From: (jayjg)
Date: Fri, 24 Aug 2007 17:37:58 -0400
Subject: [Arbcom-l] [Fwd: The Skinny on SlimVirgin's abusive
sockpuppetry]

On 8/24/07, Matthew Brown wrote:
>
> As I recall, these oversights in question were among the first uses of
> the tool (let me know if I'm mistaken)

Correct.

> and possibly set the precedent
> for other oversighters to believe removing IP edits was appropriate in
> practice.

I don't think that's the case. It was done before by developers; it
was they who set the precedent, and who also wanted an easier way of
doing it that removed the burden from them.
----------

From: (jayjg)
Date: Fri, 24 Aug 2007 17:39:10 -0400
Subject: [Arbcom-l] [Fwd: The Skinny on SlimVirgin's abusive
sockpuppetry]

On 8/24/07, Matthew Brown wrote:
> On 8/24/07, Jimmy Wales wrote:
> > In the current case, he has evidence, evidence which looks to me
> > reasonably compelling. Certainly, let me put it this way: people are
> > indef blocked daily at Wikipedia on evidence slimmer than this.
>
> Generally speaking, an editor would be given a short block and a
> warning in such a case, unless they already had a history of trouble.
> Some gung-ho admins might block for longer, but IMO they should not
> and such blocks tend to be reversed.
>
> No blocks would be issued on 3 year old sockpuppetry in such a limited fashion.
>
> I would suspect that some would call for de-adminship in such a case.
> However, I'm not sure it would be successful considering the age and
> apparent non-recurrence of the conduct, as well as the fact that the
> double-voting didn't appear to have changed anything.
>
> I do think that the edits that were oversighted in this case should be
> restored. There is no longer a case for secrecy, and there is much
> case for openness.

What message would the restoring send, and to what audiences? I think
we should think carefully about that.
----------

From: charles.r.matthews
Date: Fri, 24 Aug 2007 22:44:32 +0100
Subject: [Arbcom-l] "Wikipedia's response to cyberstalking" - SlimVirgin
speaks out

Just when it was going quieter. Has everyone on this list seen this mail from SlimVirgin? I thought I'd ask before discussing the content.

Charles
----------

From: (Matthew Brown)
Date: Fri, 24 Aug 2007 14:56:42 -0700
Subject: [Arbcom-l] [Fwd: The Skinny on SlimVirgin's abusive
sockpuppetry]

On 8/24/07, jayjg wrote:
> On 8/24/07, Matthew Brown wrote:
> > and possibly set the precedent
> > for other oversighters to believe removing IP edits was appropriate in
> > practice.
>
> I don't think that's the case. It was done before by developers; it
> was they who set the precedent, and who also wanted an easier way of
> doing it that removed the burden from them.

Thanks for the clarification. Therefore, it was part of the
unofficial policy-in-practice from before the availability of
Oversight.

I still feel that it needs to be clarified what exactly we will or
won't do in terms of hiding IP addresses. It's certainly not
explicitly in the policy, although it could arguably be inferred from
it.

-Matt
----------

From: (Theresa Knott)
Date: Fri, 24 Aug 2007 22:57:10 +0100
Subject: [Arbcom-l] "Wikipedia's response to cyberstalking" - SlimVirgin
speaks out

On 8/24/07, charles.r.matthews wrote:
> Just when it was going quieter. Has everyone on this list seen this mail from SlimVirgin? I thought I'd ask before discussing the content.

I've seen it.

Theresa
-----------

From: (Timothy Titcomb)
Date: Fri, 24 Aug 2007 17:57:20 -0400
Subject: [Arbcom-l] "Wikipedia's response to cyberstalking" - SlimVirgin
speaks out

On Aug 24, 2007, at 5:44 PM, <charles.r.matthews> wrote:

> Just when it was going quieter. Has everyone on this list seen this
> mail from SlimVirgin? I thought I'd ask before discussing the content.

I've read it.

P
-----------

From: (James Forrester)
Date: Fri, 24 Aug 2007 22:57:39 +0100
Subject: [Arbcom-l] [Fwd: The Skinny on SlimVirgin's abusive
sockpuppetry]

On 24/08/07, Matthew Brown wrote:
> On 8/24/07, David Gerard wrote:
> > Mind you, I'm tempted to edit the anon edit message to be clearly and
> > visibly different ...
>
> We need to ensure that getting inadvertently logged out and causing an
> IP-revealing edit to be made is a lot harder than it is. If we made
> it hard to do, we wouldn't get nearly as many oversight requests
> wishing for it. It is frankly a big grey area in our oversight policy
> - a little outside the wording, but arguably within the spirit, and
> fervently desired by many users who make that mistake. We should (a)
> make it hard to do, and (b) clarify oversight policy about that
> situation - either explicitly forbid it or add it to the allowed
> reasons.

