blocking action). Perhaps I'm a little confused. Tony (talk) 05:16, 20 October 2009 (UTC)
That's a difficult issue in my view, and one I have vague intentions of addressing at some point in more detail. For banned editors, obviously the answer is that they cannot edit with another account. For editors under specific sanctions, I think similarly that policy must require the editor to disclose this when running for RfA. E.g., I don't believe that sanctions automatically prohibit an editor from starting another account to edit within the terms of their sanction, but if the editor wanted to run for RfA I think this would need to be disclosed. Regarding past sanctions or individual blocks, I think this is less clear. I know of repeatedly blocked editors who have switched accounts, sometimes repeatedly, and continued to be controversial. These were generally disclosed, to the extent that would be seen to alleviate the issue. On the other hand, the concept of "clean start" implies that an editor had a rough start, and that they are starting over. Perhaps then the requirement is that it is "clean," and not "dirty." My general concern, which I have some intentions to raise (if I knew where to, perhaps), is whether the approach to Wikipedia's block logs is good as a general matter. A block can be for anything, may be mistaken, or may be problematic for other reasons; it may have been overruled by consensus, or lifted. There is no way to appeal a log entry. Yet the notation is currently permanent, and more easily available than ArbCom sanctions. My feeling is that this is problematic, and may indeed be a hamper to effective rehabilitation, and therefore a cause of continued disregard for this policy; in fact, there's reason to think the entire scandal with Sam Blacketer was a direct result of this.[6] Of relevance here, I'd suggest it's a major force behind the entire "clean start" culture that's at the heart of some of the recent concerns, and I'd guess the primary reason people don't just push through a bad start and prove their value as editors. That isn't primarily an issue for here, but maybe provides a few thoughts for your question. Mackan79 (talk) 07:03, 20 October 2009 (UTC)

Rationale for making a disclosure

Regarding:

Editors who use more than one account are advised to provide links between them on the user pages (see below), in order to avoid them being identified as sock puppets.

reinserted by Mackan79 "Replace second clause (I think unintentionally removed again), hopefully we aren't going in circles"

No, to my knowledge, this has not been explicitly discussed before.

I think the bold words should not be there. I think it is not correct, or if it is partially correct, it is one of several reasons. Better reasons for providing links between separate accounts on the user page are:

  • Because this policy recommends it (good guidance for the newcomer)
  • Because it is open and honest. Openness and honesty are behaviours that are good for a happy and collaborative community.
  • Because if you don't, and you inadvertently (or not!) cross the streams, then you'll have deceived the community, hurting the level of trust amongst the community generally.

The reason "in order to avoid them being identified as sock puppets" is incorrect is because a better way to avoid being identified as a sock puppet is to not behave as a sock puppeteer. Also, the checkusers don't, as a rule, disclose information for accidental or some kind og good faith sock puppetry without warning the person.

If we're going to present the reasons for disclosure, then let's present real reasons. --SmokeyJoe (talk) 08:35, 20 October 2009 (UTC)

I don't mind adding reasons that we agree on. By "being identified," I had in mind mostly the situation where a new account shows up knowing too much, seeming too familiar, or so on. In that situation people often make accusations, so it would make sense if you want to avoid this to put up a notice. But of course some editors have valid reasons which preclude public disclosure, and are conscientious and careful enough not to do anything deceptive; this is why I think it's important to give some purpose, so it doesn't appear that we're saying people should do this just because we're telling them to. A qualification of some sort would do the same job, such as "Editors are generally advised." Ideal would be something like "...may be appropriate," such as "The use of a notification template may be appropriate to comply with this policy." This might be clearer, and less suggestive. Mackan79 (talk) 09:03, 20 October 2009 (UTC)

SlimVirgin and "disclose the accounts privately to the ..."

Hi SlimVirgin,

I don't understand your insistence on reinserting the old disclosure advice [7], and why you won't enter into discussion on the talk page.

It is bad advice because a genuine reason for using an undisclosed alternative account is due to sensitive and private reasons. Advising that such information be sent by email is bad because normal email is terribly insecure, especially when from remote locations. On this point, why won't you consider it better to advise people to use the email function to advise User:Arbitration Committee, and even better, to do so while logged in secure.

