Wikipedia talk:Arbitration Committee/Noticeboard/Archive 13: Difference between revisions

Arbitration motion regarding Wikipedia:Requests for arbitration/Date delinking

Original announcement

Climate change case amendment

Original announcement

3.1) Editors topic-banned by the Committee under this remedy are prohibited from (i) editing articles about Climate Change broadly construed and their talk pages; (ii) editing biographies of living people associated with Climate Change broadly construed and their talk pages; (iii) participating in any process broadly construed on Wikipedia particularly affecting these articles; and (iv) initiating or participating in any discussion substantially relating to these articles anywhere on Wikipedia, even if the discussion also involves another issue or issues.

The bolded part makes this a problem by bringing this in conflict with WP:IAR. There always has to be a safety valve allowing compromized articles to be repaired. There has been an issue with the monitoring of all the CC articles by the non-topic banned editors. It was precisely one of William's notifications of an unnoticed problem that led to him being blocked. Count Iblis (talk) 21:17, 10 November 2010 (UTC)

Ok, Mister WP:IDIDNTHEARTHAT, apparently you missed point. This modification was made make it clear that the back door is not open. In case you didn't notice, that block was upheld. Beeblebrox (talk) 21:46, 10 November 2010 (UTC)

Dense? What happend to WP:CIVIL and WP:NPA? --Stephan Schulz (talk) 22:02, 10 November 2010 (UTC)

Keeping the back door locked is a violation of WP:IAR. The issue is simply that if a page is vandalized and it hasn't been noticed in a reasonable time, a topic banned editor should at least be allowed to notify someone. In fact, the Wikipedia rules on topic ban allow topic banned editors to correct vandalism themselves. But that isn't necessary to maintain Wikipedia, a mere notification suffices.

Having some experience in the CC area, I really do not see how this could lead to trouble. Let me do my best and imagine an editor who I typically disagree with on CC, say Cla68. Suppose he notifies me about a problem on an article, e.g. suppose that on a BLP article an edit is made labeling a sceptic to be a "kook" and that this edit has gone unnoticed. Then even if I agree that this person is a indeed "kook", I can still see that this is a BLP violation that needs to be corrected. Leaving such an edit uncorrected is not good for Wikipedia. Count Iblis (talk) 22:05, 10 November 2010 (UTC)

Again, you are deliberately ignoring the message here. These users have been told repeatedly that they are a net negative in the CC area and that their contributions in that area are not welcome regardless of their merit. If we are violating IAR with that then we can invoke IAR and ignore it. Beeblebrox (talk) 22:08, 10 November 2010 (UTC)

I don't think he is ignoring the message. He is pointing out that the message is inconsistent with normal Wikipedia processes, not to mention antiproductive and unwise. --Stephan Schulz (talk) 22:20, 10 November 2010 (UTC)

That may be what you two think, but it is not what ArbCom or the community at large has said. Those who violate the topic ban will be blocked. Most of them have accepted this and moved on. Those who cannot or will not do so can expect to longer and harsher blocks. Beeblebrox (talk) 22:40, 10 November 2010 (UTC)

"The community at large" does not even know of this case. ArbCom has made bad decisions before. Sometimes they were wise enough to correct them,sometimes not. And replacing civilised decision with robot-like repetition of block threats really is helping consensus. --Stephan Schulz (talk) 22:44, 10 November 2010 (UTC)

• It's not a threat, it is an accurate interpretation of the meaning of this decision. If you want to appeal for yet another amendment that reflects what you and the count want, be my guest. Beeblebrox (talk) 23:02, 10 November 2010 (UTC)

• The banning policy recognizes exception to topic bans for reversions of obvious vandalism or obvious BLP violations (obvious as in something no reasonable person would disagree with) unless they are explicitly included in the ban, and I personally would not block for those (again, unless they are explicitly included within the ban). That said, banned users perform those edits at their own peril: often their perception of obviousness is different from that of a user not involved in the topic area, which is why it may not be a good idea. There's your safety valve. T. Canens (talk) 23:10, 10 November 2010 (UTC)

• The best thing would be for topic banned editors to remove the relevant pages from their watchlists. They don't need to be looking for vandalism to repair.   Will Beback  talk  23:29, 10 November 2010 (UTC)

I've been beating that drum for a while, but certain involved persons have relentless advocates who believe that those certain persons are too important to these topics to be subject to the full breadth and scope of the ban. Beeblebrox (talk) 23:42, 10 November 2010 (UTC)

Admins should really follow best practices. --Stephan Schulz (talk) 10:09, 11 November 2010 (UTC)

I'm not doing climate change for the moment, but I've noticed with some dismay that people are still claiming or implying that only the topic banned editors can possibly patrol the climate change articles. This is nonsense; I'm not topic banned and I used to do it myself without much effort.

Just pop the articles into your watchlist or use my list at User:Tony Sidaway/Articles under climate change probation. The talk pages are also listed so using related changes on the list gives something very similar to a watchlist. Remember to set the option "Enhanced recent changes (requires JavaScript)" in the Recent changes tab of your preferences.

Add articles (and their talk pages) to the list as desired. As long as you keep the list up to date you won't miss a single edit. --TS 13:06, 11 November 2010 (UTC)

"I've noticed with some dismay that people are still claiming or implying that only the topic banned editors can possibly patrol the climate change articles." - to help your dismay, I don't think that that is correct. I don't think anybody is claiming or implying that - I'm certainly not. --Stephan Schulz (talk) 13:13, 11 November 2010 (UTC)

Well I must have misunderstood the following sentence: There has been an issue with the monitoring of all the CC articles by the non-topic banned editors. (Count Iblis (talk) on 10 November)

This was, I thought, the reason why the strong topic ban was held by some editors to be bad for Wikipedia. If no such issue exists then I don't see what problem remains. --TS 13:44, 11 November 2010 (UTC)