Thinking about the future, what about a (*very* carefully used) tool
to merge user accounts and their contributions, and IP's
contributions, too? This would keep the transparency whilst also
removing the source of many of the OS requests. Note that this is a
reasonably-core functionality for SUL, so shouldn't be beyond
reasonability (though may take some time). Security would be along the
same level as the import functionality, given the ease of screwing up
attribution (our main piece of meta-data, and vitally important to
avoid poisoning the well), but that's just asking for very big red
text with flashing lights saying "Are you sure?". :-)

> As I recall, these oversights in question were among the first uses of
> the tool (let me know if I'm mistaken) and possibly set the precedent
> for other oversighters to believe removing IP edits was appropriate in
> practice.

Yes. IHTS that I've never been comfortable with helping people who
fail to notice significant changes in their edit token status (FFS, it
removes the "minor edit" box - if you don't notice that, you're likely
posting without fully thinking through your edits).

Yrs,
--
James D. Forrester
----------

From: (Matthew Brown)
Date: Fri, 24 Aug 2007 15:02:17 -0700
Subject: [Arbcom-l] [Fwd: The Skinny on SlimVirgin's abusive
sockpuppetry]

On 8/24/07, James Forrester wrote:
> Yes. IHTS that I've never been comfortable with helping people who
> fail to notice significant changes in their edit token status (FFS, it
> removes the "minor edit" box - if you don't notice that, you're likely
> posting without fully thinking through your edits).

Not in the case where the edit page was loaded logged-in but the user
is logged out between then and submitting the edit, which I believe
can happen - since that's hard to simulate, I'm not absolutely sure.

I'd imagine that most editors would only notice the lack of the
'minor edit' checkbox if they were going to use it; I'm pretty sure
90% of the time I wouldn't notice. I double-check my words, not the
presentation of the edit web page.

-Matt
-----------

From: (Matthew Brown)
Date: Fri, 24 Aug 2007 15:02:54 -0700
Subject: [Arbcom-l] "Wikipedia's response to cyberstalking" - SlimVirgin
speaks out

On 8/24/07, charles.r.matthews wrote:
> Just when it was going quieter. Has everyone on this list seen this mail from SlimVirgin? I thought I'd ask before discussing the content.

The post to this list?

-Matt
------------

From: (Kirill Lokshin)
Date: Fri, 24 Aug 2007 18:03:07 -0400
Subject: [Arbcom-l] "Wikipedia's response to cyberstalking" - SlimVirgin
speaks out

On 8/24/07, Timothy Titcomb wrote:
>
> On Aug 24, 2007, at 5:44 PM, <charles.r.matthews> wrote:
>
> > Just when it was going quieter. Has everyone on this list seen this
> > mail from SlimVirgin? I thought I'd ask before discussing the content.
>
> I've read it.
>
> Paul August

Same here.

Kirill
------------

From: (James Forrester)
Date: Fri, 24 Aug 2007 23:04:53 +0100
Subject: [Arbcom-l] [Fwd: The Skinny on SlimVirgin's abusive
sockpuppetry]

On 24/08/07, Matthew Brown wrote:
> On 8/24/07, James Forrester wrote:
> > Yes. IHTS that I've never been comfortable with helping people who
> > fail to notice significant changes in their edit token status (FFS, it
> > removes the "minor edit" box - if you don't notice that, you're likely
> > posting without fully thinking through your edits).
>
> Not in the case where the edit page was loaded logged-in but the user
> is logged out between then and submitting the edit, which I believe
> can happen - since that's hard to simulate, I'm not absolutely sure.
>
> I'd imagine that most editors would only notice the lack of the
> 'minor edit' checkbox if they were going to use it; I'm pretty sure
> 90% of the time I wouldn't notice. I double-check my words, not the
> presentation of the edit web page.

Not so. It presents a page saying "Your edit-token has expired" (given
that I'm based in the UK, so my edits go through the second-class
servers in Europe, I get this relatively often). Though perhaps this
functionality is new?