The other reason it is bad is because the recipients, in particular the arbs, are not agents of the WMF, and are not tied to the WMF privacy policy. No one should ever be asked to disclose private information without a privacy policy in effect. In contrast, the CUs are explicitly tied to a privacy policy. At WT:SOCK, several people have explicitly agreed with me, and no one, not even you, has disagreed.

Further supporting reasons for disclosing to CUs are:

  • Concerning themselves with alternate use of accounts is the job of the CUs, not the arbs. Disclosing to the arbs leaves out most of the CUs.
  • en.wikipedia policies spill into the other wikipedias, and not all of them have well functioning, respects arbs, but all of them have only approved CUs.
  • I understand that the arb and functionaries email list is already overloaded with stuff that doesn't need to go there. It is better to focus communications to where they are wanted.

--SmokeyJoe (talk) 21:39, 20 October 2009 (UTC)

I support some version of this text. While I'm not picky what text goes there, it should reflect either current practice or recommended practice. I think the current practice for confidential accounts is to either do nothing and do nothing to invite scrutiny (including running SPA accounts or running for admin) or email arbcom so someone in authority knows you aren't hiding. Whether that email is through traditional, non-secure channels or through logged-in-secure/Special:Email is only relevant if you think your outgoing mail is compromised. I don't know if there is a consensus for a recommended practice.
However, removing it and not putting anything in its place is a bad idea - it basically tells people "if you have 2 accounts and don't publicly link them you risk being called a sockpuppet" without providing an "out." Relevant edits by me: here, here, here, and here. davidwr/(talk)/(contribs)/(e-mail) 22:10, 20 October 2009 (UTC)
Note:I've tagged the relevant paragraph as being under discussion. davidwr/(talk)/(contribs)/(e-mail) 22:19, 20 October 2009 (UTC)
Smokey, I don't understand your reasoning. If you want to advise people instead to email ArbCom in some other way, then add that. But we can't remove it because of paranoia that a developer somewhere, or some hacker, is reading emails, if that was your concern (I didn't really understand what you were saying, especially about email being insecure from "remote locations"). And we're not talking about private information, as has been explained to you before, but alternative account names. SlimVirgin talk|contribs
Also, I have a concern that Smokey is reverting a lot on this policy, yet has made only 230 edits to articles since 2006. [8] Now, Smokey, either you're not really involved in WP and have therefore no reason to care about this policy, or you yourself are using other accounts. You're not supposed to use alternate accounts to edit policies, as the page says. SlimVirgin talk|contribs 22:43, 20 October 2009 (UTC)
What if this is his main account and his other 3,141 accounts have under 200 edits each *joke* *nooodon'thitmeIwasjustkiddingnoooo* remember folks: WP:AGF davidwr/(talk)/(contribs)/(e-mail) 22:57, 20 October 2009 (UTC)
To the contrary, editors should not be making careless attacks on other editor's contribution histories simply because their unexplained edits are reverted. I do not see that SmokeyJoe has reverted much at all, and anyone who looks at his contribs can easily see that he is quite involved in many aspects of the project. He's certainly been better than some about explaining his edits. The comment is baseless and out of place. Mackan79 (talk) 00:33, 21 October 2009 (UTC)
Sending private information through e-mail is not a very good idea, it is far from secure. Special:Email through https is only secure one one end, who knows what servers it will go through in plain text before arriving. Also, I don't see this as the job of arbcom, has anyone even gotten their opinion on if they want to be the custodians of alternate accounts? Telling a checkuser about your alternate account is a good idea if you are worried there might be a misunderstanding, but it is not really needed as checkusers are not going to do anything to you if your alternate account is following this policy even if they do uncover you. Chillum 23:23, 20 October 2009 (UTC)