I certainly do believe that over-aggressive topic bans and enforcement are bad for Wikipedia. However, I believe this on general principles of reducing friction and drama, enabling efficient communication, and reducing friction. Also, of course, there is a big difference between "only the topic banned editors can possibly patrol" something and "every article is patrolled as effectively as possible". In particular, it's perverse if any editor is prevented from listing factual errors and vandalism in a non-disruptive way. As CI correctly pointed out, one of our five pillars explicitly says "If a rule prevents you from improving or maintaining Wikipedia, ignore it." --Stephan Schulz (talk) 14:01, 11 November 2010 (UTC)

In cases where all reasonable attempts to control disruption have failed, the Committee may be forced to adopt seemingly Draconian measures as a last resort for preventing further damage to the project. This principle passed during the Durova case, and applies even more to this one. The current bans may not be in line with normal Wikipedia practices, but there is no viable alternative. Everything else has been tried, so now we simply have to say "Leave this topic area, we don't want you here. No exceptions." The Wordsmith^Communicate 16:00, 11 November 2010 (UTC)

"Everything else has been tried" - wanna bet that I can come up with 10 things that have not been tried, at least one of which is reasonable? --Stephan Schulz (talk) 16:30, 11 November 2010 (UTC)

If you can come up with a viable alternative to draconian topic bans for everyone (that will still solve the problem) then I will endorse your request for an amendment. I do not think any such alternative exists. We tried warnings, community-based general sanctions, article probation, sourcing restrictions, page protections, asking nicely, and even requesting that certain editors voluntarily recuse from the topic area. None of that worked. The community is tired of the drama, and we will end it by any means necessary, even if that means excessive force. The Wordsmith^Communicate 19:39, 11 November 2010 (UTC)

Let me propose this very minor proposal: Editors topic banned under remedy 3 are allowed to notify non-topic banned editors about an unambiguous problem on a CC article, if the problem has not been corrected in 24 hours time. The notification must be limited to a single sentence and can be posted on talk pages (e.g. the editor's own talk page). A maximum of two editors may be notified by posting on their talk pages. Discussions about the issue the notification is about are not allowed. Editors who use this as a loophole to engage in disputes will have this notification right revoked and may face further sanctions.

The reason why we need this is evident if you look at the recent problems on the Global climate model page. This page did not appear on TS' list. There was a subtle Scibaby-like edit on that article that William noted on his talk page. Such notifications got William blocked. The large number fo voices at AE saying that "William should move on, he should stop watching the CC pages", let me to believe that from that moemnt onwards all the CC pages would now be watched (a bit disingenuous as William did notify about uncorrected problems, but ok. if other people start to watch the CC pages, William doesn't need to notify anyone anymore).

The Global climate model would obviously be the last page I would have expected to see any new problems on. However, when I checked a week ago I saw to my surprise exactly the same type of subtle problem that at that moment was uncorrected for about 6 days. That page is now on my watchlist, but the same problem can occur on many pages. Count Iblis (talk) 22:32, 11 November 2010 (UTC)

Those edits to Global climate model would not have qualified as "unambiguous problems" though, since by your description they were "subtle" (insertions of the word "estimate", which is not unambiguous vandalism or POV pushing). Is there a better example you can give as evidence why this is needed? alanyst ^/talk/ 23:14, 11 November 2010 (UTC)

Subtle but no less problematic than straightforward POV pushing. In fact, the subtle nature makes this a good example of why my proposed setup for notification is needed. What happened here was not simply a constructive edit to point out that climate models are not very accurate. Such good faith efforts could, of course, also lead to a degree of POV pushing, but that is part of the normal editing process here at Wikipedia. What makes this edit not ok. is that it suggests that predictions based on climate models are not accurate, simply because they involve computations using a finite element method. Now that is ridiculous. Climate is average weather, so you are not interested in the exact physical state of the atmosphere at some moment in the future. The reason why climate models have problems has to do with the fact that a lot of relevant physical processes can't be captured well in the simulations (cloud formation etc.), but William and Boris are more qualified than me to comment on that.

I do know that in some fluid dynamics simulations one works with effective variables that don't correspond to real physical degrees of freedom. In general, in mathematical/computational physics, one uses all sorts of techniques allowing one to come up with a reasonably accurate answer using intermediary results that look horrible. Count Iblis (talk) 01:10, 12 November 2010 (UTC)

More often finite-difference and (pseudo)spectral methods than finite-element methods, but your basic point stands. Short Brigade Harvester Boris (talk) 01:17, 12 November 2010 (UTC)

I think we're all missing the point here. A POV pusher is obviously at work, his edits don't enjoy consensus, and he's using multiple users or IP addresses to try to game the system. That has nothing to do with the climate change probation, it's straightforward abuse, and now we know it's happening we'll stop it. To watch for more of that kind of crap, just sit on the articles and watch what happens. While I may be back in the new year I cannot imagine that I am the only person interested in dealing with this kind of topic-neutral abuse. --TS 23:57, 11 November 2010 (UTC)

We need Arbcom to weigh in on whether your proposed course would be acceptable. The text of the decision suggests that it would be extremely unwise of you to do this without prior clarification. Short Brigade Harvester Boris (talk) 01:10, 12 November 2010 (UTC)

You don't need arbcom to tell you that it's okay for non-topic banned editors to sit on top of the climate change articles and fix problems as they occur. It's what we do everywhere else and, evidently, the urgency still exists in the wake of the recent case. I'm only not engaging in the topic at present because, frankly, I'm one of many editors who need a holiday from the topic. --TS 01:31, 12 November 2010 (UTC)

I think you are mistaken. Arbcom made it clear that "sitting on top of the climate change articles" as you put it is a very bad thing indeed. Accusations of doing so were what got the case rolling to begin with. Short Brigade Harvester Boris (talk) 01:45, 12 November 2010 (UTC)

{{citation needed}} Tasty monster (=TS ) 02:58, 12 November 2010 (UTC)

Well, go ahead. The resulting dramafest should provide a few days' entertainment. Short Brigade Harvester Boris (talk) 04:05, 12 November 2010 (UTC)

• This is not the place to discuss the content of articles. Please keep that discussion on the talk pages of the articles involved. If an article requires protection or semi-protection, make the request at the appropriate place. Topic-banned editors are strongly urged to remove articles in the topic from which they have been banned from their watchlists or RSS feeds in order to facilitate their disengagement from the area. Exporting aspects of the dispute for which editors have already been sanctioned into other areas of the project may result in further restrictions. Editors who behave in a manner similar to that which has already resulted in sanctions on other editors may well find themselves restricted, too. The community has made itself heard, loud and clear, that it is very tired of the battleground behaviour in this topic area; editors continuing to behave in that way do so at their own peril. Risker (talk) 05:38, 12 November 2010 (UTC)

One of ArbCom's lavish perks. (Note the rapidly melting snow.)