Yours,
--
James D. Forrester
-----------

From: (Kirill Lokshin)
Date: Fri, 24 Aug 2007 18:05:22 -0400
Subject: [Arbcom-l] "Wikipedia's response to cyberstalking" - SlimVirgin
speaks out

On 8/24/07, Matthew Brown wrote:
> On 8/24/07, charles.r.matthews wrote:
> > Just when it was going quieter. Has everyone on this list seen this mail from SlimVirgin? I thought I'd ask before discussing the content.
>
> The post to this list?

No, the offlist one we were (all?) cc-d on.

Kirill
----------

From: (jayjg)
Date: Fri, 24 Aug 2007 18:05:48 -0400
Subject: [Arbcom-l] [Fwd: The Skinny on SlimVirgin's abusive
sockpuppetry]

On 8/24/07, James Forrester wrote:
> On 24/08/07, Matthew Brown wrote:
> > On 8/24/07, David Gerard wrote:
> > > Mind you, I'm tempted to edit the anon edit message to be clearly and
> > > visibly different ...
> >
> > We need to ensure that getting inadvertently logged out and causing an
> > IP-revealing edit to be made is a lot harder than it is. If we made
> > it hard to do, we wouldn't get nearly as many oversight requests
> > wishing for it. It is frankly a big grey area in our oversight policy
> > - a little outside the wording, but arguably within the spirit, and
> > fervently desired by many users who make that mistake. We should (a)
> > make it hard to do, and (b) clarify oversight policy about that
> > situation - either explicitly forbid it or add it to the allowed
> > reasons.
>
> Thinking about the future, what about a (*very* carefully used) tool
> to merge user accounts and their contributions, and IP's
> contributions, too? This would keep the transparency whilst also
> removing the source of many of the OS requests.

If I understand what you're saying, before Oversight was created
developers sometimes also replaced IP edits with the Userid of the
editor. This was actually often preferred by the editors in question,
but wasn't a feature of Oversight. I'm not sure how it would impact
people who download the database and obsessively comb through it
looking to expose oversights; would it make their job harder, or would
it actually clearly identify for them people's IP addresses?
WordBomb/Judd Bagley seems to be the first person to have done this in
any systematic way, but I doubt he will be the last.
----------

From: (Matthew Brown)
Date: Fri, 24 Aug 2007 15:06:11 -0700
Subject: [Arbcom-l] [Fwd: The Skinny on SlimVirgin's abusive
sockpuppetry]

On 8/24/07, James Forrester wrote:
> Not so. It presents a page saying "Your edit-token has expired" (given
> that I'm based in the UK, so my edits go through the second-class
> servers in Europe, I get this relatively often). Though perhaps this
> functionality is new?

It may be; I used to have this happen to me, but it hasn't happened
for a couple of years.

-Matt
-----------

From: (Matthew Brown)
Date: Fri, 24 Aug 2007 15:06:54 -0700
Subject: [Arbcom-l] "Wikipedia's response to cyberstalking" - SlimVirgin
speaks out

On 8/24/07, Kirill Lokshin wrote:
> No, the offlist one we were (all?) cc-d on.

Ah - yes, I have now received it.

-Matt
-----------

From: (jayjg)
Date: Fri, 24 Aug 2007 18:07:04 -0400
Subject: [Arbcom-l] [Fwd: The Skinny on SlimVirgin's abusive
sockpuppetry]

On 8/24/07, James Forrester wrote:
> On 24/08/07, Matthew Brown wrote:
> > On 8/24/07, James Forrester wrote:
> > > Yes. IHTS that I've never been comfortable with helping people who
> > > fail to notice significant changes in their edit token status (FFS, it
> > > removes the "minor edit" box - if you don't notice that, you're likely
> > > posting without fully thinking through your edits).
> >
> > Not in the case where the edit page was loaded logged-in but the user
> > is logged out between then and submitting the edit, which I believe
> > can happen - since that's hard to simulate, I'm not absolutely sure.
> >
> > I'd imagine that most editors would only notice the lack of the
> > 'minor edit' checkbox if they were going to use it; I'm pretty sure
> > 90% of the time I wouldn't notice. I double-check my words, not the
> > presentation of the edit web page.
>
> Not so. It presents a page saying "Your edit-token has expired" (given
> that I'm based in the UK, so my edits go through the second-class
> servers in Europe, I get this relatively often). Though perhaps this
> functionality is new?

