Printable Version of Topic
Click here to view this topic in its original format
_ General Discussion _ Effectiveness of checkuser
Posted by: Peter Damian
I'm working on a document that is a detailed and point by point comment on WMUK's submission to the charity commission, July and September 2011. Note this is not public yet, as 'dogbiscuit' got access to a copy privately via FOI. The document (which I strongly believe was written by our friend 'Fae') contains many misleading or downright inaccurate claims.
Section 13.3.8 of the submission says ""There is also “CheckUser†software that enables a small number of selected and vetted volunteers to establish, in many cases, whether two editors are from the same ISP, and often where that ISP is located. This information is mostly used to detect blocked editors who try to return under a different account name. "
My experience of checkuser is that it is almost completely ineffective as a control over determined, intelligent users, and that evaders are usually caught out by stupidity or carelessness, rather than by the software itself. Examples are the easily availability of dynamic IPs (such as my own service provider, who kindly change my IP daily), the availability of 'hot spots' (public wifi networks), internet cafes, use of proxies.
Any other ideas to contribute to this section? I would be particularly interested in narratives or stories from experienced evaders.
As always, my email is edward at logicmuseum.com.
Posted by: thekohser
It sounds like you've about got it covered, honestly.
You might want to add that CheckUser produces many false positives (when a dynamic IP happens to get assigned to another customer of your same ISP, or when a public wi-fi node is used by different Wikipedians). And (in WP's defense), the CheckUser also produces "user agent info" that can help to very clearly confirm that the same computer hardware is being used by multiple accounts.
Posted by: Peter Damian
QUOTE(thekohser @ Sat 31st December 2011, 3:44pm) 
It sounds like you've about got it covered, honestly.
You might want to add that CheckUser produces many false positives (when a dynamic IP happens to get assigned to another customer of your same ISP, or when a public wi-fi node is used by different Wikipedians). And (in WP's defense), the CheckUser also produces "user agent info" that can help to very clearly confirm that the same computer hardware is being used by multiple accounts.
Thanks ! I've also mentioned that the user agent info (as far as I know) is a javascript add-on that is easily disabled. Anyone know about this?
I also need to add that dynamic IPs can sometimes be disabled using 'range blocks', but that this means thousands or tens of thousands of other users are also prevented from using Wikipedia effectively.
Posted by: melloden
QUOTE(Peter Damian @ Sat 31st December 2011, 3:49pm)
QUOTE(thekohser @ Sat 31st December 2011, 3:44pm)
It sounds like you've about got it covered, honestly.
You might want to add that CheckUser produces many false positives (when a dynamic IP happens to get assigned to another customer of your same ISP, or when a public wi-fi node is used by different Wikipedians). And (in WP's defense), the CheckUser also produces "user agent info" that can help to very clearly confirm that the same computer hardware is being used by multiple accounts.
Thanks ! I've also mentioned that the user agent info (as far as I know) is a javascript add-on that is easily disabled. Anyone know about this?
I also need to add that dynamic IPs can sometimes be disabled using 'range blocks', but that this means thousands or tens of thousands of other users are also prevented from using Wikipedia effectively.
I believe there is a Firefox add-on called https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/. I haven't tested whether it can fool checkuser, but I will do that sometime. Also, I think the Google Toolbar can affect the user agent.
Peter, have you ever played around with the checkuser interface? It's not very exciting, but it'll tell you everything you need to know about it.
Posted by: Peter Damian
QUOTE(melloden @ Sat 31st December 2011, 4:08pm)
QUOTE(Peter Damian @ Sat 31st December 2011, 3:49pm)
QUOTE(thekohser @ Sat 31st December 2011, 3:44pm)
It sounds like you've about got it covered, honestly.
You might want to add that CheckUser produces many false positives (when a dynamic IP happens to get assigned to another customer of your same ISP, or when a public wi-fi node is used by different Wikipedians). And (in WP's defense), the CheckUser also produces "user agent info" that can help to very clearly confirm that the same computer hardware is being used by multiple accounts.
Thanks ! I've also mentioned that the user agent info (as far as I know) is a javascript add-on that is easily disabled. Anyone know about this?
I also need to add that dynamic IPs can sometimes be disabled using 'range blocks', but that this means thousands or tens of thousands of other users are also prevented from using Wikipedia effectively.
I believe there is a Firefox add-on called https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/. I haven't tested whether it can fool checkuser, but I will do that sometime. Also, I think the Google Toolbar can affect the user agent.
Peter, have you ever played around with the checkuser interface? It's not very exciting, but it'll tell you everything you need to know about it.
Yes please. See email address above.
Posted by: Vigilant
QUOTE(Peter Damian @ Sat 31st December 2011, 3:31pm)
I'm working on a document that is a detailed and point by point comment on WMUK's submission to the charity commission, July and September 2011. Note this is not public yet, as 'dogbiscuit' got access to a copy privately via FOI. The document (which I strongly believe was written by our friend 'Fae') contains many misleading or downright inaccurate claims.
Section 13.3.8 of the submission says ""There is also “CheckUser†software that enables a small number of selected and vetted volunteers to establish, in many cases, whether two editors are from the same ISP, and often where that ISP is located. This information is mostly used to detect blocked editors who try to return under a different account name. "
My experience of checkuser is that it is almost completely ineffective as a control over determined, intelligent users, and that evaders are usually caught out by stupidity or carelessness, rather than by the software itself. Examples are the easily availability of dynamic IPs (such as my own service provider, who kindly change my IP daily), the availability of 'hot spots' (public wifi networks), internet cafes, use of proxies.
Any other ideas to contribute to this section? I would be particularly interested in narratives or stories from experienced evaders.
As always, my email is edward at logicmuseum.com.
There are many, many devices that allow for easy IP switching. Linux based routers, tethered smart phones, 3G to wifi local hotspots. There are many classes of device that allow you to change your IP immediately. If you combine these and either use different browsers or use a plugin that allows for browser string spoofing, there is literally no way for the checkuser tools to find you.
