[Checkuser-l] User:Kristen Eriksen and User:Crimp It!, CUs are good, aren't they? Options

[culeaker]

[jayjg] 25/08/2008

Why has User:Krimpet tagged User:Crimp It! as a sock of User:Kristen
Eriksen? Occam's Razor would suggest that Crimp It! is exactly what it
appears to be: someone who goes to the same university as Eriksen, and
is harassing her. Is there other information that would strongly
suggest otherwise?


[Thatcher131] 25/08/2008

San Jose State has very few editors, at least in the last 3 month, and
she doesn't say where she is from. I think Occam would grant that at
the very least, Crimp It! is a friend of Kristen's who knows about her
editing. (Otherwise, what are the odds of a stalker coming from the
same place as the target if the target's location has not been
publicly disclosed.) And do we usually give a lot of weight to the
"it was my friend/roommate/happened to use the same library PC as me"
excuse?

I am in general quite suspicious of Kristen. Her user page was
targeted for Grawp-style 4chan vandalism when her account was less
than a couple days old. That's a pretty narrow window of time for the
account to be discovered at random.


[jayjg] 25/08/2008

On Mon, Aug 25, 2008 at 12:33 PM, Thatcher131 wrote:
> San Jose State has very few editors, at least in the last 3 month, and
> she doesn't say where she is from. I think Occam would grant that at
> the very least, Crimp It! is a friend of Kristen's who knows about her
> editing.

It looks to me like Crimp It! is an acquaintance of Kristen's who
knows about her editing. Perhaps even a friend who thinks it's funny
to mess around with her.

> (Otherwise, what are the odds of a stalker coming from the
> same place as the target if the target's location has not been
> publicly disclosed.) And do we usually give a lot of weight to the
> "it was my friend/roommate/happened to use the same library PC as me"
> excuse?

Not usually, but the "friend/roommate" accounts usually do supportive
stuff, like !vote in support, edit-war on their behalf, etc. They
don't usually try to get their articles deleted.

> I am in general quite suspicious of Kristen. He user page was
> targeted for Grawp-style 4chan vandalism when her account was less
> than a couple days old. That's a pretty narrow window of time for the
> account to be discovered at random.


[Alison Cassidy] 25/08/2008

That's a good point. It is possible that this is all and attempt to
disrupt Wikipedia with good-hand/bad-hand accounts. But a lot of
effort has been put into that "good-hand" account, more than usual.

I'm inclined to agree with Thatcher here. I also ran a check and came
to a similar conclusion. Suspicions here, too (IMG:smilys0b23ax56/default/tongue.gif)

It might be for the best to simply indef the sock and remove the
suggestion they're connected. If there *is* any funny business going
on with that account, and there may well be, I reckon we'll be back
discussing it here anyway. There are a lot of eyes now watching that
account, including half of WR, from what I can see ....

-- Allie


[Thatcher131] 25/08/2008

On Mon, Aug 25, 2008 at 12:54 PM, jayjg <jayjg99@gmail.com> wrote:
> On Mon, Aug 25, 2008 at 12:33 PM, Thatcher131 <thatcher131@gmail.com> wrote:
>> San Jose State has very few editors, at least in the last 3 month, and
>> she doesn't say where she is from. I think Occam would grant that at
>> the very least, Crimp It! is a friend of Kristen's who knows about her
>> editing.
>
> It looks to me like Crimp It! is an acquaintance of Kristen's who
> knows about her editing. Perhaps even a friend who thinks it's funny
> to mess around with her.

SJS has a /16 but although Crimp It! and Kristen are on different IPs,
they are on the same /24, which sounds to me like a library. I also
think the choice of name is suspicious if this is someone who is not
an experienced wikipedian and who decided to bug his/her friend.

Frankly, when I saw San Jose the first thing I thought of was Amorrow.
Are we sure he is still in jail?

> That's a good point. It is possible that this is all and attempt to
> disrupt Wikipedia with good-hand/bad-hand accounts. But a lot of
> effort has been put into that "good-hand" account, more than usual.

