Effectiveness of checkuser Options

[SB_Johnny]

Indeed, I would argue that checkuser is actually overused and misused more often than not. In fact, its main use (other than to identify and interdict serial vandals, a purpose that really cannot be argued as anything other than legitimate) is to identify and punish those who attempt to game its internal political system. This is of no concern to the UKCC; the UKCC is not particularly interested in, nor charged with resolving, internal political disputes within the charities it regulates. Only when such disputes are so endemically severe that they threaten the ability of the charity to effectively self-regulate does the UKCC have an interest.

Yup. I was a CU on 3 projects (a bit after Kelly's time), and this is right on the money, more or less. Aside from the WP CUs (who use it politically), most of the "other project" CUs are just trying to be helpful and chase down the grawpy types. Poet-horde-dude being the obvious exception, of course.

[Fusion]

It sounds like you've about got it covered, honestly.

You might want to add that CheckUser produces many false positives (when a dynamic IP happens to get assigned to another customer of your same ISP, or when a public wi-fi node is used by different Wikipedians). And (in WP's defense), the CheckUser also produces "user agent info" that can help to very clearly confirm that the same computer hardware is being used by multiple accounts.

And Checkusers may claim a match when the IPs are not identical but merely close. User agents are not extremely useful. They are identical on my office and home PC when both are using Chrome though not other browsers.

Also, I think the Google Toolbar can affect the user agent.

Yes all toolbars affect the useragent. Even bigger differences are caused byvarying between IE, Firefox and Chrome on the same machine, and probably other browsers too.

[SB_Johnny]

And Checkusers may claim a match when the IPs are not identical but merely close. User agents are not extremely useful. They are identical on my office and home PC when both are using Chrome though not other browsers.

The checkuser extension to the software is publicly explained, so there's really no need to make bad guesses and look like a fool. Just saying.

[Vigilant]

And Checkusers may claim a match when the IPs are not identical but merely close. User agents are not extremely useful. They are identical on my office and home PC when both are using Chrome though not other browsers.

The checkuser extension to the software is publicly explained, so there's really no need to make bad guesses and look like a fool. Just saying.

That being said, I'd guess that the biggest impediment to effective user ID is a lack of understanding about how TCP/IP and related protocol stacks actually work.

[lilburne]

This is of no concern to the UKCC;

Yes it is. Section 13.3.8 of the WMUK submission claimed it was an effective control, replying to concerns from UKCC about 'scope for abuse'. Therefore it is a concern for the UKCC. Obviously they couldn't care less about what it actually is. Trust me.

In what context were the CC using the term "abuse"?

[No one of consequence]

Checkuser can and will catch naive attempts to conceal identity. It catches most such attempts only because most people who try to do this are ignorant or stupid. Against those who know how to use proxy services, cache spoofing, and browser ID spoofing, the checkuser tool is virtually useless. Fortunately, there are fairly few people in this latter category.

+1

[No one of consequence]

Aside from the WP CUs (who use it politically), most of the "other project" CUs are just trying to be helpful and chase down the grawpy types. Poet-horde-dude being the obvious exception, of course.

For what it's worth, when I was active, I only found 2 (or maybe three) cases of WP checkusers using it "politically" and I came down pretty hard on both of them. One is no longer a CU, and I don't care enough any more to check the other one. (This was one of the things I was specifically concerned about when I wrote the essay that led to the audit committee. Of course, after two years, I expect the audit committee, if it even still exists, is as bogged down and useless as the rest of the bureaucracy.)

[Kelly Martin]

I think the main point to take away from this thread, apropos Peter's original question, is that checkuser is not really a tool that is all that useful in ensuring the quality of Wikipedia's articles. Its main purpose is in the interdiction of low-level vandalism. Given this, I think it's interesting that the WMUK cited it as an important part of the tools used to ensure the quality of articles.

The only way that checkuser can be used in defense of biographies of living people is, perhaps, as an investigatory tool toward the goal of identifying the real-life identity of editors for the purpose of identifying editors with conflicts of interest. But it is my understanding that such use is generally prohibited by policy, so WMUK's assertion that it can be, and is, used for that purpose is also interesting.

[TungstenCarbide]

Aside from the WP CUs (who use it politically), most of the "other project" CUs are just trying to be helpful and chase down the grawpy types. Poet-horde-dude being the obvious exception, of course.

For what it's worth, when I was active, I only found 2 (or maybe three) cases of WP checkusers using it "politically" and I came down pretty hard on both of them. One is no longer a CU, and I don't care enough any more to check the other one. (This was one of the things I was specifically concerned about when I wrote the essay that led to the audit committee. Of course, after two years, I expect the audit committee, if it even still exists, is as bogged down and useless as the rest of the bureaucracy.)