Posted by: Peter Damian
QUOTE(Vigilant @ Sat 31st December 2011, 5:02pm)
There are many, many devices that allow for easy IP switching. Linux based routers, tethered smart phones, 3G to wifi local hotspots. There are many classes of device that allow you to change your IP immediately. If you combine these and either use different browsers or use a plugin that allows for browser string spoofing, there is literally no way for the checkuser tools to find you.
If I may quote you almost verbatim on that? It has a nice authentic ring to it (tho' I have no idea what it means).
Posted by: Kelly Martin
The way British ISPs operate makes it difficult to geolocate users within Great Britain. This is partially because many ISPs service the entire country and so their IP pools may be allocated to locations anywhere in the entire country (and even in some cases outside the country). There are also "British" ISPs whose principal Internet point of presence is outside the UK and quite a few Brits who avail themselves of German, French, and Italian ISPs, all for various reasons. Also, UK hotspots provided by someone like, e.g., Starbucks, may end up appearing to be in the United States. It's well-known that all AOL users, including AOL UK users, will appear to be in Herndon, Virginia. So while IP information will sometimes be able to tell you where someone is, it's also the case that sometimes it will not even be able to tell you what continent they're on. And figuring out which often requires advanced knowledge of how the Internet works, something that very few checkusers have.
Checkuser can and will catch naive attempts to conceal identity. It catches most such attempts only because most people who try to do this are ignorant or stupid. Against those who know how to use proxy services, cache spoofing, and browser ID spoofing, the checkuser tool is virtually useless. Fortunately, there are fairly few people in this latter category.
Years ago, I caught one such person, who was running a large sockfarm to push a particular political point of view. He used a large network of proxies located literally all over the world, but mostly in Eastern Europe and Asia. I only caught him because he made mistakes; if he had been more careful at ensuring that sock A only used IP B (and so forth) I would never have caught him.
Posted by: Vigilant
QUOTE(Peter Damian @ Sat 31st December 2011, 5:28pm)
QUOTE(Vigilant @ Sat 31st December 2011, 5:02pm)
There are many, many devices that allow for easy IP switching. Linux based routers, tethered smart phones, 3G to wifi local hotspots. There are many classes of device that allow you to change your IP immediately. If you combine these and either use different browsers or use a plugin that allows for browser string spoofing, there is literally no way for the checkuser tools to find you.
If I may quote you almost verbatim on that? It has a nice authentic ring to it (tho' I have no idea what it means).
Feel free.
To expound:
* There are many classes of device where you can force a change of your IP. Anywhere a device acquires an IP address through DHCP (typically wirelessly). A wifi hotspot at Starbucks that sees your computer come into range will assign your computer a local IP address and wikipedia will see that particular Starbucks IP address (or one of their IP addresses) as the originator. Cross the street to another Starbucks and wikipedia will see a different IP.
* With 3G/4G (cellphone carrier) <--> PC (USB/Ethernet/Wifi) the situation gets better/worse. If you're using a 3G to Wifi hotspot (http://gizmodo.com/5256825/verizon-mifi-2200-3g-portable-wi+fi-hotspot-review (first hit on google)), then every time you power cycle the 3G router, you are given a new IP address.
* If you are tethering a smart phone, then power cycling will give you a new IP address.
* Agent spoofing is trivial. Firefox has plugins, there are dozens of ways to do this.
https://www.google.com/search?q=user+agent+spoofing
* To avoid exposing yourself if you're running sockpuppets, use a VM (VirtualBox, VMWare). You can install dozens of virtual machines, each running a differnet OS/Browser combination. Make a single account per VM and check the remember me button on wikipedia.
In summation, checkuser is feeble and the people who use it and expect results are even worse. They only catch the most lazy and incompetent sockpuppeteers. Or those who don't give a shit.
Posted by: Peter Damian
QUOTE(Vigilant @ Sat 31st December 2011, 5:54pm)
QUOTE(Peter Damian @ Sat 31st December 2011, 5:28pm)
QUOTE(Vigilant @ Sat 31st December 2011, 5:02pm)
There are many, many devices that allow for easy IP switching. Linux based routers, tethered smart phones, 3G to wifi local hotspots. There are many classes of device that allow you to change your IP immediately. If you combine these and either use different browsers or use a plugin that allows for browser string spoofing, there is literally no way for the checkuser tools to find you.
If I may quote you almost verbatim on that? It has a nice authentic ring to it (tho' I have no idea what it means).
Feel free.
To expound:
* There are many classes of device where you can force a change of your IP. Anywhere a device acquires an IP address through DHCP (typically wirelessly). A wifi hotspot at Starbucks that sees your computer come into range will assign your computer a local IP address and wikipedia will see that particular Starbucks IP address (or one of their IP addresses) as the originator. Cross the street to another Starbucks and wikipedia will see a different IP.
* With 3G/4G (cellphone carrier) <--> PC (USB/Ethernet/Wifi) the situation gets better/worse. If you're using a 3G to Wifi hotspot (http://gizmodo.com/5256825/verizon-mifi-2200-3g-portable-wi+fi-hotspot-review (first hit on google)), then every time you power cycle the 3G router, you are given a new IP address.
* If you are tethering a smart phone, then power cycling will give you a new IP address.
* Agent spoofing is trivial. Firefox has plugins, there are dozens of ways to do this.
https://www.google.com/search?q=user+agent+spoofing
* To avoid exposing yourself if you're running sockpuppets, use a VM (VirtualBox, VMWare). You can install dozens of virtual machines, each running a differnet OS/Browser combination. Make a single account per VM and check the remember me button on wikipedia.
In summation, checkuser is feeble and the people who use it and expect results are even worse. They only catch the most lazy and incompetent sockpuppeteers. Or those who don't give a shit.
Thanks. There are actually two bits of information for UKCC here. One is that it is easy to evade controls. Two is that there are real people out there, actively doing it.
Posted by: Vigilant
QUOTE(Peter Damian @ Sat 31st December 2011, 6:19pm)
QUOTE(Vigilant @ Sat 31st December 2011, 5:54pm)
QUOTE(Peter Damian @ Sat 31st December 2011, 5:28pm)
QUOTE(Vigilant @ Sat 31st December 2011, 5:02pm)
There are many, many devices that allow for easy IP switching. Linux based routers, tethered smart phones, 3G to wifi local hotspots. There are many classes of device that allow you to change your IP immediately. If you combine these and either use different browsers or use a plugin that allows for browser string spoofing, there is literally no way for the checkuser tools to find you.