(ec) to Chillum. We're not saying people have to tell, only that they're advised to. And it's not about private information, but account names, which aren't covered by the privacy policy unless, I suppose, they give away private information, but even then I'm not sure they'd be covered. I think the point of the advice, Chillum, is that if you tell the ArbCom you've set up User:A, then you're not likely to try to use User:A to circumvent policy, and if you do inadvertently, there's someone in theory who can point it out to you. So it's a safeguard of a sort. SlimVirgin talk|contribs 23:52, 20 October 2009 (UTC)
What??? I thought the purpose of the section was to avoid misunderstandings. Anyone who sets up User:A to circumvent policy is not exactly going to be the type to report themselves. It is like asking all the local shoplifters to register their names at the corner store, it is not going to happen. The only sane reason to make this sort of report to a checkuser would be to avoid said checkusers from mistaking you for a sock pupptet, I am not sure why anyone would report it to arbcom as they don't handle sock puppet investigations normally. If you are just looking for a safeguard against good faith errors then any trusted friend will do, no need to bring in any authority figure. And yes, if you do not wish to link your username for privacy reasons then it is indeed private information. I would not use e-mail for anything I would not post publicly. Chillum 00:51, 21 October 2009 (UTC)
It's not like asking all shoplifters to register. It's like asking all shoppers to register. :) SlimVirgin talk|contribs 01:04, 21 October 2009 (UTC)
David, I don't mind about changing to secure wikimedia, [9] but I just wondered what difference it would make in this context. SlimVirgin talk|contribs 00:41, 21 October 2009 (UTC)
There was some discussion here or elsewhere where someone said email was insecure. The implication was that people could sniff the wire. While someone could sniff the wire anywhere on the Interwebs, if someone has security issues they might be concerned with their employer, local library, family member, or in some cases, government sniffing the wire. Providing instructions to connect to the Wikipedia secure email server gets them past that hurdle. In retrospect, and in light of some more recent comments the suggested insecurity of email was probably hinting that email "leaks" after it hits the intended recipient's eyeballs. There is nothing anyone can do about that, the fault, if it exists, doesn't lie with the medium but the messengee. I solve that problem with liberal uses of this tool. davidwr/(talk)/(contribs)/(e-mail) 03:40, 21 October 2009 (UTC)

I agree with others that it is poor advice to someone who is not familiar with Wikipedia, or even who is, that they simply email private information to the Arbitration Committee. The fact that this would not be covered by the privacy policy may be all the more reason it's a bad idea, as there is no guarantee the information will be protected, and editors should not be placed under the impression that it will be. I have communicated with ArbCom, and have reason to think information has gone to people it shouldn't have, and have communicated information about my personal identity that was also shared to an extent that I think wasn't appropriate. Mailing lists have been compromised by sockpuppets. This isn't a matter where ArbCom can't be trusted to retain information provided; it's where it isn't even their policy to do so. I think the "advised" language is also more pushy than is appropriate at the same time as being confusing as to what it denotes, but all of these are reasons to word this differently. Mackan79 (talk) 00:50, 21 October 2009 (UTC)

Indeed, despite best intentions Wikipedia has a poor track record of keeping secrets. Privacy is achieved, not given out. Chillum 00:57, 21 October 2009 (UTC)


In this case, I considered the removal justified because the text was flawed. It’s strongest supporting point was that it’s been there for a long time. I think one should be much more tentative about inserted new text to policy. I did try to improve the advice, by changing arb com to CUs, but the changes were reverted by SV, albeit amongst a large number of simultaneous changes. Given that SV was reverting my “improvements”, I have held back from actually inserting stuff, to discuss on this talk page instead. Yes, better advice should go back in.

“And we're not talking about private information, as has been explained to you before, but alternative account names”. Someone said something like that to me, yes, and I read it several times, but it doesn’t make sense to me. In disclosing a secret alternative account, it is likely that you should include a justification, which will involve divulging information that you have chosen not to reveal. The disclosure is likely to contain sensitive personal information. Perhaps you are thinking that a disclosure requires no justification, merely a statement that “account X” & “account Y” belong to a single person? If so, then what do you really think the arbs/CUs are supposed to do with the information. I suspect that I am thinking of real world experts/professionals, usually sporadic editors, while others seem to be focused on teenagers and undergraduates.

There is more to wikipedia than its contents. The behind the scenes community of editors, resources, rules, and customs is what made wikipedia, and is important to its future success. At the moment, I consider this policy to be a defect that is hurting the development of the project. Others also say that it doesn’t work.