Kristen has not been blocked, and there is a relatively polite request
for an explanation on her talk page. Let's see what she has to say.

Thatcher


[jayjg] 25/08/2008

On Mon, Aug 25, 2008 at 1:54 PM, Alison Cassidy <cooties@mac.com> wrote:
> I'm inclined to agree with Thatcher here. I also ran a check and came
> to a similar conclusion. Suspicions here, too (IMG:smilys0b23ax56/default/tongue.gif)
>
> It might be for the best to simply indef the sock and remove the
> suggestion they're connected. If there *is* any funny business going
> on with that account, and there may well be, I reckon we'll be back
> discussing it here anyway. There are a lot of eyes now watching that
> account, including half of WR, from what I can see ....

That makes sense to me.


[Alison Cassidy] 25/08/2008

On Aug 25, 2008, at 11:06 AM, Thatcher131 wrote:

> Frankly, when I saw San Jose the first thing I thought of was Amorrow.
> Are we sure he is still in jail?


That was also asked recently by someone else. Andrew Morrow is still
in Santa Clara County Jail and won't be released until September 15.
This is something I'm watching rather closely myself as I'll have to
get back into vigilant-mode when he's released (and I'm not talking
about Wikipedia). Also, he never edited from SJSU.

-- Allie


[Alison Cassidy] 26/08/2008

And given that this whole issue has now spilled onto WP:AN, and that
it's mostly heat and not light right now, can we possibly post a
statement on this one way or another? The matter needs closure and
some sort of definitive answer, even if that answer is, "we're not
totally sure".

Thoughts?

-- Allie


[Larry Pieniazek] 26/08/2008

My view is that the consensus view is that it's somewhere between likely and
confirmed. (very likely, in other words... the three CUs that so far looked
at the results all think the same thing) It's reasonable to tag CI! as
"suspected" at any rate and reasonable to ask the questions that Krimpet
asked KE.

I don't know what John254 is thinking but I don't see his reasoning as
entirely sound. And his contributions to the matter are not very
constructive either. This is not the first time that I have not found his
contributions to a matter less than optimally constructive either.

Larry Pieniazek


[jayjg] 26/08/2008

Is that the consensus view? Does the user agent information match?
Although, if they're using a library, it probably would anyway.

[EricBarbour]

This stuff isn't even lukewarm. Please, something a little more spicy?

[culeaker]

This stuff isn't even lukewarm. Please, something a little more spicy?

Oh sorry, I just thought it was funny. (IMG:smilys0b23ax56/default/unhappy.gif) And it's more recent than some of the stuff Malice was serving up.

[carbuncle]

This stuff isn't even lukewarm. Please, something a little more spicy?

Oh sorry, I just thought it was funny. (IMG:smilys0b23ax56/default/unhappy.gif) And it's more recent than some of the stuff Malice was serving up.

That's just Eric's way of saying "Welcome to WR". First the arbcom list and now the checkuser list - just how leaky is the WMF set-up?

[melloden]

This stuff isn't even lukewarm. Please, something a little more spicy?

Oh sorry, I just thought it was funny. (IMG:smilys0b23ax56/default/unhappy.gif) And it's more recent than some of the stuff Malice was serving up.

That's just Eric's way of saying "Welcome to WR". First the arbcom list and now the checkuser list - just how leaky is the WMF set-up?

Now who are you, culeaker? Former ArbCommie? Or a rogue CU?

[gomi]

Now who are you, culeaker? Former ArbCommie? Or a rogue CU?

A concerned citizen? Perhaps you should leave it at that melloden. It's not polite around here to ask about people's WP identities if they don't wish to reveal them.

[culeaker]

Now who are you, culeaker? Former ArbCommie? Or a rogue CU?

Rogue?

Seriously, the trouble with [Checkuser-l] lately is it's been stultifyingly boring. There are two reasons for this:

* Good CUs are frightened to post because other CUs might leak, so they just e-mail a couple of other CUs they trust rather than broadcast it.

* Conversely, bad CUs don't want to expose what they are doing to general scrutiny so they also just e-mail a couple of other CUs they trust rather than broadcast it.