• • No one is discussing content here. If you were to actually read the discussion above you would see that the mention of a particular article was only in the context of how best to approach the broader issue of how to treat articles in light of the Arbcom decision. And there's no "battleground" behavior -- Tony and I are very much in agreement regarding the underlying content issues, and are discussing the general matter of how (and whether) to monitor the articles for sockpuppetry and other abuse. Your comments are orthogonal to what we have been discussing here, and to be frank your helicoptering in and making pronouncements that are not founded on the actual discussion at hand only reinforces certain views regarding Arbcom. Short Brigade Harvester Boris (talk) 14:08, 12 November 2010 (UTC)
    • Yes, we should defund the ArbCom helicopter fleet; This will help reduce CO2 emissions. Jehochman ^Talk 14:20, 12 November 2010 (UTC)

Arbitration motion regarding Wikipedia:Arbitration/Requests/Case/Eastern European mailing list

Original announcement

Changes in Checkuser/Oversight permissions

Original announcement

My thanks to Mackensen, Vassyana and Luna for their contribution. I appreciate that the Committee is keeping an eye on this situation and taking appropriate steps. Skomorokh 22:22, 17 November 2010 (UTC)

Concerning that it appears we burned out Vassyana and Luna, who I have immense respect for. Thanks for all you two were able to do over the years.

Mackensen, thanks, and looking forwards to more great content. Georgewilliamherbert (talk) 22:48, 17 November 2010 (UTC)

Alas, people come and go, but all the more unfortunate when the trustworthy disappear. bibliomaniac15 02:51, 18 November 2010 (UTC)

Arbitration motion regarding Wikipedia:Arbitration/Requests/Case/Speed of light

Original announcement

Exceptional individuals wanted for challenging two-year assignment

You are:

Y an effective communicator with a sound grasp of policy;

Y able to see all aspects of a problem and find solutions;

Y courteous, disciplined and open-minded;

Y able to deal calmly with trolls, bigots and editors with issues;

Y able to make up your own mind under stress.

If you can answer "yes" to most of the above, you are probably arbitrator material. Learn more about standing in the upcoming election. But don't delay, nominations close very soon!

Tony (talk) 16:31, 19 November 2010 (UTC), for the election coordinators

• PS: YYou must also be able to prove your real name (with a copy of your passport) to "The Office" in case any litigation as a result of your actions arise.  Giacomo  17:38, 19 November 2010 (UTC).

• The purpose of providing identification is to verify age. All editors are responsible for their actions, regardless of whether or not they are identified. Risker (talk) 19:29, 19 November 2010 (UTC)

So what cast iron guarantees are you willing to provide (as you seem to be taking it upon yourself to speak for "The Office") that RL ID's will remain confidential? What if some nutter (and Wikipedia certainly has a few of those) decides to launch litigation and wants "The Office" to furnish them with names - What protection is "The Office" able to provide? Giacomo  21:50, 19 November 2010 (UTC)

Too easy; the answer is none. No wonder this election is short of candidates. Malleus Fatuorum 22:03, 19 November 2010 (UTC)

• Yes, there is does seem to be a deafening silence from Risker and "The Office" regarding assurances and positive answers. My hunch is threatened with a choice of litigation themselves or offering up writ servable names, "The Office" will sing like a cage of canaries. And once some nutter has one's details, who knows what could follow. No, this is an unpaid job, the last think it needs is unnecessary risks.  Giacomo  08:52, 20 November 2010 (UTC)

Erm, I don't see actually what the issue here is. Even if your scenario is correct – which I, for one, don't accept – what earthly use are servable names without servable addresses, which the WMF doesn't have? To obtain an address a would be litigant has to serve the IP from which someone is editing (not WMF, by the way) with a valid court order to obtain it.  Roger ^talk 09:08, 20 November 2010 (UTC)

• You are right, clearly you don't see. Let me enlighten you. Anyone who publishes anything to the internet can be sued in their name. Anyone who takes any action on or off a site which another considers detremental can be sued. Anyone who feels a Wikipedia editor has libelled them, or caused them any emotional damage may contact The Foundation for redress. No matter how may times Wikipedian's chorus "legal threats are not allowed" it makes no difference - the real law operates in the real world where they most certainly are allowed. Then there is the other matter, once some person has been given an individuals name (and photograph, such as that on a passport/driving licence) - wether the litigation goes ahead or not - outing, stalking and harrassment become real and undenialble possibilities. I want want to know what assurances and protection "The Office" have to offer? It's a very simple question. I would like it answered.  Giacomo  10:20, 20 November 2010 (UTC)

• It has been mentioned below, but just in case you didn't spot it: http://wikimediafoundation.org/wiki/Privacy_policy#Access_to_and_release_of_personally_identifiable_information answers your question quite clearly. --Conti|✉ 10:56, 20 November 2010 (UTC)

Ah yes, here it is buried away. Release: Policy on Release of Data It is the policy of Wikimedia that personally identifiable data collected in the server logs, or through records in the database via the CheckUser feature, or through other non-publicly-available methods, may be released by Wikimedia volunteers or staff, in any of the following situations:

1.In response to a valid subpoena or other compulsory request from law enforcement,

2.With permission of the affected user,

3.When necessary for investigation of abuse complaints,

4.Where the information pertains to page views generated by a spider or bot and its dissemination is necessary to illustrate or resolve technical issues,

5.Where the user has been vandalizing articles or persistently behaving in a disruptive way, data may be released to a service provider, carrier, or other third-party entity to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers,

6.Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public.