I've certainly never seen that "edit-token" message, and I've been
logged out by Wikipedia many times in the past, though very rarely
more recently.
-----------

From: (jayjg)
Date: Fri, 24 Aug 2007 18:07:47 -0400
Subject: [Arbcom-l] "Wikipedia's response to cyberstalking" - SlimVirgin
speaks out

On 8/24/07, Matthew Brown wrote:
> On 8/24/07, Kirill Lokshin wrote:
> > No, the offlist one we were (all?) cc-d on.
>
> Ah - yes, I have now received it.
>
> -Matt

I have received it as well.
------------

From: (Dmcdevit)
Date: Fri, 24 Aug 2007 15:09:54 -0700
Subject: [Arbcom-l] [Fwd: The Skinny on SlimVirgin's
abusive sockpuppetry]

James Forrester wrote:
>
> Thinking about the future, what about a (*very* carefully used) tool
> to merge user accounts and their contributions, and IP's
> contributions, too? This would keep the transparency whilst also
> removing the source of many of the OS requests. Note that this is a
> reasonably-core functionality for SUL, so shouldn't be beyond
> reasonability (though may take some time). Security would be along the
> same level as the import functionality, given the ease of screwing up
> attribution (our main piece of meta-data, and vitally important to
> avoid poisoning the well), but that's just asking for very big red
> text with flashing lights saying "Are you sure?". :-)
This has been a desired function for as long as I can remember, but I
think the devs have been refusing to do it for grounds other than just
technical. The only surefire way to ensure that a particular account
made a particular edit is to require them to log in and edit from the
account. Even if it was only done on specific requests of users that
identified anon edits as their own, it will be difficult if not
impossible to match the anon edits with the account even if you are
matching IPs. And misattributing edits presumably has significant
copyright implications.

Dominic
------------

From: (Matthew Brown)
Date: Fri, 24 Aug 2007 15:10:47 -0700
Subject: [Arbcom-l] [Fwd: The Skinny on SlimVirgin's abusive
sockpuppetry]

On 8/24/07, jayjg wrote:
> What message would the restoring send, and to what audiences? I think
> we should think carefully about that.

Several different messages.

It would, unfortunately, say "Yes, you were right" to the stalkers and
creeps. However, they have much more power if they can imply things
were worse than they really are.

It would, however, increase transparency to Wikipedia's contributors.
The incredibly minor nature of the actual events behind all the drama
would, I hope, help to defuse the issue among the non-insane.

-Matt
------------

From: (Timothy Titcomb)
Date: Fri, 24 Aug 2007 18:10:57 -0400
Subject: [Arbcom-l] "Wikipedia's response to cyberstalking" - SlimVirgin
speaks out

On Aug 24, 2007, at 6:02 PM, Matthew Brown wrote:

> On 8/24/07, charles.r.matthews wrote:
>> Just when it was going quieter. Has everyone on this list seen
>> this mail from SlimVirgin? I thought I'd ask before discussing the
>> content.
>
> The post to this list?
>
> -Matt

No it wasn't to this list, but it was copied to many members of this
list, including you.

Paul August
------------

From: charles.r.matthews
Date: Fri, 24 Aug 2007 23:12:10 +0100
Subject: [Arbcom-l] "Wikipedia's response to cyberstalking" -
SlimVirgin speaks out

>
> From: "Kirill Lokshin"
> Date: 2007/08/24 Fri PM 11:05:22 BST
> To: "Arbitration Committee mailing list" <arbcom-l at lists.wikimedia.org>
> Subject: Re: [Arbcom-l] "Wikipedia's response to cyberstalking" - SlimVirgin
> speaks out
Matthew Brown <morven at gmail.com> wrote

> > The post to this list?
>
> No, the offlist one we were (all?) cc-d on.
>
> Kirill

Matthew, yes, you were amongst the 37 addressees. Well, it's going to be a full-inbox time while the "I agrees" get circulated.