If I may quote you almost verbatim on that? It has a nice authentic ring to it (tho' I have no idea what it means).
Feel free.
To expound:
* There are many classes of device where you can force a change of your IP. Anywhere a device acquires an IP address through DHCP (typically wirelessly). A wifi hotspot at Starbucks that sees your computer come into range will assign your computer a local IP address and wikipedia will see that particular Starbucks IP address (or one of their IP addresses) as the originator. Cross the street to another Starbucks and wikipedia will see a different IP.
* With 3G/4G (cellphone carrier) <--> PC (USB/Ethernet/Wifi) the situation gets better/worse. If you're using a 3G to Wifi hotspot (http://gizmodo.com/5256825/verizon-mifi-2200-3g-portable-wi+fi-hotspot-review (first hit on google)), then every time you power cycle the 3G router, you are given a new IP address.
* If you are tethering a smart phone, then power cycling will give you a new IP address.
* Agent spoofing is trivial. Firefox has plugins, there are dozens of ways to do this.
https://www.google.com/search?q=user+agent+spoofing
* To avoid exposing yourself if you're running sockpuppets, use a VM (VirtualBox, VMWare). You can install dozens of virtual machines, each running a differnet OS/Browser combination. Make a single account per VM and check the remember me button on wikipedia.
In summation, checkuser is feeble and the people who use it and expect results are even worse. They only catch the most lazy and incompetent sockpuppeteers. Or those who don't give a shit.
Thanks. There are actually two bits of information for UKCC here. One is that it is easy to evade controls. Two is that there are real people out there, actively doing it.
I hope you're referring to Kelly's catch because I don't do this with wikipedia. I don't care to participate in the approved manner. I'm a mere sniper on the sidelines.
Another topic you could explore is the ease with which wikipedia could be corrupted.
Posted by: Peter Damian
QUOTE(Vigilant @ Sat 31st December 2011, 6:37pm)
I hope you're referring to Kelly's catch because I don't do this with wikipedia. I don't care to participate in the approved manner. I'm a mere sniper on the sidelines.
Another topic you could explore is the ease with which wikipedia could be corrupted.
Of course
Posted by: dogbiscuit
Don't get too excited about this. The CC will not be interested in the effectiveness of controls - that is not really their (political) problem, it is sufficient that they have enquired of them and been told that they are adequate - they have covered themselves. There would be a presumption that if they were deemed to be inadequate for the purpose then the controlling bodies will fix them over time. I very much doubt that CC would be interested in proof that a minority of malicious individuals could circumvent the controls.
So I don't think this is anything but a minor supporting argument. The real issues are about the public harm of wilfully inaccurate information (thinks, we have something where Wikipedia has taken a position on Scientology haven't we? Is it neutral or has it established an anti-Scientology position?).
Another issue was animal welfare where SlimVirgin sought to create a bias in a wide range of farming articles to show that animal farming was cruel - including deliberate blurring of the lines between factory farming and other practices to allow normal farming practices to be treated as inappropriate. I just looked and sure enough the Factory farming article is tagged. A good example of a battleground article, not tainted with sexual arguments, but potentially quite damaging as it is not a neutral overview of a controversial subject. For example, it associates BSE with factory farming, whereas it was poor feeding practice, not specifically factory farming. Quite importantly, and deliberately, misleading, scaremongering (not that I approve of factory farming). This was also an example of Verifiability not Truth as SlimVirgin used summary BBC News articles against things like the Government Inquiry which specifically concluded Factory Farming was not a factor - this was deemed to be a primary source, so could be excluded, even though it was clearly a very high quality source indeed. (Still grumpy about this after 4 years!!!).
Posted by: Peter Damian
QUOTE(dogbiscuit @ Sat 31st December 2011, 6:54pm)
Don't get too excited about this. The CC will not be interested in the effectiveness of controls - that is not really their (political) problem, it is sufficient that they have enquired of them and been told that they are adequate - they have covered themselves. There would be a presumption that if they were deemed to be inadequate for the purpose then the controlling bodies will fix them over time. I very much doubt that CC would be interested in proof that a minority of malicious individuals could circumvent the controls.
So I don't think this is anything but a minor supporting argument. The real issues are about the public harm of wilfully inaccurate information (thinks, we have something where Wikipedia has taken a position on Scientology haven't we? Is it neutral or has it established an anti-Scientology position?).
Another issue was animal welfare where SlimVirgin sought to create a bias in a wide range of farming articles to show that animal farming was cruel - including deliberate blurring of the lines between factory farming and other practices to allow normal farming practices to be treated as inappropriate. I just looked and sure enough the Factory farming article is tagged. A good example of a battleground article, not tainted with sexual arguments, but potentially quite damaging as it is not a neutral overview of a controversial subject. For example, it associates BSE with factory farming, whereas it was poor feeding practice, not specifically factory farming. Quite importantly, and deliberately, misleading, scaremongering (not that I approve of factory farming). This was also an example of Verifiability not Truth as SlimVirgin used summary BBC News articles against things like the Government Inquiry which specifically concluded Factory Farming was not a factor - this was deemed to be a primary source, so could be excluded, even though it was clearly a very high quality source indeed. (Still grumpy about this after 4 years!!!).
Oh well. I am merely playing a small part, a cog in the machine. If I can show that they misled the UKCC in the application, that is one small step.
However, I have covered many of the things you mention above, such as the overall bias, the ineffectiveness of their controls in correcting bias, etc. The document plus appendices is now 12 pages. The checkuser part is one small paragraph.
You say "it is sufficient that they have enquired of them and been told that they are adequate - they have covered themselves. " A good bureaucrat proceeds on the principle of utmost good faith. They can't check everything, indeed they can rarely check anything, and place the utmost reliance on the good faith and honesty of declarations.