Except as described above, Wikimedia policy does not permit distribution of personally identifiable information under any circumstances. Can you expain why this is not made more obvious to all editors? The reason is? I can guarantee, that most editors are unaware of this and The Foundation ceftainly does not overpublicise it.  Giacomo  14:52, 20 November 2010 (UTC)

• Giano, about your point above about "photograph", IIRC when I sent in my details in December 2008, I blanked out the photograph and also other unnecessary details (you could, for instance, blank out any postal address on the ID). As what people send in tends to be a photograph or scan of the relevant ID, this is easily done. You can also ask in advance what exactly is needed. Of course, things may have changed from 2 years ago, but ask some of the other (such as recent functionaries) who sent in ID. I think you will find it is not as arduous or revealing as you think it is. It is more a trust thing. If you don't trust a paid employee of the WMF to do the right thing in terms of their job (possibly they have a lot more to lose than you do), then nothing anyone can say or do will help, I'm afraid. But I would urge you to ask around about this, as if you have specific concerns it might be possible to address them. Carcharoth (talk) 15:21, 20 November 2010 (UTC)

• I think there is a related reason why many WMF employees don't themselves actively edit the en.Wikipedia, so that they can avoid liability for what goes on here. I don't blame them, but I don't respect them for it either. Nevertheless, anyone who edits one of the top 10 most trafficked websites in the world should be aware that they may be taken to task for their influence on said website. Cla68 (talk) 15:26, 20 November 2010 (UTC)

• A discussion about this thread has been opened at Wikipedia:Administrators'_noticeboard/Incidents#I'm loth to say "censorship" but... ╟─TreasuryTag►high seas─╢ 19:12, 19 November 2010 (UTC)
• With the exception of ..grasp of policy, I'm afirmative on the other points. PS: Nobody's going to know my real name or see my passport; No way, Jose. GoodDay (talk) 19:19, 19 November 2010 (UTC)
  • As I've just learned (see below) an ID is indeed required, though not necessarily a passport. Maybe the same should be required of admins. I don't think it is. However, ArbCom sits a bit higher in the food chain, and obviously they need to know who each other are so they can fully trust each other. ←Baseball Bugs ^{What's up, Doc?} carrots→ 20:17, 19 November 2010 (UTC)
    • I reckon then, I won't be seeking the arbitrator's hat. Everyone, please hold back your disappointments. GoodDay (talk) 20:29, 19 November 2010 (UTC)
      • I'm crushed. But that might be due to the 16-ton weight that just fell on me. ←Baseball Bugs ^{What's up, Doc?} carrots→ 20:39, 19 November 2010 (UTC)
        • Giggle Giggle, we're a load of laughs. GoodDay (talk) 20:47, 19 November 2010 (UTC)
• Look, everyone who edits Wikipedia should know that anonymity is not guaranteed. You may be held, or attempted to be held, accountable for your Internet activities in a court of law, and not just for your participation in Wikipedia. Being a member of the ArbCom may or may not expose you to increased liability. Perhaps this is one reason why should require all editors with additional privileges, such as admins, be 18 years old or older. Cla68 (talk) 09:05, 20 November 2010 (UTC)
  • The mere fact that underage kids are allowed to be admins is frightening enough. In any case, we've had a number of incidents of admin malfeasance within the last year or so (I don't know the ages of the offenders), so it's no wonder there's no small amount of suspicion. My guess is that editors most likely to run for this thankless job are already using a variant of their real names as ID's. ←Baseball Bugs ^{What's up, Doc?} carrots→ 09:39, 20 November 2010 (UTC)
    • Should arbitrators be compensated with a stipend for their time spent administering Wikipedia, and perhaps increasing their exposure to possible legal action, from funds from the Wikimedia Foundation? That's probably not a conversation for this thread, but I think it's something that should be on the table, which I'm sure sends a cold chill down the spines of the WMF staff if it has ever crossed their minds. If it took much of the WMF budget, they might have to move their headquarters from tony downtown San Francisco to more pedestrian quarters. Cla68 (talk) 09:46, 20 November 2010 (UTC)
      • I would think the chills would be for a quite different reason. If arbs are getting a stipend they may become employees or contractors or "persons working at the direction of" the WMF and then the WMF would become liable for their actions. If there ever were a suit against an Arb, WMF would lose its safe harbour. Franamax (talk) 17:39, 20 November 2010 (UTC)

Current arbcomm fails quite a few of those tests; most obviously point 2 William M. Connolley (talk) 22:19, 19 November 2010 (UTC)

When in doubt, always blame the referee.--Scott Mac 22:26, 19 November 2010 (UTC)

What has doubt got to do with it? William M. Connolley (talk) 22:50, 19 November 2010 (UTC)

You are entitled to your opinion but obviously the (previous) electorate/community does not agree with you. - BorisG (talk) 14:03, 20 November 2010 (UTC)

What a pompous, presumptuous thing to say, Boris... Badger Drink (talk) 09:30, 22 November 2010 (UTC)

• For the record, all functionaries have to identify themselves to the foundation. Any type of valid ID indicating you are a legal adult is acceptable. The actual policy is from the foundation itself and is spelled out here:[1], the privacy policy is here: [2], the section titled "Access to and release of personally identifiable information" details under what circumstances the information may be released. There is no secret policy, it's all right there in the open, you just have to know where to look. Beeblebrox (talk) 09:11, 20 November 2010 (UTC)
• There is a data retention issue here. If the intent is simply to confirm that someone is legally an adult then the foundation doesn't need to keep any information other than a record that on a particular date a particular WMF employee received information from that particular user that confirmed they were legally adult. Perhaps if the Foundation stopped keeping the identity information some more people would be willing to stand. ϢereSpielChequers 10:32, 20 November 2010 (UTC)
  • That's a very good point - it is appallingly unethical (and would probably be illegal in the EU) to retain such information for longer than is required for the purpose for which it was collected. Does the Foundation have a data destruction policy? DuncanHill (talk) 15:57, 20 November 2010 (UTC)

I can only speak for myself, but I am already a functionary and I have no desire whatsoever to be an arb. I don't think the identification issue is what is stopping people, it's probably more to do with the fact that it is a very, very time consuming task and every decision you make is declared to be wrong. Beeblebrox (talk) 12:08, 20 November 2010 (UTC)