I consider myself to be an objective outsider on this page, with no hidden agenda. The comments added since composing this suggest that the concerns I’ve brought up are not mine alone. --SmokeyJoe (talk) 01:14, 21 October 2009 (UTC)

It's a question of protecting yourself and not looking sneaky. I set up an account a few months ago to make a small number of edits to a contentious article of a sexual nature, something that I didn't particularly want in my contribs, but I had some academic information about it that I wanted to add. So I set up the account, told the ArbCom and the main contributors, and that was that. I didn't divulge any private information. I just said, User:X is me. That's the kind of thing we're talking about. And again, we are only advising people to do it. Anyone who doesn't want to increases their risk of being accused of socking. That's just a fact, not something this policy can change. But if people want to assume that risk, that's obviously up to them. SlimVirgin talk|contribs 01:28, 21 October 2009 (UTC)
Okay, but nothing there says why you should tell arb com as opposed to the CUs, why default advice shouldn’t be use to the secure server, and why disclosures shouldn’t be covered by a privacy policy. It does not address my point that the text you just reinserted is, for some cases, bad advice.
Suppose you wish to hide your real world identity, and those academic points were significant crumbs that point to your real world identity. You’ve now told people not known to you, some of whom are not tied to a privacy policy. When the information leaks, and the pieces are helpfully collected together by some anonymous observer, you’ll have no recourse. --SmokeyJoe (talk) 01:50, 21 October 2009 (UTC)
If someone is hiding his identity to the point where he daren't even allow crumbs about it to fall into the hands of the ArbCom, then I would say that he ought not to be editing any article even remotely connected to him, or with an account name that anyone could connect, or an IP that anyone could connect. We can't write policies for the kinds of extreme situations you're imagining. Perhaps you could write an essay about security, or link to one that someone else has written, and we can add a link to the policy for people in similar situations.
Also, I'm not seeing the Arb v checkuser distinction you're making. The policy says you are advised to contact one or the other. You can choose (or choose to tell neither). SlimVirgin talk|contribs 01:56, 21 October 2009 (UTC)
he ought not to be editing any article even remotely connected to him'” Disagree with your direction here. I think we should bend over backwards to entice knowledgeable people to edit wikipedia. We should make it easy to edit anonymously. If disclosure is a good idea, the information disclosed should, by default, be secure and covered by a privacy policy such as m:Checkuser#Privacy_policy. This is not so extreme. The system is already in place. The membership is vetted according to WMF policy. There is even the m:Ombudsman_commission already in place. These privacy concerns are already considered and addressed. It is this policy page that is stagnate. --SmokeyJoe (talk) 02:16, 21 October 2009 (UTC)
  • This talk of the privacy policy is a red herring, and it's been going on for weeks. (1) That User:A is User:B is not covered by the privacy policy, unless perhaps (but only perhaps) one of the names reveals personal information. (2) Everyone with access to CU is covered by the privacy policy, so if you want to trust that policy, it's safe to tell CUs. However (3), if information you pass to a CU turns up somewhere else, you are going to have to prove that the CU was responsible for a leak, and not that it got out in some other way. So sadly (4) the privacy policy is close to useless in this context. It's therefore pointless thinking in terms of it, and is really not relevant to how we write this policy. The issue of privacy might be relevant, but not the policy, so Smokey, you should really say what your substantive concerns are about that sentence. If you want to ignore it, you can, so why are you trying to remove it?

    David, did you see my question above about what difference it makes using the secure wikimedia link? SlimVirgin talk|contribs 03:04, 21 October 2009 (UTC)

  • RE (1). Yes. Obviously. That is the concern. Every concerns here stems from a case where one of the accounts is linked, or linkable, to private information.

    (2) Everyone with access to CU is covered by the privacy policy, but only with regard to information obtained through being a checkuser. It is not a viral policy. Arbs don’t necessarily have CU access. Nor are they even necessarily known to the WMF.

    (3) Goes to my point. If you send information to non-CUs, you shouldn’t expect your information to be protected.

    (4) No, that doesn’t follow. If the privacy policy applies, it applies.

    My concern with the sentence is that it encourages a foolish thing, specifically the unprotected disclosure of personal information. Not generally, but in some cases.