Thus there aren't that many really juicy threads lately - sorry.

One of the myths of CU is that the CUs continually monitor each other to stop abuse. Not so - it's feasible on a small wiki with only a few CUs but quite out of the question on EN:WP with the volume of checks. I couldn't possibly query everything.

[Heat]

Now who are you, culeaker? Former ArbCommie? Or a rogue CU?

Rogue?

Seriously, the trouble with [Checkuser-l] lately is it's been stultifyingly boring. There are two reasons for this:

* Good CUs are frightened to post because other CUs might leak, so they just e-mail a couple of other CUs they trust rather than broadcast it.

* Conversely, bad CUs don't want to expose what they are doing to general scrutiny so they also just e-mail a couple of other CUs they trust rather than broadcast it.

Thus there aren't that many really juicy threads lately - sorry.

One of the myths of CU is that the CUs continually monitor each other to stop abuse. Not so - it's feasible on a small wiki with only a few CUs but quite out of the question on EN:WP with the volume of checks. I couldn't possibly query everything.

Maybe you could show us what a checkuser report looks like?

[melloden]

Now who are you, culeaker? Former ArbCommie? Or a rogue CU?

A concerned citizen? Perhaps you should leave it at that melloden. It's not polite around here to ask about people's WP identities if they don't wish to reveal them.

Obviously he's not going say what it is. I was just curious as to what he would say instead.

Now who are you, culeaker? Former ArbCommie? Or a rogue CU?

Rogue?

Seriously, the trouble with [Checkuser-l] lately is it's been stultifyingly boring. There are two reasons for this:

* Good CUs are frightened to post because other CUs might leak, so they just e-mail a couple of other CUs they trust rather than broadcast it.

* Conversely, bad CUs don't want to expose what they are doing to general scrutiny so they also just e-mail a couple of other CUs they trust rather than broadcast it.

Thus there aren't that many really juicy threads lately - sorry.

One of the myths of CU is that the CUs continually monitor each other to stop abuse. Not so - it's feasible on a small wiki with only a few CUs but quite out of the question on EN:WP with the volume of checks. I couldn't possibly query everything.

Maybe you could show us what a checkuser report looks like?

(IMG:http://upload.wikimedia.org/wikipedia/commons/thumb/6/6a/CheckUser3.png/500px-CheckUser3.png)
(IMG:http://upload.wikimedia.org/wikipedia/commons/thumb/8/80/CheckUser2.png/500px-CheckUser2.png)

[No one of consequence]

* Good CUs are frightened to post because other CUs might leak, so they just e-mail a couple of other CUs they trust rather than broadcast it.

Gosh, why would they think that?

Jackass.

[culeaker]

* Good CUs are frightened to post because other CUs might leak, so they just e-mail a couple of other CUs they trust rather than broadcast it.

Gosh, why would they think that?

Jackass.

Thatcher, I'm not accusing you of anything.

[No one of consequence]

* Good CUs are frightened to post because other CUs might leak, so they just e-mail a couple of other CUs they trust rather than broadcast it.

Gosh, why would they think that?

Jackass.

Thatcher, I'm not accusing you of anything.

Um, what?

You complain that the list is boring because people are afraid of leaks, yet you are a leaker.

You made an implicit (or explicit) pledge to keep CU business confidential, but you broke that pledge not because of some overriding moral imperative to expose a wrong, but for giggles.

Indeed, I'm not sure what the point of this particular leak was from the beginning. I don't recall the details but from reading the post it seems to show Alison and I being cautious and Jayjg being a bit naive. And your point is?

[Alison]

You complain that the list is boring because people are afraid of leaks, yet you are a leaker.

You made an implicit (or explicit) pledge to keep CU business confidential, but you broke that pledge not because of some overriding moral imperative to expose a wrong, but for giggles.

