Wikipedia:CheckUser

If you need to contact a CheckUser for a sensitive matter, please see Contacting a CheckUser below.

This page documents a procedural policy of Wikipedia.

It documents various processes by which the English Wikipedia operates.

The main Wikimedia Foundation policy on CheckUser has been decided on Meta (m:CheckUser#Policy) and nothing here may override that policy without approval there.

Shortcuts

CheckUser on Wikipedia is a MediaWiki extension used by a small number of trusted users (called CheckUsers) to examine user IP address information and other server log data. The tool is only used to protect Wikipedia against disruption, abuse, or vandalism. CheckUser queries are returned with the applicable log data, but it can require considerable technical knowledge and experience to use the tool correctly. CheckUser data is never released except in accordance with the Wikimedia Foundation's Privacy Policy, and most CheckUser investigations result in general conclusions (such as account A is, is not, or may be the same as B or C). CheckUser data is of limited use, and a negative finding never precludes obvious sock-puppetry.

On the English Wikipedia, CheckUser is entrusted to a restricted number of users who can both execute CheckUser inquiries subject to their own discretion and monitor and crosscheck each other's use of the function. The permission is approved (exceedingly rarely and only to trusted editors) by the Arbitration Committee, following community consultation and committee vetting. Checkusers are not required to be administrators (although all or most CheckUser members are also administrators), but must be 18 years of age or older and have provided personal identification (which once confirmed is destroyed) to the Foundation.

Policy

The CheckUser tool may be used to prevent disruption or investigate legitimate concerns of bad-faith editing or sock-puppetry.

Grounds for checking

CheckUser may be used to investigate, prevent, or respond to:

Vandalism;
Sock puppetry;
Disruption (or potential disruption) of any Wikimedia project; and
Legitimate concerns about bad faith editing.

The tool may never be used to:

Effect political control;
Apply pressure on an editor; or
Threaten another editor in a content dispute.

The primary use of CheckUser is to investigate sock-puppetry, but the community accepts there are legitimate uses of alternative accounts, inasmuch as the accounts are never used to violate site policy (for instance, to double-vote or give the impression there is more support for one faction in a discussion or content dispute).

On some Wikimedia projects, an editor's IP addresses may be checked upon his or her request, especially to prove innocence against a sockpuppet allegation. Such requests are not accepted on the English Wikipedia.

Notifying the account that is checked

It is permitted but not mandatory to notify the subject their account has been checked. Notification of the check to the community (on a community process page like Wikipedia:Sockpuppet investigations) is not mandatory, but can be very useful in tracking the activity of a serial vandal, and so is permitted if done in accordance with the privacy policy.

CheckUser and privacy policy

The CheckUser feature accesses non-public information. The Wikimedia Foundation takes privacy of its editors extremely seriously, and there may at times be a conflict between the high priorities given to both protecting the Wiki from damage and disruption, and privacy of even problematic users. This is a very delicate area and at times no solution is ideal; the following cover some of the principles and common practices on English Wikipedia. If in doubt please ask an experienced CheckUser.

CheckUsers have a wide range of discretion to use their access provided it is for legitimate purposes – broadly, those which relate to preventing or reducing potential or actual disruption, and to investigation of legitimate concerns of bad faith editing. (CheckUser policy)
CheckUsers may accept requests publicly or otherwise, as they see fit.
Requests should not be accepted on the basis of "fishing" – that is, requests by users without a good and specific cause. On their own cognisance they may however perform privately as part of their role, any checks within the bounds of CheckUser policy – that is to say, any check which is reasonably performed in order to address issues of disruption or damage to the project.
Disclosure of CheckUser results is subject to privacy policy, which broadly states that identifying information should not be disclosed under any but a few circumstances. These include:
- "With permission of the affected user",
- "Where the user has been vandalising articles or persistently behaving in a disruptive way, data may be released to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers", and
- "Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public."