Also, it is difficult to question judgments they have made on the basis of available evidence. If, by contrast, it can be shown that the available evidence was flawed, they (the bureaucrats) have a nice get out of jail card.
Let's see.
Posted by: Kelly Martin
Indeed, I would argue that checkuser is actually overused and misused more often than not. In fact, its main use (other than to identify and interdict serial vandals, a purpose that really cannot be argued as anything other than legitimate) is to identify and punish those who attempt to game its internal political system. This is of no concern to the UKCC; the UKCC is not particularly interested in, nor charged with resolving, internal political disputes within the charities it regulates. Only when such disputes are so endemically severe that they threaten the ability of the charity to effectively self-regulate does the UKCC have an interest.
Posted by: gomi
There have been many, many discussions here on WR about checkuser over the years. Here are a few of them:
http://wikipediareview.com/index.php?showtopic=28012
http://wikipediareview.com/index.php?showtopic=28078
http://wikipediareview.com/index.php?showtopic=20347
http://wikipediareview.com/index.php?showtopic=18636
http://wikipediareview.com/index.php?showtopic=15110
http://wikipediareview.com/index.php?showtopic=14576
Posted by: Peter Damian
QUOTE(Kelly Martin @ Sat 31st December 2011, 7:16pm)
This is of no concern to the UKCC;
Yes it is. Section 13.3.8 of the WMUK submission claimed it was an effective control, replying to concerns from UKCC about 'scope for abuse'. Therefore it is a concern for the UKCC. Obviously they couldn't care less about what it actually is. Trust me.
Posted by: Vigilant
QUOTE(Peter Damian @ Sat 31st December 2011, 7:22pm)
QUOTE(Kelly Martin @ Sat 31st December 2011, 7:16pm)
This is of no concern to the UKCC;
Yes it is. Section 13.3.8 of the WMUK submission claimed it was an effective control, replying to concerns from UKCC about 'scope for abuse'. Therefore it is a concern for the UKCC. Obviously they couldn't care less about what it actually is. Trust me.
It would be trivial to outline a scenario that would allow for rampant abuse (of whatever flavor) on wikipedia.
It would also be trivial to show that there exist safeguards that would completely prevent the abuse that are not being used by wikipedia.
It's very clear that they like things the way they are even when vastly better alternatives exist.
Posted by: melloden
QUOTE(Peter Damian @ Sat 31st December 2011, 4:28pm)
QUOTE(melloden @ Sat 31st December 2011, 4:08pm)
QUOTE(Peter Damian @ Sat 31st December 2011, 3:49pm)
QUOTE(thekohser @ Sat 31st December 2011, 3:44pm)
It sounds like you've about got it covered, honestly.
You might want to add that CheckUser produces many false positives (when a dynamic IP happens to get assigned to another customer of your same ISP, or when a public wi-fi node is used by different Wikipedians). And (in WP's defense), the CheckUser also produces "user agent info" that can help to very clearly confirm that the same computer hardware is being used by multiple accounts.
Thanks ! I've also mentioned that the user agent info (as far as I know) is a javascript add-on that is easily disabled. Anyone know about this?
I also need to add that dynamic IPs can sometimes be disabled using 'range blocks', but that this means thousands or tens of thousands of other users are also prevented from using Wikipedia effectively.
I believe there is a Firefox add-on called https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/. I haven't tested whether it can fool checkuser, but I will do that sometime. Also, I think the Google Toolbar can affect the user agent.
Peter, have you ever played around with the checkuser interface? It's not very exciting, but it'll tell you everything you need to know about it.
Yes please. See email address above.
Yes please what?
Posted by: EricBarbour
Don't forget the time Arbcom yanked away David Gerard's checkuser/oversight powers.
The original discussion on the Arbcom noticeboard was http://en.wikipedia.org/wiki/Wikipedia:Arbitration_Committee/Noticeboard/Archive_5#David_Gerard:_statement_by_ArbCom, because
Gerard claimed it was "potentially libelous", and managed to talk one of his buddies into
making it disappear.
Which resulted in http://en.wikipedia.org/wiki/Wikipedia_talk:Arbitration_Committee/Noticeboard/Archive_9#David_Gerard:_statement_by_ArbCom. Complete with Mike Godwin bitching certain people out.
QUOTE
David demanded a full retraction and apology, or oversight, and he demanded it in a hurry because Cade Metz was sniffing around. Arbcom doesn't do hurry under the best of circumstances, and here there were significant disagreements about whether or not a retraction was even deserved, much less how to word it. So the comments were oversighted instead. Thatcher 20:55, 2 December 2009 (UTC)
Gerard and Aussie political blogger Andrew Landeryou had apparently hated each other for years. But the "fun" was triggered by http://davidgerard.co.uk/notes/2009/11/27/andrew-landeryou-appears-to-be-a-waste-of-skin/.
http://wikipediareview.com/index.php?showtopic=27610. Note that virtually all the Wikipedia traces of this situation have been oversighted by now.
Gerard, like Jayjg and Durova before, was quite happy to abuse checkuser.
If you ever need a good example of Wikipedia being used to defame, try Andrew Landeryou (T-H-L-K-D).
Looking for evidence of David Gerard socking? Try the history of that article.
Stupidity and incompetence, that's what Arbcom is all about. And checkuser is just completely useless.
Posted by: SB_Johnny
QUOTE(Kelly Martin @ Sat 31st December 2011, 2:16pm)
Indeed, I would argue that checkuser is actually overused and misused more often than not. In fact, its main use (other than to identify and interdict serial vandals, a purpose that really cannot be argued as anything other than legitimate) is to identify and punish those who attempt to game its internal political system. This is of no concern to the UKCC; the UKCC is not particularly interested in, nor charged with resolving, internal political disputes within the charities it regulates. Only when such disputes are so endemically severe that they threaten the ability of the charity to effectively self-regulate does the UKCC have an interest.
Yup. I was a CU on 3 projects (a bit after Kelly's time), and this is right on the money, more or less. Aside from the WP CUs (who use it politically), most of the "other project" CUs are just trying to be helpful and chase down the grawpy types. Poet-horde-dude being the obvious exception, of course.