I can't see an issue here. Many wikipedians make their names public already. Responsible adults must take responsibility for their actions, and this includes internet. And even if no ID was required, if someone wants to sue you in court of law, "anonymity" won't help you. It may help against real-world harrassment though. - BorisG (talk) 14:03, 20 November 2010 (UTC)

Many do make their names public, and some come to regret that, also some editors have names that are far from unique worldwide. If your surname is Smith, Jones or Patel then using your name on Wikipedia is less public than it would be for many of us. If you are typo fixing or writing uncontentious stuff then wikipedia is a very low stress environment - I can do thousands of gnomish edits without anyone even commenting on my talkpage. All the death threats I've received for my wikipedia editing were because of the attack pages and similar that I've deleted or tagged for deletion. But this isn't just about death threats, as I trust the foundation not to tell the crazies who I am in real life. The foundation has had legal letters seeking the identities of Wikipedia editors, I think it is important that we prevent companies from using the threat of legal action to dissuade neutral editors from adding referenced negative material to the articles on certain businesses and their products. ϢereSpielChequers 15:37, 20 November 2010 (UTC)

WereSpielChequers, I agree with this (and sympathise with your plight). I did say anonymity can help against harrassment. However, like public figures, ArbCom members may have to waive their privacy. Some of them have already revealed their real names, and they are not smith, but known real people with public profiles. I am not saying it isn't an issue, I am saying it is not as big an issue as it is discussed here. OTOH, if you want to preserve maximum level of anonymity, don't run for ArbCom. - BorisG (talk) 15:56, 20 November 2010 (UTC)

Hi Boris. I'm not running for Arbcom this year for a couple of reasons, one of which is that at the moment, and looking at what I will probably be doing in the next 24 months, I can't take on that extra commitment. Identifying myself to the office doesn't deter me because as I said I trust them not to tell the crazies who I am. I've attended two Wikimania conferences so there are already people in the foundation who've learned my real life identity. If Arbcom members had to publicly waive their privacy them I would be deterred from combining the two roles of Arb and active admin, but I can't see them doing that. But if the only purpose of asking for ID is to check that the individual in question is adult, then the Foundation doesn't need to retain the information any more than the doorman at a nightclub needs to keep a copy of the IDs he or she has checked.. FWI I would have thought it was sensible to do a little more with that information, otherwise we could wind up with a serial fraudster or worse getting onto Arbcom. I would like to have something in there along the lines of "Whilst everyone is welcome to edit wikipedia, please do not stand for Arbcom if there are things you have done in real life that would bring wikipedia into disrepute should it be known they were done by an Arbcom member". But if they only thing they will do with the info is check you are adult, then they shouldn't keep the information. ϢereSpielChequers 17:16, 20 November 2010 (UTC)

WereSpielChequers, I agree with all the points of your last comment, including the requirement to retain information. BTW when I said if you want to preserve..., I did not mean you personally, I meant it as a figure of speech. Cheers. - BorisG (talk) 17:27, 20 November 2010 (UTC)

I would imagine that they retain the data for as long as you hold any advanced permissions. Persons with CU or oversight have access to sensitive information about real people, and if someone were to maliciously misuse that access they should be held accountable. The privacy policy stipulates that in the event of a legal proceeding they would require a subpoena before they would release the information. To my knowledge this has never actually happened. If the requirement to identify oneself is what is keeping these tools from being seriously misused then that is a good thing. Beeblebrox (talk) 20:00, 20 November 2010 (UTC)

The requirement for ID is keeping a lot of good people back. Putting aside the legal side, we all teach our kids (or should teach our kids) that the internet is a nasty place and not make too much of ourselves freely available. Yet The Foundation expects us to send our personal details to a company the other side of the world (to many of us) for the priviledge of helping unpaid to run its project, a project which has entire websites dedictaed to outing and ridiculing its volunteers. That's before we even consider the more common and garden stalkers, perverts and lunatics. I would not give them my name in a month of Sundays, and I'm a big ugly bastard - I would even go so far as to say that in my opinion any woman who gives them her name is being more than naive. No doubt, that will put the cat amongst the feminist pidgeons, bit I do think it true - sorry in advance to them, but Wiki-women are at risk and they ought to be made very aware of it and so probably are the blokes better looking than me.  Giacomo  20:19, 20 November 2010 (UTC)

Giacomo, I did not respond earlier because I was awaiting a return email from WMF staff verifying the current identification process, which I just received (for the record, on a Saturday during the incredibly busy fundraising season). Those identifying need to send a photocopy or scan of a government-issued document that contains their name and date of birth; other information can be blanked out. If sent electronically, it goes to an email address to which only two WMF employees have access; if by fax or snail mail, we provide the name of the staff member to whose attention it should be sent. The documentation is briefly reviewed, the person's user name is added to the Identification noticeboard on Meta, and then the documentation is destroyed. There is no retention of the data. This process is unchanged since I became an arbitrator; however, the WMF staff responsible has changed. As the arbitrator who's been responsible for guiding new arbitrators and functionaries through the identification process for nearly 2 years, I've always confirmed the process and the responsible WMF staff in advance, so I think we can consider that step completed as part of the preparation for new arbitrators.

I do understand and share your concerns about the nastier side of the internet and the desire amongst some to publicly "out" editors; in fact, some time ago I wrote an essay about privacy and the limits to the protection of personal information that is offered by this project and by the WMF. I am certain that the efforts made to link my private and Wikipedia "identities" a while back were completely unrelated to any information that I provided to the WMF, and were undertaken strictly because I was a "prominent" administrator/Arbcom member. There were efforts to blackmail me, but I know that if one person can make the connection, so can other determined searchers, so there's hardly much point; I grant that the fact I'm a woman probably led certain unsavoury people to think I was more likely to capitulate, but they were mistaken. There is absolutely nothing that the WMF or any other party can do to prevent this from happening; a determined "stalker" is hardly operating within WMF or any other social rules. I certainly do sympathise with those who decide to maintain a lower profile on this or any other public website in order to reduce the risk of internet-based harassment. I don't believe, however, that identifying to the WMF changes their risk factors; it is the role they hold that requires the identification to the WMF that increases the likelihood of internet-based harassment. Risker (talk) 21:19, 20 November 2010 (UTC)

For what it's worth, I agree with Risker that the requirement of providing identification to the Office doesn't really compromise anyone's anonymity. There is no reason to believe that the Office would divulge such information, either intentionally or carelessly. It is true that if the Foundation received a valid subpoena, and it lacked grounds to quash the subpoena, it would have to turn over the arbitrator's identifying information. But in the absence of such information, it would probably have to turn over checkuser data on the arbitrator's edits, which would probably lead to an identification anyway.