^^^ this ^^^

I fail to see the point to any of this, seeing as the only thing to get spilled here was the whereabout and the college where User:Kristen Eriksen edits from (IMG:smilys0b23ax56/default/dry.gif)

If anyone wants to know what Checkuser looks like from the inside, just look here or here or here. No b1g s3kr1t (IMG:smilys0b23ax56/default/rolleyes.gif)

[gomi]

No doubt culeaker wanted to start with something relatively innocuous to test the waters. I know that's what I would do. (IMG:smilys0b23ax56/default/evilgrin.gif)

The real question is what could really be learned by a dedicated Checkuser mole, and I suspect that the answer is "not much". I'd be interested in Jayjg's IP address history, so we could track down that shadowy figure, but he's about the last mystery of that nature left.

Vis-a-vis real smoking guns, there are probably some in the CU logs, but they would be stupefyingly boring to go through, what with the need for a bunch of cross-correlation between various IP addresses at various times and real goings-on in the world and the Wiki. I have no doubt that there is a ton of deep CU abuse tucked away in those logs, unfair blocks, fishing expeditions, and whatnot, but the level of dedication required to expose it is high and the likelihood of causing any real change is about zero.

Checkusers -- including the "nice" ones -- are the lieutenants of a corrupt army: you could shoot each and every one of them and there would be another to take their place. The same with admins, as the grunt soldiers.

I hope that CuLeaker continues to post, but don't stand around and wait for a bombshell.

[Milton Roe]

You complain that the list is boring because people are afraid of leaks, yet you are a leaker.

You made an implicit (or explicit) pledge to keep CU business confidential, but you broke that pledge not because of some overriding moral imperative to expose a wrong, but for giggles.

^^^ this ^^^

I fail to see the point to any of this, seeing as the only thing to get spilled here was the whereabout and the college where User:Kristen Eriksen edits from (IMG:smilys0b23ax56/default/dry.gif)

As well as the college (San Jose State) from which John254 ran his sockfarm, which was a pretty impressive one. Since of course John254 was running Kristen Eriksen, and many others. As Rootology suspected.

http://en.wikipedia.org/wiki/Category:Wiki...pets_of_John254

We thought John254's gallant defense of "Kristen" was just due to hormones or something, but it was really a diversion. In particular, there's this bit where he gives "her" a userbox tag with Joseph McCarthy on it, as a "victim" who'd been "checkusered for nothing." Worth seeing. It's Baxteresque. One cannot get directly to the Kristen Eriksen TALK page anymore, but it's available here, and it all makes good reading in retrospect:

Now, what about this GRAWP edit:

http://en.wikipedia.org/w/index.php?title=...oldid=249451592

So, Alison. Mind explaining the inside joke? Since this person "Krimpet's tasty cake" seems related to Crimp It!, and Crimp It! is a sock of Kristen Eriksen and thus undoubtedly yet another John254 sock (if A is a sock of B and B is a sock of C, how can A not be a sock of C?), how does this edit, which seems a Jeremy Hansen/GRAWP edit, fit in? Hansen is at CSULB, no? Not SJSU. Is there any reason to think the John254 farm has anything to do with GRAWP?

[No one of consequence]

Now, what about this GRAWP edit:

http://en.wikipedia.org/w/index.php?title=...oldid=249451592

So, Alison. Mind explaining the inside joke? Since this person "Krimpet's tasty cake" seems related to Crimp It!, and Crimp It! is a sock of Kristen Eriksen and thus undoubtedly yet another John254 sock (if A is a sock of B and B is a sock of C, how can A not be a sock of C?), how does this edit, which seems a Jeremy Hansen/GRAWP edit, fit in? Hansen is at CSULB, no? Not SJSU. Is there any reason to think the John254 farm has anything to do with GRAWP?

On August 17, 2008, just 3 days after Kristen Eriksen's first edit, the user talk page was vandalized in "Grawp-style." (The edits are deleted but viewable to admins.) I say Grawp-style, not Grawp, because I suspect they were not the real Grawp. The edits came from IP addresses, not accounts, the 5 IP addresses involved were from 5 different ISPs on 3 different continents, and each IP address committed a single act of vandalism (to user talk:Kristen Eriksen), while the real Grawp would line up dozens of edits and save then en mass until blocked. So on balance, I suspect that this was John254 himself using open proxies or tor to create sympathy vandalism.