Posted by: Fusion
QUOTE(thekohser @ Sat 31st December 2011, 3:44pm)
It sounds like you've about got it covered, honestly.
You might want to add that CheckUser produces many false positives (when a dynamic IP happens to get assigned to another customer of your same ISP, or when a public wi-fi node is used by different Wikipedians). And (in WP's defense), the CheckUser also produces "user agent info" that can help to very clearly confirm that the same computer hardware is being used by multiple accounts.
And Checkusers may claim a match when the IPs are not identical but merely close. User agents are not extremely useful. They are identical on my office and home PC when both are using Chrome though not other browsers.
QUOTE(melloden @ Sat 31st December 2011, 4:08pm)
Also, I think the Google Toolbar can affect the user agent.
Yes all toolbars affect the useragent. Even bigger differences are caused byvarying between IE, Firefox and Chrome on the same machine, and probably other browsers too.
Posted by: SB_Johnny
QUOTE(Fusion @ Sat 31st December 2011, 5:29pm)
And Checkusers may claim a match when the IPs are not identical but merely close. User agents are not extremely useful. They are identical on my office and home PC when both are using Chrome though not other browsers.
The checkuser extension to the software is publicly explained, so there's really no need to make bad guesses and look like a fool. Just saying.
Posted by: Vigilant
QUOTE(SB_Johnny @ Sat 31st December 2011, 10:56pm)
QUOTE(Fusion @ Sat 31st December 2011, 5:29pm)
And Checkusers may claim a match when the IPs are not identical but merely close. User agents are not extremely useful. They are identical on my office and home PC when both are using Chrome though not other browsers.
The checkuser extension to the software is publicly explained, so there's really no need to make bad guesses and look like a fool. Just saying.
That being said, I'd guess that the biggest impediment to effective user ID is a lack of understanding about how TCP/IP and related protocol stacks actually work.
Posted by: lilburne
QUOTE(Peter Damian @ Sat 31st December 2011, 7:22pm)
QUOTE(Kelly Martin @ Sat 31st December 2011, 7:16pm)
This is of no concern to the UKCC;
Yes it is. Section 13.3.8 of the WMUK submission claimed it was an effective control, replying to concerns from UKCC about 'scope for abuse'. Therefore it is a concern for the UKCC. Obviously they couldn't care less about what it actually is. Trust me.
In what context were the CC using the term "abuse"?
Posted by: No one of consequence
QUOTE(Kelly Martin @ Sat 31st December 2011, 5:45pm)
Checkuser can and will catch naive attempts to conceal identity. It catches most such attempts only because most people who try to do this are ignorant or stupid. Against those who know how to use proxy services, cache spoofing, and browser ID spoofing, the checkuser tool is virtually useless. Fortunately, there are fairly few people in this latter category.
+1
Posted by: No one of consequence
QUOTE(SB_Johnny @ Sat 31st December 2011, 10:23pm)
Aside from the WP CUs (who use it politically), most of the "other project" CUs are just trying to be helpful and chase down the grawpy types. Poet-horde-dude being the obvious exception, of course.
For what it's worth, when I was active, I only found 2 (or maybe three) cases of WP checkusers using it "politically" and I came down pretty hard on both of them. One is no longer a CU, and I don't care enough any more to check the other one. (This was one of the things I was specifically concerned about when I wrote the essay that led to the audit committee. Of course, after two years, I expect the audit committee, if it even still exists, is as bogged down and useless as the rest of the bureaucracy.)
Posted by: Kelly Martin
I think the main point to take away from this thread, apropos Peter's original question, is that checkuser is not really a tool that is all that useful in ensuring the quality of Wikipedia's articles. Its main purpose is in the interdiction of low-level vandalism. Given this, I think it's interesting that the WMUK cited it as an important part of the tools used to ensure the quality of articles.
The only way that checkuser can be used in defense of biographies of living people is, perhaps, as an investigatory tool toward the goal of identifying the real-life identity of editors for the purpose of identifying editors with conflicts of interest. But it is my understanding that such use is generally prohibited by policy, so WMUK's assertion that it can be, and is, used for that purpose is also interesting.
Posted by: TungstenCarbide
QUOTE(No one of consequence @ Sun 1st January 2012, 8:07pm)
QUOTE(SB_Johnny @ Sat 31st December 2011, 10:23pm)
Aside from the WP CUs (who use it politically), most of the "other project" CUs are just trying to be helpful and chase down the grawpy types. Poet-horde-dude being the obvious exception, of course.
For what it's worth, when I was active, I only found 2 (or maybe three) cases of WP checkusers using it "politically" and I came down pretty hard on both of them. One is no longer a CU, and I don't care enough any more to check the other one. (This was one of the things I was specifically concerned about when I wrote the essay that led to the audit committee. Of course, after two years, I expect the audit committee, if it even still exists, is as bogged down and useless as the rest of the bureaucracy.)
Does checkuser compare password hashes? (i'm assuming it does)
Here are the current checkusers; http://en.wikipedia.org/wiki/Special:ListUsers/checkuser
Jclemens and Versageek don't have a creation date for their account in this listing. wonder what's wrong with the database.
Most checkusers don't create content, they just engage in mmorpg.
QUOTE(No one of consequence @ Sun 1st January 2012, 8:07pm)
For what it's worth, when I was active, I only found 2 (or maybe three) cases of WP checkusers using it "politically" and I came down pretty hard on both of them.
When checkuser is run on an established editor, that editor should get a banner, like the yellow talk page message. That would eliminate spurious uses, since the checkuser knows they'd have to answer for themselves.
Posted by: Kelly Martin
QUOTE(TungstenCarbide @ Sun 1st January 2012, 2:31pm)
Does checkuser compare password hashes? (i'm assuming it does)
No, that requires database access.QUOTE(TungstenCarbide @ Sun 1st January 2012, 2:31pm)
Jclemens and Versageek don't have a creation date for their account in this listing. wonder what's wrong with the database.
That means their accounts were created before the modification that added creation date data to user records. Sometime in late 2004, if I recall correctly, although some accounts created after that date also lack creation dates, for reasons that I'm not clear about. In some cases, the creation date shown is actually the time of the account's first edit, not the time the account was actually created.