As it happens, my personal opinion (which I think is contrary to that of a majority of my colleagues) is that the identification requirement isn't really necessary for either legal or policy reasons. But that is a different question, and in any event, not one that the committee has the ability to decide. Newyorkbrad (talk) 21:31, 20 November 2010 (UTC)

There is no reason to believe that the Office would divulge such information, either intentionally or carelessly Interesting. Precisely what are you basing that on? My read of your statement is that you made a number of assumptions - am I wrong? Ncmvocalist (talk) 21:45, 20 November 2010 (UTC)

Ncmvocalist, your statement implies that you do not find Newyorkbrad's statement credible. If you have evidence that there have been WMF-based breaches of the privacy policy, please state them now. Risker (talk) 22:18, 20 November 2010 (UTC)

Risker, it does? I personally read my statement as being interested by Newyorkbrad's statement and asking for more (source) information. I couldn't find the implication in my statement that you did...maybe it's just me though. I didn't realise this was the page where you wanted evidence of WMF-based breaches of privacy policy; why wasn't this announced on the noticeboard itself? Ncmvocalist (talk) 23:47, 20 November 2010 (UTC)

Brad's statement is extremely irresponsible. When assessing risks, one does not look for "evidence" that the even has happened. There is no evidence that my house will burn down this year, I still will not take the risk of leaving it uninsured.--Scott Mac 22:22, 20 November 2010 (UTC)

Scott, it seems widely agreed that every editor is responsible for his or her own actions. Your contention seems to be that people should be warned of their risks. I'd put to you that nobody other than the individual can assess their own risk when participating in any activity on Wikipedia. Part of that assessment would include reviewing historical information, and historically there is no evidence that the WMF has provided information from the ID process. There is no evidence that members of Arbcom are more likely than any other editor to be sued. Contrary to what you believe, this is actually the correct method for assessing risk: historical precedence outweighs fearmongering, and I suggest that it is your hand-waving that is more irresponsible in this case. I can entirely accept that your personal assessment of risk to you is too high for you to consider participating in certain Wikipedia-related activities; however, you seem to be berating people for failing to come to the same conclusion as you have. The greatest personal risk that Arbcom members have is that their informed opinions will be denigrated repeatedly and publicly by those who don't share them, and there is a 100% chance that it will happen. That risk factor has a lot more to do with people's decisions whether or not to run than the hypothetical risk of a lawsuit, for which not even you believe they should be indemnified. Risker (talk) 23:39, 20 November 2010 (UTC)

You are misstating what I've said. I am not berating anyone for coming to a different decision from me. I am quite annoyed with you and Brad for vague hand-waving and unfounded assurances in response to my concerns. It may be what I speak of is low-risk (indeed it is low-risk) and it may be that people chose to run those risks (as I do when I edit here). But it is ludicrous to suggest that those low risks are not increased when one involves oneself in areas where you are dealing with pissed-off people, and where you may be seen as agents of Wikipedia. Brad has said "but the WMF will only disclose on a valid subpoena - and that they'd question an invalid one. Maybe true, but (to my knowledge) that WMF has given no such assurance - and a plain reading of the privacy policy does not so limit them. You have said that the WMF destroys ID after a user identifies - but in fact the WMF has never (to my knowledge) publicly stated that. People are entitled to make their own risk assessment (indeed, it is quite reckless for them to do otherwise) - so, they need to have the information and be encouraged to asses it. By all means, point them to things that should reassure - but a lawyer saying "it won't happen" without any basis, and you suggesting that being called names on wiki is a greater worry, isn't exactly encouraging people to examine things. In fact, what you are doing is trying to shout me down for raising any concerns. Maybe we should set down the conceivable risks of taking on additional roles, and the assurances the WMF has (in fact) given so people can see them. Lots of things have historically never happened, that doesn't mean we should ignore the possibility that they might. As I say, if people decide the risk is low, and thy are willing to run it -then fine. I've made that some assessment regarding editing. When I assessed my role and risk on doing OTRS (and took legal advice) I came to a different conclusion.--Scott Mac 23:57, 20 November 2010 (UTC)

Scott, there was a well known incident a couple years ago where WP got a subpoena and ended up turning over some IP addresses. Mike Godwin discussed it on Village Pump here. It was pretty clear to me that the Foundation went to considerable lengths to protect editor addresses to the extent it could, and was interested in finding ways to provide even more protection. And as Charles Matthews said in the 2008 election, "we are not a Swiss bank".[3] Wikipedia has truly horrendous privacy problems that make stuff like arbitrator anonymity and subpoenas pale into insignificance. Also, you seem more worried about WMF disclosing arbitrator info in response to valid legal processes, than arbitrators themselves possibly disclosing editor and other private info (like arbcom-l traffic) in outright malice, with no accountability if their info was not available. It would not have occurred to me that ID requirement was just for age checking. I thought it was to back up a binding nondisclosure agreement about private info. If anything, WP's privacy problems are worse if there is not such an agreement in force. So So I think you are barking up the wrong tree. 69.111.192.233 (talk) 00:46, 21 November 2010 (UTC)