  • RE: question to David: Using the secure wikimedia link closes the biggest security hole here. It helps a lot for someone sending information from China, or Antarctica. --SmokeyJoe (talk) 03:51, 21 October 2009 (UTC)
But what do you mean, if the policy applies, it applies? If there is a leak, the onus is on you to prove that the leak occurred because of a checkuser, and even if you manage to do that, it's an uphill struggle to get anyone to take action. There would have to be a serious consequence, and you'd probably have to show intent, or crass stupidity. If it was just an accident, no one will act.
Surely the sensible thing, if you have these concerns, is not to use an account that links to your identity.
What I suggest is that we add a footnote outlining your issues, and specifically that there may be some Arbs who are not covered by the privacy policy, in which case it would be safer to email the CU list (though myself I would say it's the other way round, simply because the CU list is larger). SlimVirgin talk|contribs 03:59, 21 October 2009 (UTC)
This is still misleading, given that the privacy policy is not recognized to protect this type of information, especially when the arbitration committee has not requested it. Meanwhile the entire assumption that the account is expected to invite scrutiny remains one that pushes the boundaries of this policy to begin with, and for which private disclosure is not an appropriate remedy. Indeed, you suggest above for a controversial topic to inform the committee and the "main editors" of an article; let me suggest that the better solution would be a public notice or no notice at all, given that the appearance to others may well otherwise be confusing and disconcerting. Which leaves the more realistic purpose of such a provision, not to protect, but to imply that editors should be in communication with the Arbitration Committee on this issue. The only problem being that this isn't exactly advice. Mackan79 (talk) 05:36, 21 October 2009 (UTC)

Suggestion

To allay the security concerns above, I suggest we add a footnote after the disputed sentence, so it would read:

Editors who use more than one account are advised to provide links between them on the user pages (see below), or disclose the accounts privately to the Arbitration Committee (arbcom-l lists.wikimedia.org) or functionaries mailing list (functionaries-en lists.wikimedia.org), to avoid them being identified as sock puppets.<ref>Users with particular privacy concerns should note that all users with access to the checkuser tool are bound by the Wikimedia Foundation's privacy policy. If you have additional concerns about the security of e-mails, consider logging into Wikipedia's secure server, then email the arbitration committee or anyone with checkuser rights.</ref>

SlimVirgin talk|contribs 06:12, 21 October 2009 (UTC)


Wouldn’t it be better, simpler, and easier all-round to have the checkusers nominate an account (I suggest User:CheckUsers) and have the “E-mail this user” forward the communication to a secure, central location for easy access by all the checkusers.

This would mean that simple, one step advice can be provided (KISS, unlike the above). The information goes where it is wanted. It reduces spamming to the arbs and functionaries list. The arbs and non-checkuser functionaries don’t need such information, unless a checkuser thinks otherwise. --SmokeyJoe (talk) 07:31, 21 October 2009 (UTC)

