How effective is checkuser? Options

[anthony]

Really? Where's the database schema? I'm pretty sure there's a field there for exactly that piece of information.

The database schema is here, I think.

The last time I looked at it before today, it was in recent_changes. But that was relatively a long time ago, at least in Internet time. It has changed much since then.

This post has been edited by anthony: Thu 31st December 2009, 7:50pm

[John Limey]

Another quick thought - might a long lag time between sock creation and first edit raise any suspicions?

I try to avoid it as it looks odd. It's the kind of thing that would probably never be noticed, but if someone did notice, they'd wonder.

Another good tactic to keep in mind is yo have the accounts disagree with each other in contentious debates. Pick an issue you don't care about, but lots of people do and have one account take each side. Why would anyone sock just to disagree with himself? Be careful when doing so not to be so vocal as to draw too much attention to yourself or so far on one side as to suspected of being a straw man.

[MBisanz]

Really? Where's the database schema? I'm pretty sure there's a field there for exactly that piece of information.

The database schema is here, I think.

The last time I looked at it before today, it was in recent_changes. But that was relatively a long time ago, at least in Internet time. It has changed much since then.

It was moved from RC to its own table at least since late-2007ish.

[CharlotteWebb]

User-agent identification has been there for a pretty long time, at least since 2007. It is of course easily spoofable; some pranksters knowing they're going to be checked have left secret messages in their string for that reason.

[Krimpet]

I can understand why they got rid of the feature of including the IP addresses in the history (since it generally reveals your location), but in hindsight at that point they probably should have instituted some sort of "one username per person" policy, and given themselves at least a rough method of enforcing it (like an email address which could be passively checked after-the-fact or something).

I personally don't understand the anxiety over having one's IP address revealed. The Internet wasn't designed to be anonymous; your IP address is always going to be known to every host you communicate with. It's akin to your license plate, not your home address; everywhere you go with your car, it's going to be parked outside and someone can look at it and determine your home country and state (and even sometimes county) and track your movements if they have the resources. But no reasonable person would try to hide their license plate from public view.

Anyone with a legitimate need for anonymity (living under an oppressive regime, blowing the whistle on a powerful company, being targeted by organized crime, etc.) can simply use an anonymizing proxy and acknowledge why they're doing so. (And if someone uses an proxy without providing a reason, they can probably be considered suspicious.) But otherwise, most users shouldn't worry about keeping their IP address private.

[Lar]

It's not very effective at all.

[anthony]

I can understand why they got rid of the feature of including the IP addresses in the history (since it generally reveals your location), but in hindsight at that point they probably should have instituted some sort of "one username per person" policy, and given themselves at least a rough method of enforcing it (like an email address which could be passively checked after-the-fact or something).

I personally don't understand the anxiety over having one's IP address revealed. The Internet wasn't designed to be anonymous; your IP address is always going to be known to every host you communicate with. It's akin to your license plate, not your home address; everywhere you go with your car, it's going to be parked outside and someone can look at it and determine your home country and state (and even sometimes county) and track your movements if they have the resources. But no reasonable person would try to hide their license plate from public view.

O RLY? "Watch out for things like license plate numbers on cars or images of the outside of your home which might accidentally appear in the background of a video and help a stranger to track you down." http://www.google.com/support/youtube/bin/...k&answer=126263

Personally, I know how easy it is for anyone with half a brain and 15 minutes of spare time, to figure out my home address, so I don't bother trying to hide the city I live in (which is about the maximum amount of geolocation easily revealed by my IP address). But not everyone feels that way about things, and I don't blame them for it.

Furthermore, not wanting to reveal one's IP address isn't always a matter of anonymity. There are lots of reasons why someone might use their real name but still not want to reveal their IP address. Which brings us to...

Anyone with a legitimate need for anonymity (living under an oppressive regime, blowing the whistle on a powerful company, being targeted by organized crime, etc.) can simply use an anonymizing proxy and acknowledge why they're doing so. (And if someone uses an proxy without providing a reason, they can probably be considered suspicious.) But otherwise, most users shouldn't worry about keeping their IP address private.

I don't buy it. You're telling me if I ask for an account, saying that I live in an oppressive regime, that my request will be granted? That's just too easy.