Brad, that the foundation won't easily divulge may or may not be true. There are certainly NO guarantees. If a subpoena is served, how much effort would the Foundation place into attempting to quash it? In any case, the clause that allows the Foundation to release identity "Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation" would allow it to release an identity to prevent just about any loss - including the inconvenience of legal process. The great fear is that since the Foundation enjoys an immunity that no user enjoys, that an angry litigant may well come after someone he sees as part of the problem, or failing to give redress - be that OTRS member or arbiter (both of whom have to deal with many angry people). The Foundation offers absolutely no indemnity - which means they can legally give the litigant your address and leave you to stew - even if you've done nothing, or simply made a good faith mistake. Now, it may be that such litigation will fail, but you are still going to have the costs, hassle and embarrassment of defending it - and the Foundation is under no obligation to help whatsoever. Now, I agree they might do the decent thing, but then again, do you want to risk that. The legal advice I got simply said "this is not a risk worth running. Why put yourself in the pathway of angry and disgruntled people, with no guarantee of personal support, and for no personal gain?". Anyone thinking of running for Arbcom needs to consider this. But there are no warnings given - just lots of wikilove.--Scott Mac 21:44, 20 November 2010 (UTC)

You are at just as great of risk of being sued as an ordinary editor as you are as an Arbcom member, Scott; every editor is responsible for their own actions under all circumstances. Sure I'd like to see better warnings about this fact, even adding that statement to the edit window if possible, but that basic fact does not change when one becomes an arbitrator. There is no indemnification of editors, and I can't imagine under what circumstances a blanket indemnification - or even a partial indemnification - could be provided to editors or even arbitrators. Risker (talk) 22:18, 20 November 2010 (UTC)

Untrue. Arbcom members (and OTRS ops) put themselves directly in contact with disgruntled people, and are seen by them as more responsible for Wikipedia - that greatly increases the risk of being cited in litigation.--Scott Mac 22:24, 20 November 2010 (UTC)

And exactly who should be indemnifying these fine volunteers, Scott Mac? Is that what all those donated funds should be going toward? I do not feel I am at any greater risk being an Arbcom member than I would be in editing certain BLPs; in fact, quite the opposite. Risker (talk) 22:42, 20 November 2010 (UTC)

I have never suggested it is possible to indemnify all volunteers. I have just suggested people need to understand they are running the risks of being perceived as agents, with none of the protection that agents enjoy.--Scott Mac 22:49, 20 November 2010 (UTC)

• Of course the elephant in the room in this whole conversation is that you would never be elected to arbcom in the first place even if you posted a copy of your passport right on your userpage. The other fallacy here is that getting the Foundation to give up your information would be at all easy. Anyone with the skills needed to steal the data could have gotten your information anyway. Beeblebrox (talk) 20:29, 20 November 2010 (UTC)

Beeblebrox, that is quite one of the most ignorant posts I have ever seem on Wikipedia. This is not about me, but all the other mugs being encouraged by Wikipedia to offer themselves up for slaughter, with no proper warning of what is involved. Even Risker, more or less admits the the information provided to candiatates could be better. Brads post we can dismiss. It is looking increasingly as though the attitude is "I have been outed so why shouldn't you be?" With not one jot being done to prevent it. This is why there are no candidiates of stature and why the Arbcom will next year consist of "proven adults" with the naivity of children.  Giacomo  23:54, 20 November 2010 (UTC)

• I would suggest that posting one's passport details on any WP page would be grounds to remove the privileges of any editor. Also, a couple of years back Giano did indeed run and got quite close to getting in - and with the secret ballot there might not be the stigma one or two might have felt in supporting him then (the opposers would oppose regardless). Be careful in tempting Signor Returned, Mr President(s?) LessHeard vanU (talk) 20:45, 20 November 2010 (UTC)

• What should be done is to hold the elections first, and any who survive that gauntlet would then be asked to surrender their ID's. I don't like the idea of giving personal informaton and then being defeated yet they still have my personal information. ←Baseball Bugs ^{What's up, Doc?} carrots→ 04:00, 21 November 2010 (UTC)

• I believe that's how it works in practice—the winning candidates are given an address to send their ID to, and don't get any of their Magic Powers switched on until they've done so. What would happen if one of the winning candidates refused to do so is open to question. – iridescent 09:09, 21 November 2010 (UTC)

That is pretty much how it is. When I was elected, last year, I took a copy of the requisite ID, and faxed it to the foundation, attention to the person who was verifying the information. During the post-election discussions, the formal granting of checkuser and oversight abilities (and the position of arbitrator) wasn't granted until we had identified. If someone refused to do so, I think they would have been dropped from the arbitrators list. SirFozzie (talk) 18:38, 21 November 2010 (UTC)

Some folks here seem to have forgotten that trust is a two way street. Functionaries are expected to be trusted with sensitive personal information about other users and members of the general public. In turn we trust the foundation not to misuse our personal information. If you can't make that deal then you will have to be content to edit without advanced permissions. Beeblebrox (talk) 23:39, 21 November 2010 (UTC)

I honestly considered seeking an Arbitrator hat, despite my questionable knowledge of Wikipedia policies. However, the ID requirement ended my quest. GoodDay (talk) 16:34, 22 November 2010 (UTC)

ID verification

Thanks Risker for the explanation of the verification process. Though I'm rather intrigued as to how one ensures that the proffered ID actually belongs to the individual who supplied it.... But I suppose the process has to have an element of trust somewhere. ϢereSpielChequers 23:13, 20 November 2010 (UTC)

That would be the other elephant in the room. I sent in a scan of my driver's license, but how does the foundation actually know it wasn't my brother, or some stranger whose wallet I stole, or a complete forgery? While I don't have a brother and I'm not a criminal, they don't know that. I almost posted about this before but I didn't want to open a can of WP:BEANS. Beeblebrox (talk) 23:54, 20 November 2010 (UTC)

There are several ways this could be done. Some of us will have work Email addresses that could be used, others might attend a meetup and perhaps identify to someone there. But to my mind the easiest way would be a scan of a photo ID followed by a skype video call to confirm that we look somewhat like the photoID. ϢereSpielChequers 00:42, 21 November 2010 (UTC)

There is a venerable profession of third party ID checking for this type of purpose among others. See notary. 69.111.192.233 (talk) 01:14, 21 November 2010 (UTC)