Posted by: EricBarbour
QUOTE(Kelly Martin @ Sun 1st January 2012, 12:43pm)
QUOTE(TungstenCarbide @ Sun 1st January 2012, 2:31pm)
Jclemens and Versageek don't have a creation date for their account in this listing. wonder what's wrong with the database.
That means their accounts were created before the modification that added creation date data to user records. Sometime in late 2004, if I recall correctly, although some accounts created after that date also lack creation dates, for reasons that I'm not clear about. That is correct. All of the Wikimedia projects have errors and omissions in the admin databases,
some of them big enough to drive a truck through.
Last night I discovered that Pathoschild, that pimply little "man", has been an admin on English Wiktionary
since 2005, but isn't listed anywhere as such. They have two lists of admins, and he's not on either one.
What does he do on Wiktionary? Nothing. He claimed he needed admin power to run his "proxy blocking
project", whatever that is.
Posted by: TungstenCarbide
QUOTE(Kelly Martin @ Sun 1st January 2012, 8:43pm)
QUOTE(TungstenCarbide @ Sun 1st January 2012, 2:31pm)
Does checkuser compare password hashes? (i'm assuming it does)
No, that requires database access.I've enjoyed probing cu's capability on occasion. In several cases the only 'technical' similarity between the accounts was the password, everything else was different - computer, browser, isp or tor, location ... but the checkuser report matched the accounts with a 'likely, based on technical evidence'. I'm starting to suspect they lied. The accounts were obviously the same user, based on behavior, I made sure it was obvious.
Interestingly, the list of my "suspected" sockpuppets is more accurate than the list of "confirmed" sockpuppets, with one error vs. two.
Posted by: TheKartingWikipedian
QUOTE(TungstenCarbide @ Sun 1st January 2012, 9:04pm)
QUOTE(Kelly Martin @ Sun 1st January 2012, 8:43pm)
QUOTE(TungstenCarbide @ Sun 1st January 2012, 2:31pm)
Does checkuser compare password hashes? (i'm assuming it does)
No, that requires database access.I've enjoyed probing cu's capability on occasion. In several cases the only 'technical' similarity between the accounts was the password, everything else was different - computer, browser, isp or tor, location ... but the checkuser report matched the accounts with a 'likely, based on technical evidence'. I'm starting to suspect they lied. The accounts were obviously the same user, based on behavior, I made sure it was obvious.
Interestingly, the list of my "suspected" sockpuppets is more accurate than the list of "confirmed" sockpuppets, with one error vs. two.
Yes, interesting. I always considered that if they got down to checking passwords all my 20 or so active socks would be immediately linked and confirmed. So it requires database access - well haven't they, or someone they know, got that?
The fact is, passwords are considered sacrosanct by just about everyone, so if they start using them to determine socks - evne if they don't see the actual password - they will be plumbing new depths of depravity.
Posted by: TungstenCarbide
QUOTE(TheKartingWikipedian @ Sun 1st January 2012, 9:57pm)
The fact is, passwords are considered sacrosanct by just about everyone, so if they start using them to determine socks - evne if they don't see the actual password - they will be plumbing new depths of depravity.
meh, checkuser is already serving up your personal identifying information to some idiot. Declaring password checks off limits for some moral/privacy reason is disingenuous - Is it just for technical reasons that cu doesn't use the main database? Passwords are probably stored as hashes and cu could just show a 'match' or 'no match'.
Does cu analyze walk-throughs from the logs? That might be kinda interesting.
Posted by: Kelly Martin
QUOTE(TheKartingWikipedian @ Sun 1st January 2012, 3:57pm)
Yes, interesting. I always considered that if they got down to checking passwords all my 20 or so active socks would be immediately linked and confirmed. So it requires database access - well haven't they, or someone they know, got that?
Not with the current version of Mediawiki. Password hashes are salted (and have been for quite some time), so the same password will have many possible different hashes because of the differing salts used.Posted by: TungstenCarbide
QUOTE(TungstenCarbide @ Sun 1st January 2012, 9:04pm)
Interestingly, the list of my "suspected" sockpuppets is more accurate than the list of "confirmed" sockpuppets, with one error vs. two.
Considering that most of my accounts have "TungstenCarbide" in the name, and that I generally take no measures to mask my identity from cu (unless probing cu's capabilities), it's surprising the number of mistakes made. Wikipedia's sockpuppet identification machinery isn't very good. False positives probably drive away a lot of new editors who feel like they've been slapped in the face.
Posted by: Fusion
QUOTE(SB_Johnny @ Sat 31st December 2011, 10:56pm)
QUOTE(Fusion @ Sat 31st December 2011, 5:29pm)
And Checkusers may claim a match when the IPs are not identical but merely close. User agents are not extremely useful. They are identical on my office and home PC when both are using Chrome though not other browsers.
The checkuser extension to the software is publicly explained, so there's really no need to make bad guesses and look like a fool. Just saying.
Possibly there is some misunderstanding here. I have said that my English is still a little imperfect so maybe I say what I do not mean sometimes. What I meant was:
* A Checkuser (i.e. a person) runs a Checkuser (a Wiki function).
* He finds two users, one with IP say 73.167.89.245, the other 73.167.90.43 - close but not identical.
* Nevertheless he says, "Aha, a match!"
* Yet if these people are on stable IPs this does not prove a match; on the contrary it disproves it.
* If they are on dynamic IPs it may indicate a match but is far from conclusive.
Or were you querying my statement about user agents? Does Checkuser (Wiki function) show anything different from http://whatsmyuseragent.com/ Because with that site it is a fact that the strings are the same with Chrome.
QUOTE(TungstenCarbide @ Sun 1st January 2012, 9:04pm)
I've enjoyed probing cu's capability on occasion. In several cases the only 'technical' similarity between the accounts was the password, everything else was different - computer, browser, isp or tor, location ... but the checkuser report matched the accounts with a 'likely, based on technical evidence'. I'm starting to suspect they lied. The accounts were obviously the same user, based on behavior, I made sure it was obvious.