  • Comment to overall discussion above: The exact text or placement of text isn't that important to me. What is important is that people are aware that 1) if they have a completely undisclosed account, there could be issues even if their editing is stellar, and 2) there is a recommended way to privately disclose an account in a reasonably safe manner. Including a means to increase the safety of email via a secure web page is a preferred but not essential for this page. davidwr/(talk)/(contribs)/(e-mail) 14:02, 21 October 2009 (UTC)
Telling people that they can use the secure e-mail if there are concerns about the security of e-mail is giving a false sense of security. E-mail is not secure! Not even if you use a secure server to send it. It goes out in plaintext as soon as it leaves Wikipedia for its recipient. Depending on who the recipient's e-mail provider is the message can go through several servers controlled by several people in plain text. We should not give people the impression that sending e-mail is secure, if anything we should warn them it is not. It would take me about 5 minutes of hacking to start reading random people's e-mails(even ones sent from a secure https form). Beyond the false insinuation that the https e-mail form is secure I support the wording as long as it is clear that such disclosure is voluntary. Chillum 14:16, 21 October 2009 (UTC)
Davidwr, I am wondering what bad thing you think will happen if your editing is stellar? I think the checkusers are a bright bunch and are not going to take any action unless they see some sort of policy violation. If your actions are such that they are likely to be misinterpreted that is one thing, but if your edits are "stellar" I think there is nothing to worry about as the CUs will not see any violation. Chillum 14:24, 21 October 2009 (UTC)
Pehaps I overstated things when I said "stellar." Consider two scenarios: 1) An established editor who occasionally gets into arguments on a particular heated topic and goes 2RR at least twice a month on articles in that topic, and occasionally flames editors on their talk pages, but nothing too serious. Nothing so serious that any administrator will do more than give him a gentle warning given the overall history of the account. It's clear that such edits are a small minority of his edits. Consider the same editor who segregates his edits into two accounts. One account appears to be a person focused on a narrow topic who occasionally gets hot-headed about it despite repeated warnings to calm down. Yes, he stays just this side of 3RR, but his overall tone is not exactly friendly and although he isn't exactly evil a disporportionate number of the account's edits are reversions or bitey comments on discussion pages. He finds himself at editor review more than once and eventually gets blocked for a day by a fed-up administrator or hauled to arbcom. During the course of the proceedings, someone realizes X is likely Y and decides to ask for a checkuser, claiming X used Y to edit while blocked under another account. The checkuser reports "confirmed - X is Y and edited while blocked, a violation of policy" and another administrator blocks Y to enforce the block on X, or blocks both accounts for the sin of editing while blocked. davidwr/(talk)/(contribs)/(e-mail) 14:55, 21 October 2009 (UTC)
If someone used account Y to edit while account X is blocked then they are in violation of this policy and should be blocked for block evasion. If any one of your accounts are blocked then you need to stop using all of them until it has expired. If they are not evading blocks or violating this policy then the check user will not do anything about it. Pre-declaring your account would certainly get you busted for block evasion faster, but then those who are going to evade their blocks are not going to report themselves are they? If they do not respect one part of the policy they are hardly likely to follow advice likely to get them caught.
Once again if you are just trying to avoid honest mistakes then any trusted friend will do, no need to burden our busy arbcom. Chillum 23:56, 21 October 2009 (UTC)
On the security of email: Email can leak in several places: End-to-end encrypted mail can leak at either end. Email that is encrypted up to a point can leak from that point to the destination as well as at either end. Unencrypted email can leak anywhere. Compare this to a message posted on a secure-access-only blog or wiki: It can only leak at the ends or at the hosting site.
Arbitrators presumably use the arbitrator mailing list for internal communications. If emails sent to those addresses is not secure enough for them to use, we have much bigger problems than worrying about encouraging users to email those lists. In other words, if the arbitrators' email accounts are secure enough for them to have confidential discussions on, it's presumably secure enough for me to email, provided I can send mail in a way that meets my security comfort level. If I cannot trust my outgoing mail to be secure though, then I need a secure way to pass it off to a middle-man who can then send it to the mailing list in a way that is at least as trustworthy as the inter-arbitrator mail sent to the list.
If your concern is about the security of the arbitrator mailing list itself, please raise the issue on WT:ARBCOM, that's where the discussion belongs. davidwr/(talk)/(contribs)/(e-mail) 15:04, 21 October 2009 (UTC)
I have no concern about the security of arbcom e-mail, my concern is that the wording does not imply that that using the https form is somehow secure. A false sense of security can be very disruptive to... well, security. Mailing lists are of course less secure than a single address as it has multiple points of failure. I have seen posts to that mailing list on WR before and I know that some non-arbs have had access to that list in the past, not confidence inspiring. Perhaps arbcom could release a public GPG key for the truly concerned. Chillum 23:53, 21 October 2009 (UTC)

Let me question again what the value is to this, even if a person was secure in emailing information about themselves to the Arbitration Committee. The major problem I see is that, even as advice, this has not been shown in any way to be in the individual's interests to do. In my personal view it is not in anyone's interests, except specifically for those users who are in close contact with members of the committee, and believe they can rely on such members to step into a situation and vouch for that individual. This is true for a small minority, and I am not sure that it is helpful, that the Committee should be placed in this position, or so on. If this is good advice, I think we need a better explanation of why. Mackan79 (talk) 19:40, 21 October 2009 (UTC)

I really don't get why one would use arbcom. It is not their job and I have seen no indication from them that they even want this added responsibility. If anything a checkuser would be the group to confide in because they are used to handling privacy issues and they are the folks that are going to be investigating any claim against you. Once again, any honest friend can help you avoid an honest mistake, and those who intentionally violate the policy are not going to report themselves. This whole thing makes no sense to me. Chillum 00:02, 22 October 2009 (UTC)


On further thought, agreeing with Chillum’s, and Mackan’s comments, I don’t think any such advice should go in. Too many people are oblivious to security issues, including recipients. No recipient is on record as saying they want the information. There is no statement or policy covering how the information disclosed with be treated, used, or stored. To give such advice broadly is immoral. I dispute it’s presence in a policy page, and think it should be removed.