Besides, what counts as an oppressive regime? I'd rather not have the US government compiling information about what websites I visit. If Tor wasn't so slow, and wasn't so commonly blocked, and if all the websites I log into offered https connections so my passwords/cookies couldn't be stolen by the proxies, I'd probably use Tor for everything.

It's not very effective at all.

Certainly not very efficient. It's amusing when you think about how much time some people are wasting so that account creation can be 15 seconds shorter.

But no reasonable person would try to hide their license plate from public view.

By the way, what's your license plate number?

[Ather]

But no reasonable person would try to hide their license plate from public view.

By the way, what's your license plate number?

Here in England the police are rapidly developing a country-wide ANPR system to ultimately log all journeys. Creepy or what?

This post has been edited by Ather: Thu 31st December 2009, 10:15pm

[Text]

How effective is checkuser?

Poetlister, Mantanmoreland, and whoever else

There is no rule that can't be broken if you are persistent and dedicated enough.

But is it worth it? Poetlister lost a job for a stupid hobby...


This post has been edited by Text: Fri 1st January 2010, 1:53am

[Cock-up-over-conspiracy]

There are Firefox add-ons for changing your browser string and your referrer. If you're going to sock, then use them.

The only addition I would make is that if you are playing around with changing your browser string, also change your screen resolution to match each "user". Make it a little bit harder for them.

I would agree though that CU admins will:

a) lie if necessary
b) guess blind
c) get it complete wrong
d) defy all logic if necessary
e) keep copies of data for far longer than 3 months on home computers. I have seen Thatcher admit to this and he is amongst the more honest and principled of them. That would suggest to me that the less honest and principled of them are up to much worse.

Just understand that Pee-dia admins really don't have to care at all and some admins will throw blocks around anyway. They are into repression.

Its a game. You are likely to get caught out for other stuff. But it might be a good exercise to develop various characters if you are interested in developing your screenwriting, or investigative skills. Look upon it positively and make some good out of it.

Never hit that submit button in a moment of emotion. If you ever blow your own cover by not logging in ... just kill the operative ID and IP.

I hope you are using all this for something remotely ethical. The Pee-dia needs more ethical activists.

[Peter Damian]

I always take the opportunity to create a new sock (I currently have quite a substantial portfolio of sleepers)

I thought you said all this info is needed purely for research purposes?

This post has been edited by Peter Damian: Fri 1st January 2010, 2:34pm

[taiwopanfob]

e) keep copies of data for far longer than 3 months on home computers. I have seen Thatcher admit to this and he is amongst the more honest and principled of them. That would suggest to me that the less honest and principled of them are up to much worse.

The amount of space needed to store the uid/IP bindings and all other wiki-surveillance output for the entire history of Wikipedia would be microscopic compared to the rest of the database.

This is a strong hint that any storage limits that supposedly exist are for a purpose other than mere disk space.

The privacy charade?

Which in turn suggests that anyone off-lining the data may not be operating within the Rules and Regulations. But even if permitted, how could such "evidence" be the basis for any argument? Thatcher or anyone else can synthesize any amount of "evidence" and declare they downloaded it from the inner sanctum before it was -- conveniently -- erased.

[MZMcBride]

I received an e-mail from the Arbitration Committee regarding my initial post in this thread. The e-mail expressed how the post was, "to put it lightly, causing consternation."

I've replied to the e-mail. We'll wait to see what happens next. Playing out the various scenarios in my head, I wonder if I were de-adminned for such a thing, if Mike Godwin (a hardy free speech advocate) would step in....

[Krimpet]

I received an e-mail from the Arbitration Committee regarding my initial post in this thread. The e-mail expressed how the post was, "to put it lightly, causing consternation."

I've replied to the e-mail. We'll wait to see what happens next. Playing out the various scenarios in my head, I wonder if I were de-adminned for such a thing, if Mike Godwin (a hardy free speech advocate) would step in....

(Security through obscurity is almost always a terrible idea, of course.)

This post has been edited by Krimpet: Fri 1st January 2010, 8:14pm

[Lar]

I received an e-mail from the Arbitration Committee regarding my initial post in this thread. The e-mail expressed how the post was, "to put it lightly, causing consternation."

I've replied to the e-mail. We'll wait to see what happens next. Playing out the various scenarios in my head, I wonder if I were de-adminned for such a thing, if Mike Godwin (a hardy free speech advocate) would step in....