Does checkuser compare password hashes? (i'm assuming it does)

Here are the current checkusers; http://en.wikipedia.org/wiki/Special:ListUsers/checkuser

Jclemens and Versageek don't have a creation date for their account in this listing. wonder what's wrong with the database.

Most checkusers don't create content, they just engage in mmorpg.

For what it's worth, when I was active, I only found 2 (or maybe three) cases of WP checkusers using it "politically" and I came down pretty hard on both of them.

When checkuser is run on an established editor, that editor should get a banner, like the yellow talk page message. That would eliminate spurious uses, since the checkuser knows they'd have to answer for themselves.



This post has been edited by TungstenCarbide: Sun 1st January 2012, 8:36pm

[Kelly Martin]

Does checkuser compare password hashes? (i'm assuming it does)

No, that requires database access.

Jclemens and Versageek don't have a creation date for their account in this listing. wonder what's wrong with the database.

That means their accounts were created before the modification that added creation date data to user records. Sometime in late 2004, if I recall correctly, although some accounts created after that date also lack creation dates, for reasons that I'm not clear about. In some cases, the creation date shown is actually the time of the account's first edit, not the time the account was actually created.

[EricBarbour]

Jclemens and Versageek don't have a creation date for their account in this listing. wonder what's wrong with the database.

That means their accounts were created before the modification that added creation date data to user records. Sometime in late 2004, if I recall correctly, although some accounts created after that date also lack creation dates, for reasons that I'm not clear about.

That is correct. All of the Wikimedia projects have errors and omissions in the admin databases,
some of them big enough to drive a truck through.

Last night I discovered that Pathoschild, that pimply little "man", has been an admin on English Wiktionary
since 2005, but isn't listed anywhere as such. They have two lists of admins, and he's not on either one.
What does he do on Wiktionary? Nothing. He claimed he needed admin power to run his "proxy blocking
project", whatever that is.

[TungstenCarbide]

Does checkuser compare password hashes? (i'm assuming it does)

No, that requires database access.

I've enjoyed probing cu's capability on occasion. In several cases the only 'technical' similarity between the accounts was the password, everything else was different - computer, browser, isp or tor, location ... but the checkuser report matched the accounts with a 'likely, based on technical evidence'. I'm starting to suspect they lied. The accounts were obviously the same user, based on behavior, I made sure it was obvious.

Interestingly, the list of my "suspected" sockpuppets is more accurate than the list of "confirmed" sockpuppets, with one error vs. two.

This post has been edited by TungstenCarbide: Sun 1st January 2012, 9:23pm

[TheKartingWikipedian]

Does checkuser compare password hashes? (i'm assuming it does)

No, that requires database access.

I've enjoyed probing cu's capability on occasion. In several cases the only 'technical' similarity between the accounts was the password, everything else was different - computer, browser, isp or tor, location ... but the checkuser report matched the accounts with a 'likely, based on technical evidence'. I'm starting to suspect they lied. The accounts were obviously the same user, based on behavior, I made sure it was obvious.

Interestingly, the list of my "suspected" sockpuppets is more accurate than the list of "confirmed" sockpuppets, with one error vs. two.

Yes, interesting. I always considered that if they got down to checking passwords all my 20 or so active socks would be immediately linked and confirmed. So it requires database access - well haven't they, or someone they know, got that?

The fact is, passwords are considered sacrosanct by just about everyone, so if they start using them to determine socks - evne if they don't see the actual password - they will be plumbing new depths of depravity.

[TungstenCarbide]

The fact is, passwords are considered sacrosanct by just about everyone, so if they start using them to determine socks - evne if they don't see the actual password - they will be plumbing new depths of depravity.

meh, checkuser is already serving up your personal identifying information to some idiot. Declaring password checks off limits for some moral/privacy reason is disingenuous - Is it just for technical reasons that cu doesn't use the main database? Passwords are probably stored as hashes and cu could just show a 'match' or 'no match'.

Does cu analyze walk-throughs from the logs? That might be kinda interesting.

This post has been edited by TungstenCarbide: Sun 1st January 2012, 10:15pm

[Kelly Martin]

Yes, interesting. I always considered that if they got down to checking passwords all my 20 or so active socks would be immediately linked and confirmed. So it requires database access - well haven't they, or someone they know, got that?

Not with the current version of Mediawiki. Password hashes are salted (and have been for quite some time), so the same password will have many possible different hashes because of the differing salts used.