I would prefer instead (recalling Harej’s suggestion months ago):

An entirely different suggestion

Do not use undisclosed alternative accounts without very good reason. If you must, do so only with care. Note that if you are found to be behaving abusively, m:Privacy_policy#Access_to_and_release_of_personally_identifiable_information point /6, releases Wikipedia from obligation to protect your anonymity, and it is likely that all of your accounts will be blocked and publicly linked.

--SmokeyJoe (talk) 03:24, 22 October 2009 (UTC)

I agree with this edit. It is much better advice to anyone seeking to protect their privacy while also being good advice to those seeking to violate the policy. Chillum 04:08, 22 October 2009 (UTC)
This should go in whether or not advice to email arbcom/checkuser is put in or left out. Whether it fits better near the top or down in the body of the article is something to be explored - remember, policy/guideline intros, like article intros, should be summary statements. davidwr/(talk)/(contribs)/(e-mail) 04:12, 22 October 2009 (UTC)
I agree that this improvement should not be at the exclusion of future improvements. Chillum 04:38, 22 October 2009 (UTC)
This is better advice. My only concern would be with the first sentence, which could suggest that editors are encouraged to evaluate the extent of an editor's "very good reasons." The real question should be whether there is abuse. I might suggest, "Undisclosed alternate accounts should be used only with great care. Note that if you are found to be behaving abusively...."Mackan79 (talk) 05:19, 22 October 2009 (UTC)
I like "very good reasons" because it is clear that the bar is high, and that it is up to you, yourself, to decide. These words have worked well at WP:UP/10 where, in my opinion, they have lead to very good commonsense interpretation at WP:MFD. I also think that second person active tense is appropriate for this subject. This advice is for *you*, not someone else. --SmokeyJoe (talk) 05:41, 22 October 2009 (UTC)
But on UP/10, which is about retaining negative material about other editors on your user page, clearly others do evaluate the strength of the reasons for retaining such information. You couldn't insist your reasons are personal. Don't you agree that a person's reasoning isn't required here? I can't imagine where someone who uncovers this kind of situation should be demanding a very good explanation for why someone had to use an alternate account. It's another case where lying would be trivial, among other things, but mostly it's an invitation to pry into issues that can't be our business. As a matter of practice, it certainly isn't required. I think it's quite important to stick to objective criteria that have to do with the nature of the use, not inquiries into subjective concerns. I don't think you intend otherwise, of course, but it is a pretty clear problem with the language. Mackan79 (talk) 06:00, 22 October 2009 (UTC)


I don't think much of FT2's edit here.

  1. The inserted "and action taken" is obvious and thus unnecessary.
  2. Removing the specific reference to point 6/ looses precise information and diminishes the effect.
  3. Changing "Wikipedia" to "other Wikipedians" makes the advice untrue. As an ordinary Wikipedian, you are not bound by the WMF privacy policy. Only the WMF, its employees and agents with access to private data (such as checkuser data) are bound by the privacy policy.
  4. The caveat "when addressing abuse" serves no clear purpose. It is not the wording of m:Privacy_policy#Access_to_and_release_of_personally_identifiable_information point /6, and thus creates unnecessary confusion. --SmokeyJoe (talk) 09:23, 30 October 2009 (UTC)
Comments:
  1. Agree
  2. Disagree - we don't need to cite a specific point number to make clear it's in privacy policy. More, adding that detail makes the sentence "flow" less well, which isn't good for communicating the actual information.
  3. Disagree strongly. "Wikipedia" doesn't take actions. Individual users in the community - in this case checkusers, admins, arbitrators etc - do. To say "Wikipedia does/doesn't do something" is to say there is a body called "Wikipedia" that exists and makes decisions as a separate being, in its own right. That's dangerously misleading; the division of WMF from individual users is important.
  4. Disagree strongly again. It's important that privacy policy only ceases to protect anonymity when the user is addressing abuse; not generally otherwise. Example, a checkuser is not empowered by that policy to disclose someone's otherwise-unknown IP or link it, unless addressing abuse. They do not otherwise have that discretion.
FT2 (Talk | email) 22:21, 2 November 2009 (UTC)
OK. --SmokeyJoe (talk) 05:21, 3 November 2009 (UTC)