Everything you have in that list has already been made publicly available somewhere. So you're not revealing any actual secrets. What you're doing is putting things in a nice neat package.

Everything Daniel Brandt has on Hivemind has already been made publicly available somewhere. So he's not revealing any actual secrets. What he's doing is putting things in a nice neat package.

See the difference?

[MZMcBride]

I received an e-mail from the Arbitration Committee regarding my initial post in this thread. The e-mail expressed how the post was, "to put it lightly, causing consternation."

I've replied to the e-mail. We'll wait to see what happens next. Playing out the various scenarios in my head, I wonder if I were de-adminned for such a thing, if Mike Godwin (a hardy free speech advocate) would step in....

Everything you have in that list has already been made publicly available somewhere. So you're not revealing any actual secrets. What you're doing is putting things in a nice neat package.

Everything Daniel Brandt has on Hivemind has already been made publicly available somewhere. So he's not revealing any actual secrets. What he's doing is putting things in a nice neat package.

See the difference?

That's a fairly scurrilous comparison. Par for the course for the Review. Well done, or something.

[The Wales Hunter]

I just wish Wikipedia would bit the bullet and a) demand real, verified identities and b) showed IP addresses with every edit.

Simples.

[Kelly Martin]

I received an e-mail from the Arbitration Committee regarding my initial post in this thread. The e-mail expressed how the post was, "to put it lightly, causing consternation."

I've replied to the e-mail. We'll wait to see what happens next. Playing out the various scenarios in my head, I wonder if I were de-adminned for such a thing, if Mike Godwin (a hardy free speech advocate) would step in....

What, your guide to socking? There's nothing in there that isn't widely known anyway.

Then again, Wikipedia still hasn't learned the lesson of Pandora's Box; they have entire policies based on the principle that you can stuff the demon back into the box.

Everything you have in that list has already been made publicly available somewhere. So you're not revealing any actual secrets. What you're doing is putting things in a nice neat package.

Everything Daniel Brandt has on Hivemind has already been made publicly available somewhere. So he's not revealing any actual secrets. What he's doing is putting things in a nice neat package.

See the difference?

Yes, nothing in MZMcBride's article amounts to revealing personal information about private (or even semi-private, or for that matter public) individuals.

Then again, the ArbCom has always been far more concerned about its institutional perogatives than about the privacy of individuals.

In any case, in case someone decides that the "guide" is too harmful to remain here, I've put a copy up on my website.

[LessHorrid vanU]

If I wanted to run several accounts how likely is checkuser to pick me up? If I changed my IP each time I logged on how would they trap me? How long to they log IP addresses for? Do they keep a permanent record of my account creation IP? Do they record me logging on but not editing? What other info do they store and for how long? All this info is needed purely for research purposes

The technical stuff doesn't matter, really. Following the advice given will merely help. If you want to run several accounts just to see if it is possible then you will likely succeed. If you want to run several accounts to have an interest promoted or demoted you will likely eventually fail, as the patterns will start to match up unless you are supremely disciplined, very lucky and have someone on the inside watching your back. If you want to run several accounts to show how clever you are, you will quickly fail - because what is cleverness without recognition?

[Lar]

I received an e-mail from the Arbitration Committee regarding my initial post in this thread. The e-mail expressed how the post was, "to put it lightly, causing consternation."

I've replied to the e-mail. We'll wait to see what happens next. Playing out the various scenarios in my head, I wonder if I were de-adminned for such a thing, if Mike Godwin (a hardy free speech advocate) would step in....

Everything you have in that list has already been made publicly available somewhere. So you're not revealing any actual secrets. What you're doing is putting things in a nice neat package.

Everything Daniel Brandt has on Hivemind has already been made publicly available somewhere. So he's not revealing any actual secrets. What he's doing is putting things in a nice neat package.

See the difference?

That's a fairly scurrilous comparison. Par for the course for the Review. Well done, or something.

It wasn't intended to be scurrilous.

Just to highlight that security through obscurity doesn't work... and that while I'm happy to help try to put things (like people's identities once they decide the want not to be linked any more) back in boxes, that often doesn't work either... and finally to show that it's easy enough to make knee jerk comparisions but evaluating what really matters isn't easy at all.