So maybe "technical evidence" doesn't necessarily mean IP match? Maybe it can mean "shares a POV I don't like"?
Posted by: TungstenCarbide
QUOTE(Kelly Martin @ Sun 1st January 2012, 10:24pm)
QUOTE(TheKartingWikipedian @ Sun 1st January 2012, 3:57pm)
Yes, interesting. I always considered that if they got down to checking passwords all my 20 or so active socks would be immediately linked and confirmed. So it requires database access - well haven't they, or someone they know, got that?
Not with the current version of Mediawiki. Password hashes are salted (and have been for quite some time), so the same password will have many possible different hashes because of the differing salts used.so what's this (I'm not a programmer);
http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/CheckUser/CheckUser.php?r1=39334&r2=39333&pathrev=39334
Posted by: Kelly Martin
QUOTE(TungstenCarbide @ Sun 1st January 2012, 5:41pm)
so what's this (I'm not a programmer);
http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/CheckUser/CheckUser.php?r1=39334&r2=39333&pathrev=39334
Tracks use of the email user and email temporary password functions.http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/CheckUser/CheckUser.php?r1=39334&r2=39333&pathrev=39334
Posted by: SB_Johnny
QUOTE(Fusion @ Sun 1st January 2012, 6:24pm)
QUOTE(SB_Johnny @ Sat 31st December 2011, 10:56pm)
QUOTE(Fusion @ Sat 31st December 2011, 5:29pm)
And Checkusers may claim a match when the IPs are not identical but merely close. User agents are not extremely useful. They are identical on my office and home PC when both are using Chrome though not other browsers.
The checkuser extension to the software is publicly explained, so there's really no need to make bad guesses and look like a fool. Just saying.
Possibly there is some misunderstanding here. I have said that my English is still a little imperfect so maybe I say what I do not mean sometimes. What I meant was:
* A Checkuser (i.e. a person) runs a Checkuser (a Wiki function).
* He finds two users, one with IP say 73.167.89.245, the other 73.167.90.43 - close but not identical.
* Nevertheless he says, "Aha, a match!"
* Yet if these people are on stable IPs this does not prove a match; on the contrary it disproves it.
* If they are on dynamic IPs it may indicate a match but is far from conclusive.
Or were you querying my statement about user agents? Does Checkuser (Wiki function) show anything different from http://whatsmyuseragent.com/ Because with that site it is a fact that the strings are the same with Chrome.
In plain English: CU shows you the IP, the browser, and the operating system of the computer used to make a particular edit. It also shows the xff if xff is involved. That's all.
Reasonably intelligent CUs wouldn't see a match in the /16 range as proof of anything, without very strong "behavioral" evidence to back it up (and even then, they would probably look into whether the range is dynamic, whether there are clearly unrelated edits coming from the range, etc.).
QUOTE(Fusion @ Sun 1st January 2012, 6:24pm)
QUOTE(TungstenCarbide @ Sun 1st January 2012, 9:04pm)
I've enjoyed probing cu's capability on occasion. In several cases the only 'technical' similarity between the accounts was the password, everything else was different - computer, browser, isp or tor, location ... but the checkuser report matched the accounts with a 'likely, based on technical evidence'. I'm starting to suspect they lied. The accounts were obviously the same user, based on behavior, I made sure it was obvious.
So maybe "technical evidence" doesn't necessarily mean IP match? Maybe it can mean "shares a POV I don't like"?
I suppose that's possible on WP (since their CUs are appointed by the notoriously political ARBCOM, IOW Jimmy's favorite ass-kissers), but on the other projects they're elected according to how much they can be trusted. Sounds good and works fairly well, but again there's the Poetguy thing which shows a major weakness there.
Posted by: gomi
QUOTE(SB_Johnny @ Sun 1st January 2012, 4:08pm)
Reasonably intelligent CUs ...
QUOTE(SB_Johnny @ Sun 1st January 2012, 4:08pm)
... wouldn't see an [IP] match ... as proof of anything, without very strong "behavioral" evidence to back it up ...
There is an unfortunate corollary of this, which is often overlooked. If a (over) zealous Checkuser finds "behavioural" evidence -- which is generally whatever they want it to be -- then they see IP matches where ever they want to see them. I have irrefutable evidence of this, not that it makes a whit of difference.
Checkuser is, in fact, the "magic fairy dust" its proponents claim it not to be, with one exception, the fairy dust of checkuser insulates the zealous admin from any argument about the behavioural evidence.
QUOTE(SB_Johnny @ Sun 1st January 2012, 4:08pm)
QUOTE(Fusion @ Sun 1st January 2012, 6:24pm)
QUOTE(TungstenCarbide @ Sun 1st January 2012, 9:04pm)
I've enjoyed probing cu's capability ... the only 'technical' similarity between the accounts was the password, everything else was different - computer, browser, isp or tor, location ... but the checkuser report matched the accounts with a 'likely, based on technical evidence'. I'm starting to suspect they lied. The accounts were obviously the same user, based on behavior, I made sure it was obvious.
So maybe "technical evidence" doesn't necessarily mean IP match? Maybe it can mean "shares a POV I don't like"?WP is pretty much the only place it matters, no?
Posted by: SB_Johnny
QUOTE(gomi @ Sun 1st January 2012, 7:29pm)
QUOTE(SB_Johnny @ Sun 1st January 2012, 4:08pm)
Reasonably intelligent CUs ...
QUOTE(SB_Johnny @ Sun 1st January 2012, 4:08pm)
... wouldn't see an [IP] match ... as proof of anything, without very strong "behavioral" evidence to back it up ...
There is an unfortunate corollary of this, which is often overlooked. If a (over) zealous Checkuser finds "behavioural" evidence -- which is generally whatever they want it to be -- then they see IP matches where ever they want to see them. I have irrefutable evidence of this, not that it makes a whit of difference.