Charles
-----------

From: (James Forrester)
Date: Fri, 24 Aug 2007 23:12:26 +0100
Subject: [Arbcom-l] [Fwd: The Skinny on SlimVirgin's abusive
sockpuppetry]

On 24/08/07, jayjg wrote:
> On 8/24/07, James Forrester wrote:
> > On 24/08/07, Matthew Brown wrote:
> > > On 8/24/07, David Gerard wrote:
> > > > Mind you, I'm tempted to edit the anon edit message to be clearly and
> > > > visibly different ...
> > >
> > > We need to ensure that getting inadvertently logged out and causing an
> > > IP-revealing edit to be made is a lot harder than it is. If we made
> > > it hard to do, we wouldn't get nearly as many oversight requests
> > > wishing for it. It is frankly a big grey area in our oversight policy
> > > - a little outside the wording, but arguably within the spirit, and
> > > fervently desired by many users who make that mistake. We should (a)
> > > make it hard to do, and (b) clarify oversight policy about that
> > > situation - either explicitly forbid it or add it to the allowed
> > > reasons.
> >
> > Thinking about the future, what about a (*very* carefully used) tool
> > to merge user accounts and their contributions, and IP's
> > contributions, too? This would keep the transparency whilst also
> > removing the source of many of the OS requests.
>
> If I understand what you're saying, before Oversight was created
> developers sometimes also replaced IP edits with the Userid of the
> editor. This was actually often preferred by the editors in question,
> but wasn't a feature of Oversight.

Yes, I recall how we used to do things before OS came along (indeed,
before *you* came along ;-)). That is eactly what I mean, yes.

> I'm not sure how it would impact
> people who download the database and obsessively comb through it
> looking to expose oversights; would it make their job harder, or would
> it actually clearly identify for them people's IP addresses?

OS is and always has been meaningless and counter-productive for
concealing any privacy issues, such as the ones discussed here, which
pre-date the most recent dump. This tool would be the same. Note that
we've not had a successful dump for many many months, so right now
this issue isn't as live as it was when the tool was new, but it *was*
mentioned as part of the roll-out, IIRC. Certainly, I recall
discussing it as the tool went live.

> WordBomb/Judd Bagley seems to be the first person to have done this in
> any systematic way, but I doubt he will be the last.

Indeed.

Yours,
--
James D. Forrester
-----------

From: (James Forrester)
Date: Fri, 24 Aug 2007 23:18:59 +0100
Subject: [Arbcom-l] [Fwd: The Skinny on SlimVirgin's abusive
sockpuppetry]

On 24/08/07, Dmcdevit wrote:
> James Forrester wrote:
> >
> > Thinking about the future, what about a (*very* carefully used) tool
> > to merge user accounts and their contributions, and IP's
> > contributions, too? This would keep the transparency whilst also
> > removing the source of many of the OS requests. Note that this is a
> > reasonably-core functionality for SUL, so shouldn't be beyond
> > reasonability (though may take some time). Security would be along the
> > same level as the import functionality, given the ease of screwing up
> > attribution (our main piece of meta-data, and vitally important to
> > avoid poisoning the well), but that's just asking for very big red
> > text with flashing lights saying "Are you sure?". :-)
> This has been a desired function for as long as I can remember, but I
> think the devs have been refusing to do it for grounds other than just
> technical.

The devs used to do such actions on request.

> The only surefire way to ensure that a particular account
> made a particular edit is to require them to log in and edit from the
> account.

Yes, well, this isn't a truly difficult request. Anyway, my point was
that account merging is coming with SUL, so we might be able to hop on
this bandwagon.

> Even if it was only done on specific requests of users that
> identified anon edits as their own, it will be difficult if not
> impossible to match the anon edits with the account even if you are
> matching IPs.

A CU check to confirm isn't too hard a requirement for the executing
EditMunger (or whatever term is given).

> And misattributing edits presumably has significant
> copyright implications.

Certainly, but OS for content (rather than reverted vandalism) has
exactly the same problem.

Yrs,
--
James D. Forrester
----------

From: (James Forrester)
Date: Fri, 24 Aug 2007 23:21:09 +0100
Subject: [Arbcom-l] "Wikipedia's response to cyberstalking" - SlimVirgin
speaks out

On 24/08/07, charles.r.matthews wrote:
>
> >
> > From: "Kirill Lokshin"
> > Date: 2007/08/24 Fri PM 11:05:22 BST
> > To: "Arbitration Committee mailing list" <arbcom-l at lists.wikimedia.org>
> > Subject: Re: [Arbcom-l] "Wikipedia's response to cyberstalking" - SlimVirgin
> > speaks out
> Matthew Brown <morven at gmail.com> wrote
>
> > > The post to this list?
> >
> > No, the offlist one we were (all?) cc-d on.
>
> Matthew, yes, you were amongst the 37 addressees. Well, it's going
> to be a full-inbox time while the "I agrees" get circulated.