IP information disclosure

It is not normally considered a breach of privacy policy to state that different named accounts are operated from the same IP or range if details of the range are not given, or if a generic description only is given (country, large ISP etc.) that in no way is very likely to identify a specific person. It is undesirable to link an IP to a named account, since an IP is often much more tightly linked to a specific person. (This is often less so for larger IP ranges: the larger the range, the less obvious the connection will often be to any specific person.) CheckUsers will employ a variety of means to avoid doing this, but in some cases it is hard to avoid and "Wikipedia norms are not a suicide pact" – a user who is disruptive and needs to be addressed as such may have to accept the price of disruption is their IP becomes linked to their account.

This can happen in several ways:

A user is disruptive through multiple IPs, or a mixture of IPs and accounts. It is hard to block all of these (often on the same article) without obvious inference being drawn by onlookers.
A user is disruptive on multiple accounts, and it is reasonably plausible they will create more accounts, requiring the blocking of the underlying IP range that these accounts are using.

CheckUsers will often use a variety of techniques to avoid drawing such connections (new checkusers should ask and pick these up), but in many cases it is hard to avoid in a practical sense. Users who engage in problematic conduct to the point that requests for administrative action or blocking are raised and considered valid for CheckUser usage, and where CheckUser then determines the user probably has engaged in such conduct, must expect the protection of the project is given a higher priority than the protection of those who knowingly breach its policies on editorial conduct, if the two conflict or there is a problematic editing history.

IP information retention

Data on users (like their IP address) is retained for a limited period on Wikimedia Foundation sites. Data retention is so limited because incidents or actions that are not current rarely require investigation.

Guidance given to CheckUsers

m:CheckUser policy advises that, even if the user is committing abuse, it's best not to reveal personal information if possible:

Generally, do not reveal IPs. Only give information such as same network/not same network or similar. If detailed information is provided, make sure the person you are giving it to is a trusted person who will not reveal it
If the user has said they're from somewhere and the IP confirms it, it's not releasing private information to confirm it if needed
If you're in any doubt, give no detail (and "answer like a Magic 8-Ball")

On the English Wikipedia, CheckUsers asked to run a check must ask for (and be given) clear evidence that a check is appropriate and necessary. The onus is on an individual CheckUser to explain, if challenged, why a check was run. Do not make any presumptions, no matter who asks. The CheckUser log is regularly examined by arbitrators and especially by members of the Audit Subcommittee, who have previously initiated investigations of their own motion. All actions associated with the CheckUser tool, especially public or off-wiki actions, are subject to public view and can result in a complaint being filed against you with the Audit Subcommittee, the Wikimedia Foundation Ombudsman, or both.

Fishing

Shortcut

WP:NOTFISHING

"Fishing" is to check an account where there is no credible evidence to suspect sockpuppetry. Checks are inappropriate unless there is evidence suggesting abusive sock-puppetry. Checking an account where the alleged sockmaster is unknown, but there is reasonable suspicion of sockpuppetry is not fishing, and a suspected sock-puppet's operator is sometimes unknown until a CheckUser investigation is concluded. Checks with a negative result do not mean the check was initially invalid.

Contacting a CheckUser

CheckUsers are seasoned, experienced users, trusted to handle sensitive and privacy related matters and other user issues. Routine sock-puppet and editing issues requiring CheckUser review are handled at Wikipedia:Sockpuppet investigations. In keeping with WP:NOTBUREAUCRACY, CheckUsers are authorised to receive contact by other means, like on their talk pages, by e-mail, on IRC or a mailing list, and so on). If an incident is of a private or sensitive nature, you should never use public means of contact. If an incident is of an urgent nature, you should contact a CheckUser you know to be online, or contact multiple active CheckUsers. If an incident is an emergency, you should contact the Wikimedia Foundation.

If you require an editor with CheckUser access, you may contact:

An individual CheckUser who will either advise, deal with the matter, or (especially if asked) forward it on to other CheckUsers for wider discussion.
The English Wikipedia CheckUser team, which is ideal if you need a quick response, possibly other CheckUsers to be aware, and do not know any CheckUsers personally to judge which individual to contact. See the functionaries-en mailing list for how to do this. If it is sensitive beyond that, then it may instead be sent to the Arbitration Committee mailing list or any arbitrator.
The interwiki CheckUser team, which co-ordinates between CheckUsers on all WMF projects (and Stewards, for small wikis with no local CheckUsers) in the Checkuser-l mailing list. The inter-project team is ideal for matters concerning prolific vandals or sock users, privacy-related incidents or harassment, and other global matters of interest beyond English Wikipedia. The Wikimedia-wide CheckUser mailing list does not receive mail from non-subscribers, so you will need to contact a CheckUser by other means (like IRC).