[TungstenCarbide]

Interestingly, the list of my "suspected" sockpuppets is more accurate than the list of "confirmed" sockpuppets, with one error vs. two.

Considering that most of my accounts have "TungstenCarbide" in the name, and that I generally take no measures to mask my identity from cu (unless probing cu's capabilities), it's surprising the number of mistakes made. Wikipedia's sockpuppet identification machinery isn't very good. False positives probably drive away a lot of new editors who feel like they've been slapped in the face.

[Fusion]

And Checkusers may claim a match when the IPs are not identical but merely close. User agents are not extremely useful. They are identical on my office and home PC when both are using Chrome though not other browsers.

The checkuser extension to the software is publicly explained, so there's really no need to make bad guesses and look like a fool. Just saying.

Possibly there is some misunderstanding here. I have said that my English is still a little imperfect so maybe I say what I do not mean sometimes. What I meant was:

* A Checkuser (i.e. a person) runs a Checkuser (a Wiki function).
* He finds two users, one with IP say 73.167.89.245, the other 73.167.90.43 - close but not identical.
* Nevertheless he says, "Aha, a match!"
* Yet if these people are on stable IPs this does not prove a match; on the contrary it disproves it.
* If they are on dynamic IPs it may indicate a match but is far from conclusive.

Or were you querying my statement about user agents? Does Checkuser (Wiki function) show anything different from this site? Because with that site it is a fact that the strings are the same with Chrome.

I've enjoyed probing cu's capability on occasion. In several cases the only 'technical' similarity between the accounts was the password, everything else was different - computer, browser, isp or tor, location ... but the checkuser report matched the accounts with a 'likely, based on technical evidence'. I'm starting to suspect they lied. The accounts were obviously the same user, based on behavior, I made sure it was obvious.

So maybe "technical evidence" doesn't necessarily mean IP match? Maybe it can mean "shares a POV I don't like"?

[TungstenCarbide]

Yes, interesting. I always considered that if they got down to checking passwords all my 20 or so active socks would be immediately linked and confirmed. So it requires database access - well haven't they, or someone they know, got that?

Not with the current version of Mediawiki. Password hashes are salted (and have been for quite some time), so the same password will have many possible different hashes because of the differing salts used.

so what's this (I'm not a programmer);
http://svn.wikimedia.org/viewvc/mediawiki/...3&pathrev=39334

[Kelly Martin]

so what's this (I'm not a programmer);
http://svn.wikimedia.org/viewvc/mediawiki/...3&pathrev=39334

Tracks use of the email user and email temporary password functions.

[SB_Johnny]

And Checkusers may claim a match when the IPs are not identical but merely close. User agents are not extremely useful. They are identical on my office and home PC when both are using Chrome though not other browsers.

The checkuser extension to the software is publicly explained, so there's really no need to make bad guesses and look like a fool. Just saying.

Possibly there is some misunderstanding here. I have said that my English is still a little imperfect so maybe I say what I do not mean sometimes. What I meant was:

* A Checkuser (i.e. a person) runs a Checkuser (a Wiki function).
* He finds two users, one with IP say 73.167.89.245, the other 73.167.90.43 - close but not identical.
* Nevertheless he says, "Aha, a match!"
* Yet if these people are on stable IPs this does not prove a match; on the contrary it disproves it.
* If they are on dynamic IPs it may indicate a match but is far from conclusive.

Or were you querying my statement about user agents? Does Checkuser (Wiki function) show anything different from this site? Because with that site it is a fact that the strings are the same with Chrome.

In plain English: CU shows you the IP, the browser, and the operating system of the computer used to make a particular edit. It also shows the xff if xff is involved. That's all.

Reasonably intelligent CUs wouldn't see a match in the /16 range as proof of anything, without very strong "behavioral" evidence to back it up (and even then, they would probably look into whether the range is dynamic, whether there are clearly unrelated edits coming from the range, etc.).

I've enjoyed probing cu's capability on occasion. In several cases the only 'technical' similarity between the accounts was the password, everything else was different - computer, browser, isp or tor, location ... but the checkuser report matched the accounts with a 'likely, based on technical evidence'. I'm starting to suspect they lied. The accounts were obviously the same user, based on behavior, I made sure it was obvious.

So maybe "technical evidence" doesn't necessarily mean IP match? Maybe it can mean "shares a POV I don't like"?

I suppose that's possible on WP (since their CUs are appointed by the notoriously political ARBCOM, IOW Jimmy's favorite ass-kissers), but on the other projects they're elected according to how much they can be trusted. Sounds good and works fairly well, but again there's the Poetguy thing which shows a major weakness there.