I seemingly didn't get sent the missive (unless she sent it to an old
address, or it was spam-killed by GMail...). Might I request a copy?

--
James D. Forrester
----------

From: (Kirill Lokshin)
Date: Fri, 24 Aug 2007 18:24:56 -0400
Subject: [Arbcom-l] "Wikipedia's response to cyberstalking" - SlimVirgin
speaks out

On 8/24/07, James Forrester wrote:
> I seemingly didn't get sent the missive (unless she sent it to an old
> address, or it was spam-killed by GMail...). Might I request a copy?

It doesn't seem like you were included; I'm not sure how the list of
recipients was compiled here. In any case:

---------- Forwarded message ----------
From: Slim Virgin
Date: Aug 24, 2007 5:27 PM
Subject: Wikipedia's response to cyberstalking
To: Jimmy Wales , ElinorD , Will Beback , Mongo Montana,
"Samir C. Grover", Jay, Mantan Moreland, Katefan0, Iron Duke,
Phil Sandifer, Rebecca, Fred Bauder, highinbc, crum375, samiharris800,
Phaedriel, Durova, Dakota Kahn
Cc: florencedevouard, Anthere, Angela, Kat Walsh, FloNight,
David Gerard, Josh Gordon, Blnguyen, Dmcdevit,
Guy Chapman, Mark Pellegrini, charles matthews, Theresa Knott,
Steve Dunlop, Charles Fulton, Matt Brown, Paul August/Timothy Titcomb,
kirill.lokshin, Cary Bass, Michael Waddell


Jimbo wrote to me and the ArbCom recently in response to yet another
an allegation from WordBomb, a banned editor who in real life is Judd
Bagley, the Vice-President of Social Media for Overstock.com.

Bagley is a known cyberstalker. His latest allegation is that, when I
first started at Wikipedia, I had a sockpuppet account. This follows
allegations from Daniel Brandt that I work for MI5 and am being paid
to edit Wikipedia. I don't know how these allegations tie together,
but I've no doubt the synthesis is imaginative. WordBomb has told
Jimbo he is about to have something about it published, implying
mainstream media (he's already published it on his website). He's been
threatening this kind of thing for over a year.

I'm sending my response to the sockpuppet allegations in another
e-mail, which I'll copy to everyone on this list. I've already told
Jimbo that the MI5 allegation is pure fantasy.

The reason I'm writing this is that I'm becoming increasingly
concerned about the way Wikipedia responds when its editors and
administrators are under attack. This issue has been raised many
times, mostly by the people who've been cyberstalked, but the
discussions don't lead anywhere. Here, again, we have a situation
where a regular editor is being investigated (it appears) by the
Arbitration Committee as a result of abuse from a banned editor, and
is expected to spend time wading through nonsense on various attacks
sites in order to defend herself. The bottom line is that it sometimes
feel as if AGF and BLP apply to everyone except Wikipedians who are
being attacked by banned editors.

I therefore want to open up a discussion about this between the
Foundation, the ArbCom, people who've expressed concern about
cyberstalking, and the victims of it, most of whom are administrators
who were targeted for doing their jobs. The consequences of the
stalking have been very serious for us as individuals, but because we
all live in our little bubbles and don't talk about it much, the
seriousness of the situation has perhaps not struck home forcefully
enough.

The editors on this list include someone who has had to move house
because of cyberstalking; someone who had to pretend that her mother
had died in order to stop the harassment of her family; two people
accused of being paid to edit Wikipedia by intelligence agencies;
various people who've had their names, addresses, and photographs
published; at least two people who've been named and accused of
pedophilia; one person whose disabled father was threatened with
violence; one person who had to stop editing because the stalkers were
going to contact her employer with various allegations; one person who
was investigated by the police after a stalker told his university
that he might have murdered someone; a lawyer named for alleged
inappropriate behavior; people named as having various sexual
preferences that their friends or families don't know about; and
people whose employment possibilities have been undermined, perhaps
for the rest of their lives, because of the seriousness of the
allegations against them.

At least seven of us are women. Whether that makes any difference to
the intensity of the stalking, I don't know. I feel it does, but I
know others disagree. In my own case, my appearance has been discussed
in detail, what kind of bra I wear, whether I've slept with people to
get jobs in real life, whether I'm a whore, whether I enjoy having sex
with young boys, and whether I'm worried about being raped.