CheckUser operation

Usage

A user with CheckUser access will get an extra "CheckUser" option under Special:SpecialPages, a "Check IP addresses" option on Special:Contributions, access to the Special:CheckUser and Special:CheckUserLog special pages, and other similar functions. On the English Wikipedia, CheckUsers also receive access to the Checkuser-l global mailing list, subscription to functionaries-l, and access to the IRC channels if they so request.

Several scripts exist for English Wikipedia CheckUsers, including User:Amalthea/culoghelper.js, User:Amalthea/cufilter, ru:MediaWiki:Gadget-markblocked.js, User:Tim Song/spihelper.js, among others. (No guarantee is given these scripts are currently functional.)

Hints and tips

CheckUser's help page gives the following tips to users:

CheckUser is a technical tool, and requires a significant degree of familiarity with IPs, IP ranges, and related principles, to be correctly used.
CheckUser is not magic wiki pixie dust. Almost all queries about IPs will be because two editors were behaving the same way or an editor was behaving in a way that appears suggestive of possible disruption. An editing pattern match is the important thing; the IP match is really just extra evidence (or not).
Most dialup and a lot of DSL and cable IPs are dynamic. They might change every session, every day, every week, every few months or hardly ever. Unless the access times are right next to each other, be cautious in declaring a match. After a while, you get to know which ISPs change fast or slow. If it's a proxy, it might not be a match, depending on the size of the organisation running the proxy (per whois output). If it's an ISP proxy, it is not so likely to indicate a match. (Note – some users, particularly those involved in technical matters, can help identify whether an IP is likely to be a proxy, or is likely to be static, fast, or slow changing.)
There is both a CheckUser mailing list (checkuser-llists.wikimedia.org), and a CheckUser irc channel (#wikimedia-checkuser), providing means to consult and get advice on checks and their interpretation, especially in the case of more complex vandalism. Both are used by CheckUsers on all Wikimedia Foundation projects; they are not just for the English Wikipedia. Access to the IRC channel is by invitation only and the CheckUser mailing list does not accept correspondence from non-members - users seeking assistance of a local CheckUser should see the #Contacting a CheckUser section above.

Reasons and communication

CheckUsers are expected to have policy-compliant grounds for CheckUser actions, identification, and blocks, and to discuss openly and fully with other CheckUsers their rationale if asked.

CheckUser blocks

Administrators who hold CheckUser privileges may block users based on non-public information revealed through the CheckUser tool, and such an administrative action is generally viewed to be made in the user's capacity as an oversight or CheckUser, although the action itself is an administrative one. All such blocks are subject to direct review by the Arbitration Committee, and administrators should not undo or alter any block that is specifically called a "CheckUser" block without first consulting a CheckUser.^[1]^[2]

Log of checks

CheckUser queries cannot be executed on the English Wikipedia without the initiator entering something in the "Reason for check" field, which is akin to the edit summary feature for page-editing. All queries are logged at Special:CheckUserLog, which is visible only to other CheckUsers through Special:CheckUser. Each entry in the log will show who ran the check, when, the check reason, and what type of data was called (the tool can be used to get IPs, edits from an IP, or users for an IP). The log does not display, nor allow for the retention of, data returned from a check.

Assignment and revocation

Users wanting access should watchlist the Arbcom noticeboard for an announcement, or contact the Committee or an individual arbitrator, and proceed from there. However, only a very small number of appointments are typically made per year.

Users who require the CheckUser permission are typically members of the Arbitration Committee and former Arbitration Committee members. For those users who are not, in order to be approved for the CheckUser flag, a case should be made and sent to the ArbCom mailing list or to any active Arbitrator. Users are advised to initially sound out interest, discuss suitability, and check the current position via an off-list email to any active Arbitration Committee member, understanding that most times, new CheckUsers are not being looked for and an exceptionally good basis would also be required. Appointments that are confirmed by the Arbitration Committee will be posted on Requests for permission on Meta-Wiki, a Steward will assign the permission once identification is confirmed.