User:Krimpets Tasty Cake may or may not have been the real Grawp, I don't have access to information either way. But Krimpet made a lot of enemies, for various reasons, so the fact that two harassment accounts were created is not, without more, proof that they were created by the same person.

It seems unlikely for various reasons that John254 would be Grawp or a friend of Grawp. But I could be wrong.

[SB_Johnny]

You made an implicit (or explicit) pledge to keep CU business confidential, but you broke that pledge not because of some overriding moral imperative to expose a wrong, but for giggles.

Damn straight. (IMG:smilys0b23ax56/default/hrmph.gif)

I spentwasted enough time reading the cu mailinglists to know how dull and boring the chatter is, but I never felt compelled to share the dull and boring chatter just to impress people on WR. There's also a sufficient number of current and retired CUs lurking and skulking about the place who have already pointed out the dull and boring qualities, so it's not like you're breaking any news here.

To qualify as a CU, aren't you supposed to be an adult? (IMG:smilys0b23ax56/default/dry.gif)

I fail to see the point to any of this, seeing as the only thing to get spilled here was the whereabout and the college where User:Kristen Eriksen edits from (IMG:smilys0b23ax56/default/dry.gif)

Which probably doesn't matter to anyone, so no biggie, thinks Mr. Leaky. Unless it does matter to someone, and it's for the wrong reason. (IMG:smilys0b23ax56/default/fear.gif)

[Detective]

Now, what about this GRAWP edit:

http://en.wikipedia.org/w/index.php?title=...oldid=249451592

Interesting. This sock made all its edits on 11 November 2008.

http://en.wikipedia.org/wiki/Special:Contr...pets_Tasty_Cake

It was blocked two weeks later by Krimpet, who was obviously a highly involved admin. Clearly, there was no urgency to make the block, if it was necessary at all. So why was an involved admin allowed to make the block?

To qualify as a CU, aren't you supposed to be an adult? (IMG:smilys0b23ax56/default/dry.gif)

Yes, SBJ, you are supposed to be.

[Alison]

Now, what about this GRAWP edit:

http://en.wikipedia.org/w/index.php?title=...oldid=249451592

So, Alison. Mind explaining the inside joke? Since this person "Krimpet's tasty cake" seems related to Crimp It!, and Crimp It! is a sock of Kristen Eriksen and thus undoubtedly yet another John254 sock (if A is a sock of B and B is a sock of C, how can A not be a sock of C?), how does this edit, which seems a Jeremy Hansen/GRAWP edit, fit in? Hansen is at CSULB, no? Not SJSU. Is there any reason to think the John254 farm has anything to do with GRAWP?

Pretty much as Thatcher put it, although "Krimpet's tasty cake" is almost certainly JtV/'Text' - it's totally his style, especially the image use and the fact that he's trolling on the Jeremy Hanson article. Grawp/JarlaxleArtemis would never do that, given that he spent a huge amount of effort removing his self-admitted dox from Wikipedia and Commons (IMG:smilys0b23ax56/default/rolleyes.gif) (IMG:smilys0b23ax56/default/laugh.gif)

Also, it's clear that CULeaker only has access to the mailing list archives (which are now gone, AFAIK). The real interesting stuff would be in the CU logs (IMG:smilys0b23ax56/default/tongue.gif) All those CU checks that were entered where the 'comments' field was never filled out. In fact, Thatcher once hauled up a now-'retired' CU for doing exactly that, a few years back.

[culeaker]

Also, it's clear that CULeaker only has access to the mailing list archives (which are now gone, AFAIK). The real interesting stuff would be in the CU logs

Dear old Alison, still leaping to conclusions without any facts. Would you prefer me to upload a chunk of the CU log?

For the uninitiated, the log only shows that a checkuser has done a check, not the results. However, if you see a check on a user followed by checks by the same person on three IPs, and then on two more accounts, it's pretty easy to join the dots. That's why the logs are top secret.

Actually, the most interesting things are what aren't in the log. If someone is blocked as a sockpuppet on "technical evidence" and there is nothing in the log, there's something fishy happening.