Most of the time, the police can't or won't help, because it involves
the Web, and the laws governing cyberspace are complex and differ
around the world. Libel lawyers are expensive, and the stalkers often
don't have assets worth suing for anyway. So it's difficult to know
how or whether to respond.

Everyone accepts that there's a limit to how much the Foundation can
help, primarily because of limited funds. But the lack of help seems
to go beyond money issues. I'm not aware of anyone who has received
even the most rudimentary legal advice, although maybe there has been
help that I don't know about. I do know that a few people under attack
have written expressing concern and received no response. Perhaps the
issue is that the Foundation's legal position is that it's not a
publisher, and therefore it can't be seen to involve itself in these
situations. The problem with that position is that it leaves those
under attack swinging in the wind.

What's worse than that, though, is that editors who are attacked
sometimes find themselves being accused again via the mailing list or
the ArbCom. And the admins who help those editors end up in more
trouble from the stalkers, then from the ArbCom again.

In my own case, I've been attacked a lot because, as an administrator,
I went to the assistance of editors who were being outed. I helped
Iron Duke who was being outed by a banned user, who turned on me, and
ended up posting a great deal of nonsense about me to Wikipedia Review
(I won't name him because he and I have reached a rapprochement). The
attacks on me from WordBomb stem from my helping Mantanmoreland, who
was being outed by WordBomb. There are many other examples where the
attacker switched his attention to the admin who blocked him for the
original offence, and that admin became the main enemy.

ElinorD and Quadell have been criticized for helping me. Jayjg has
been threatened with losing oversight because he deleted some early
edits of mine that I feared would identify me. This was after I
received threats of violence from an obvious lunatic on Wikipedia
Review who lives in the same country as me, yet the admin I turned to
for help is now facing sanctions. MONGO ended up being desyopped
because his response to being attacked was seen as inappropriate.

Admins who deal with these situations need strong and consistent
support from the Foundation and the ArbCom, and if they're not
reacting as well as they might, they need constructive advice, not
more criticism. Instead, we find ourselves being investigated, months
or even years after the fact, when the details are long forgotten, and
all that's remembered is the banned editors' increasingly ludicrous
allegations. It seems to me that, if you say something loudly enough
and often enough, someone from the Foundation or ArbCom will end up
believing it. I'm sorry to say this, and I know it doesn't apply to
the vast majority of you. But it only takes one or two.

After my recent experience of being slashdotted based on the MI5
allegation, I received more e-mails of support from Wikipedians than
I've had time to reply to. They included people I know and like,
people I barely know, people I don't know, and people I've been in
serious content disputes with, who offered their unconditional
support. The response was very moving, and it taught me that the
overwhelming majority of this community is decent and honorable, and
has no time for this nonsense. But it's the very, very small number of
people who extend good faith to the troublemakers -- but not to the
Wikpedian under attack -- who become the squeakiest wheels.

Something has to change about this situation. It's only a matter of
time before someone ends up being physically attacked, or even turns
on themselves in distress. The stalking is *incredibly* upsetting, and
the lack of support from the Foundation or ArbCom feels like the last
straw. It's impossible to explain to people who've never experienced
it how disorienting the situation can be. In my own case, when it
first started, I'd find myself bursting into tears for no reason,
losing sleep, not eating properly, worrying all the time, with a
constant feeling of nausea in the pit of my stomach. In the end, I
stopped reading the websites publishing it, and that helped a lot. Now
I have to read it all again to defend myself to the ArbCom.

I was going to include some background on WordBomb/Judd Bagley for
those of you not familiar with him, but this e-mail is getting long,
so I'll send it separately. The important point is that he is a
*professional* spin doctor, who has been outed by the mainstream media
for cyberstalking, so he has zero credibility. Yet for some reason his
threats are being taken seriously by Wikipedia.

I hope this e-mail stimulates a debate that leads to a change of
mindset about defending Wikipedians. It's only going to get worse the
more popular WP becomes, so we need a strategy. Any one of us might
block the wrong person at the wrong time, and find ourselves in the
middle of this nonsense, so please don't think: "There's no smoke
without fire, and it could never happen to me." Not true.

Sarah
Malice's note: Ach, we've found the genesis of the secret "Cyberstalking" list.