Just as the CheckUser permission can be approved, it can be revoked. If the Committee feels that an editor has abused CheckUser, such as by inappropriately performing checks or needlessly disclosing privacy related information from a CheckUser inquiry, they will immediately request a Steward to remove the permission from the editor. This may be done by any of the usual ways, including e-mail or a request on requests for permission on Meta.

Emergency requests based upon clear evidence may also be made in exceptional circumstances, the same way. In an exceptional case, and for good cause, a Steward may temporarily remove the permission, pending a decision by the Committee. The Steward should check the matter is well founded, and make clear immediately that it is a temporary response only, since such an action could lead to controversy.

Complaints and misuse

WMF policy on removal states that:

Any user account with CheckUser status that is inactive for more than a year will have their CheckUser access removed.
In case of abusive use of the tool, the Steward or the editor with the CheckUser privilege will immediately have their access removed. This will in particular happen if checks are done routinely on editors without a serious motive to do so (links and proofs of bad behavior should be provided).
Suspicion of abuses of CheckUser should be discussed by each local wiki. On wikis with an approved ArbCom, the ArbCom can decide on the removal of access[...] Removal can only be done by Stewards. A Steward may not decide to remove access on their own, but can help provide information necessary to prove the abuse (such as logs). If necessary, and in particular in case of lack of respect towards the privacy policy, the Board of [the] Wikimedia Foundation can be asked to declare removal of access as well.
Complaints of abuse of CheckUser or privacy policy breaches may also be brought to the Ombudsman commission.

Complaints involving the release of personally identifying information or other potential violations of the Wikimedia Foundation's Privacy Policy should be made to the Ombudsman commission.

Other complaints or inquiries about potential misuse of the CheckUser tool should be referred to the Audit Subcommittee.

Users with CheckUser permissions

An automatic list is at Special:Listusers/checkuser. As of 28 November 2012, the following editors form the CheckUser team on the English Wikipedia:

Current arbitrators: AGK,^[3] Carcharoth, Courcelles,^[3]^[4] David Fuchs,^[3] Hersfold,^[4] Kirill Lokshin, Newyorkbrad, NuclearWarfare, Risker,^[3] Roger Davies, Salvio giuliano,Cite error: A <ref> tag is missing the closing </ref> (see the help page). Elen of the Roads, FloNight, Fred Bauder, Jclemens, Jdforrester, Jpgordon, Mailer diablo, PhilKnight

Non-arbitrators appointed by Arbcom: Alison, Amalthea, DeltaQuad, DoRD, Elockid, Frank, J.delanoy, Keegan, Tiptoety, Versageek, WilliamH

Community members of the Audit Subcommittee (AUSC): Avraham,^[5] Ponyo

Developers: Aaron Schulz, Brion VIBBER

Others: Jimbo Wales, Wikimedia staff members (prohibited from use by internal policy except in rare cases), Wikimedia Ombudsmen.^[6]

Developers do not typically patrol the site for violations, and require access to the CheckUser tool mainly for maintenance and enhancement purposes. "Others" includes users who require access for WMF reasons, and WMF officers.

Community members of the Audit Subcommittee (AUSC) are elected once per year to three of the six positions as Auditors, and together with the three arbitrator members hear complaints about the use of CheckUser and Oversight permissions on the English Wikipedia; their role is separate from the Wikimedia Foundation's Ombudsman Commission. Unless they already held the permission, community subcommittee members are given the CheckUser and Oversight permissions (and associated access rights) for the duration of their one-year term.

^ CheckUser Mackensen's comment on "Checkuserblocks," and why they should not be lifted.
^ Arbitration Committee statement on Checkuser blocks, 18 July 2010
^ ^a ^b ^c ^d Current Arbitrator member of the Audit Subcommittee
^ ^a ^b Cite error: The named reference prior was invoked but never defined (see the help page).
^ This user was appointed as a CheckUser prior to being appointed to the Audit Subcommittee
^ Ombudsman commission members have global CheckUser access in order to investigate allegations related to breach of WMF privacy policy (cf. full list)