QUOTE(gomi @ Sun 1st January 2012, 7:29pm)
QUOTE(SB_Johnny @ Sun 1st January 2012, 4:08pm)
QUOTE(Fusion @ Sun 1st January 2012, 6:24pm)
QUOTE(TungstenCarbide @ Sun 1st January 2012, 9:04pm)
I've enjoyed probing cu's capability ... the only 'technical' similarity between the accounts was the password, everything else was different - computer, browser, isp or tor, location ... but the checkuser report matched the accounts with a 'likely, based on technical evidence'. I'm starting to suspect they lied. The accounts were obviously the same user, based on behavior, I made sure it was obvious.
So maybe "technical evidence" doesn't necessarily mean IP match? Maybe it can mean "shares a POV I don't like"?WP is pretty much the only place it matters, no?
It depends on whether we're talking about the theoretical effectiveness of CU or the actual effectiveness of CU on WP in particular. Smart and conscientious CUs don't bother using the tool in obvious cases, and use it to see if a theory can be disproved in the non-obvious cases. Even WP has at least one good one (our friend Allison, of course), but I know of one in particular that really is political-minded.
Anyway, hasn't the Review's scope extended to all of WMF's "projects" of late? Comparing and contrasting the non-WP CUs vs. the JimmyCOM CUs is actually informative if you know what you're looking for.
Posted by: EricBarbour
You guys need an example of checkuser crap? What about http://wikipediareview.com/index.php?showtopic=29733?
Even after all that, he's STILL a Wikinews administrator and bureaucrat, even after they pulled his CU power on Wikinews after a major embarrassment. And yes, he's on that stupid GLAM project--along with Ashley Van Haeften.
Mafia. No other word fits.
Posted by: melloden
QUOTE(EricBarbour @ Mon 2nd January 2012, 1:47am)
You guys need an example of checkuser crap? What about http://wikipediareview.com/index.php?showtopic=29733?
Even after all that, he's STILL a Wikinews administrator and bureaucrat, even after they pulled his CU power on Wikinews after a major embarrassment. And yes, he's on that stupid GLAM project--along with Ashley Van Haeften.
Mafia. No other word fits.
Wikinews is more of a mafia than Wikipedia. Anyone who criticized McNeil over the last scandal has now left, have you noticed?
Posted by: Kelly Martin
QUOTE(melloden @ Sun 1st January 2012, 8:56pm)
Wikinews is more of a mafia than Wikipedia. Anyone who criticized McNeil over the last scandal has now left, have you noticed?
Many, perhaps most, of the smaller projects are essentially personal dictatorships, effectively run by one individual or a small clique of individuals who ruthlessly smash all dissent. We never hear about it though because most of these projects are in languages other than English, and in any case are so small as to be irrelevant.I've heard recurring tales of repeated purges on the Serbian Wikipedia, in which editors whose viewpoints are not welcomed by the controlling clique are systematically banned. Editing contrary the house POV there is an instant permanent ban. The Hebrew Wikipedia is hopelessly biased in its coverage of Israel and all matters related to Islam (surprise, that) and has been known to enforce opinion orthodoxy on its editors as well. One Eastern European wiki was split into two parts, purportedly over orthographic and character set differences but in reality over politics (the orthographic division is very much an aspect of the political disagreement). There are doubtlessly more such stories out there, but they're largely untold simply because nobody cares about these small projects that much.
Posted by: Vigilant
QUOTE(Kelly Martin @ Mon 2nd January 2012, 3:48am)
QUOTE(melloden @ Sun 1st January 2012, 8:56pm)
Wikinews is more of a mafia than Wikipedia. Anyone who criticized McNeil over the last scandal has now left, have you noticed?
Many, perhaps most, of the smaller projects are essentially personal dictatorships, effectively run by one individual or a small clique of individuals who ruthlessly smash all dissent. We never hear about it though because most of these projects are in languages other than English, and in any case are so small as to be irrelevant.I've heard recurring tales of repeated purges on the Serbian Wikipedia, in which editors whose viewpoints are not welcomed by the controlling clique are systematically banned. Editing contrary the house POV there is an instant permanent ban. The Hebrew Wikipedia is hopelessly biased in its coverage of Israel and all matters related to Islam (surprise, that) and has been known to enforce opinion orthodoxy on its editors as well. One Eastern European wiki was split into two parts, purportedly over orthographic and character set differences but in reality over politics (the orthographic division is very much an aspect of the political disagreement). There are doubtlessly more such stories out there, but they're largely untold simply because nobody cares about these small projects that much.
What control/responsibility does the WMF have to these small wikis?
Posted by: Kelly Martin
QUOTE(Vigilant @ Sun 1st January 2012, 10:20pm)
What control/responsibility does the WMF have to these small wikis?
Presumably the same it does to the large ones. Since nobody can agree as to what that is, either, it's hard to say.Posted by: EricBarbour
QUOTE(Kelly Martin @ Sun 1st January 2012, 7:48pm)
There are doubtlessly more such stories out there, but they're largely untold simply because nobody cares about these small projects that much.
You got it. As far as I can tell, most of the language Wikipedias, nearly all of the Wiktionaries, and probably Wikisource are basically moribund.
Wikiversity is mostly a place for guys like Abd to argue about "governance"--they're still writing some content, but dunno about the quality of it.
And yet, the WMF keeps waving them around as if they "mattered" or somesuch.
And Wikinews?....all you can do is laugh at them.....it's genuinely disturbing that Google News still occasionally carries a Wikinews story, since no one ever reads them.....
(Here's another item to mull over: the Japanese Wiktionary supposedly died in 2005--because it was
controlled by two people, and they could never agree on anything. But that's not what they say
http://meta.wikimedia.org/wiki/Why_Japanese_Wiktionary_was_closed. It's the "vandals", they claimed at the time. Yeah right.)
Posted by: melloden
QUOTE(Kelly Martin @ Mon 2nd January 2012, 3:48am)
There are doubtlessly more such stories out there, but they're largely untold simply because nobody cares about these small projects that much.
Sounds like a job for Gregory Kohs.
Posted by: Fusion
QUOTE(SB_Johnny @ Mon 2nd January 2012, 12:08am)
on the other projects they're elected according to how much they can be trusted. Sounds good and works fairly well
http://toolserver.org/~quentinv57/sulinfo/Cirt I rest my case.