Yes good point, though that would doubtless cost money, so I'd prefer that the foundation use one of the methods I outlined earlier. The current method as outlined by Philippe is vulnerable to people sending a stolen or fake ID and I would suggest tightening it so that we have at least checked that the person looks like their ID. ϢereSpielChequers 17:22, 22 November 2010 (UTC)

Last time I got something notarized it cost about $10. That is really insigificant in the context of WMF's general operating expenditures, even if it has to be done dozens of times a year. 69.111.192.233 (talk) 23:58, 22 November 2010 (UTC)

Recent deletion of comments from this page

Can I ask that this conversation not be removed - it was moved here from ANI as a more approppriate location. Thanks - Black Kite (t) (c) 20:08, 19 November 2010 (UTC) I've been advised that this would be the appropriate venue to discuss the issue I raised here – namely, the repeated deletion of non-disruptive comments from this page without any clear reason. I wonder if anyone has any thoughts on this? ╟─TreasuryTag►consulate─╢ 20:02, 19 November 2010 (UTC)

What is this "passport" stuff about? Is that for real, or is Giacomo also just being funny? ←Baseball Bugs ^{What's up, Doc?} carrots→ 20:05, 19 November 2010 (UTC)

Yes, that's true—see here for the ins and outs of it. – iridescent 20:07, 19 November 2010 (UTC)

Black Kite confirms that some kind of ID is required, but not necessarily a passport, just a valid ID of some kind (I'm supposing a driver's license would do). ←Baseball Bugs ^{What's up, Doc?} carrots→ 20:13, 19 November 2010 (UTC)

Would I have deleted your comment? No. Would I have edit warred against multiple editors to reinstate a joke that adds absolutely nothing to the discussion? No. --Onorem♠Dil 20:09, 19 November 2010 (UTC)

^What they said. The comment itself wasn't trolling or any kind of problem, but the edit warring to reinstate it, and the fuss made about it probably was. AD 20:11, 19 November 2010 (UTC)

I could easily argue that the first one who deleted it is actually the cause of the "fuss". However, TT could have used the small template and telegraphed that he was being funny. ←Baseball Bugs ^{What's up, Doc?} carrots→ 20:15, 19 November 2010 (UTC)

He actually did link to joke - I don't know why it was such a big issue. AD 20:21, 19 November 2010 (UTC)

I had thought the purpose of the ID was to have an enforceable nondisclosure agreement for users with access to private info, not just age checking. Re Treasury Tag: the removed comment wasn't quite disruptive, but it was irrelevant clutter, and getting worked up about the removal (whether there are multiple reverts or not) is unhelpful. Best to just let it go. 69.111.192.233 (talk) 20:59, 19 November 2010 (UTC)

I remain unaware of any policy mandating the deletion of "irrelevant clutter" – the wiki is full of it. ╟─TreasuryTag►presiding officer─╢ 22:28, 19 November 2010 (UTC)

And I remain unaware of any policy mandating policy justifications for every sensible edit. Skomorokh 22:33, 19 November 2010 (UTC)

Nobody said deletion was mandated. It happened anyway. Is it then worth starting a pissing match over the perceived slight? No. Nothing important was removed from the page, so shrugging it off as yet another of Wikipedia's million little annoyances is better for your and everyone else's editing sanity. 69.111.192.233 (talk) 22:56, 19 November 2010 (UTC)

The one who deleted it is the one started the match. Speaking of annoyances, what ID(s) were you editing under during your long gap between 19 Sep 2008 and 15 Nov 2010? ←Baseball Bugs ^{What's up, Doc?} carrots→ 01:18, 20 November 2010 (UTC)

The Knight Rider edits from 2008 in my contrib list were by someone else who got assigned this dynamic address back then. I think Knight Rider is a TV show but I've never watched it or edited its article. 69.111.192.233 (talk) 04:29, 20 November 2010 (UTC)

Roger. ←Baseball Bugs ^{What's up, Doc?} carrots→ 09:31, 20 November 2010 (UTC)

Beeblebrox, whether one particular individual can or cannot get elected is completely irrelevant. Someone above suggested that this requirement (to present ID) keeps many good people from nominating themselves. It wasn't even clear to me who you meant in particular. This thread is about the subject of whether ID info given to WMF increases the risks. Risker, Brad and others have explained that, in their view, it does not (and they do have experience). There is no doubt in my mind that being on ArbCom increases the risks for an editor; however this comes with the role, not with ID info. BorisG (talk) 05:02, 21 November 2010 (UTC)

Giano was willing to run for arbcom a couple years ago when the same requirement was there. He got some traction as a candidate at the time, but seems to have worn out (some of) his former supporters since then. Now he seems to be using this ID thing as a pretext to fling poo towards arbcom and WP processes at any opportunity. Non-advice to prospective candidates worried about ID: if a litigant (or government agency etc.) is willing to use sufficiently invasive processes to identify you, they will be able to do so whether the WMF knows who you are or not. That for example is why checkuser data is private, even though it doesn't have your name on it. 69.111.192.233 (talk) 06:14, 21 November 2010 (UTC)

No, the same requirement was not there when I was a candidiate.  Giacomo  22:52, 21 November 2010 (UTC)

Giano is correct on that; If I recall correctly, the ID requirement was introduced in response to an incident in 2009 where an Arbcom member turned out to (ahem) not be telling the whole truth about their identity. – iridescent 23:00, 21 November 2010 (UTC)

and how time flies; it was three years ago [4].  Giacomo  23:01, 21 November 2010 (UTC)

The identification requirements was introduced for checkusers and oversighters in 2007; it was expanded to include arbitrators as well (even if they did not request checkuser or oversighter) a couple of years after that. Newyorkbrad (talk) 23:21, 21 November 2010 (UTC)

Hey Giano, I guess if it is just to show you are of age, I guess you could take a photo of your hands with a sign saying, "these are Giano's hands" - do you reckon your hands could be mistaken for someone under the age of 18? Casliber (talk · contribs) 23:02, 21 November 2010 (UTC)

Well, if I did, they would not be by the same photographer who is currently making our dear leader look like the waxwork found in Lennin's mausoleum. I wish something could be done about those dreadful photographs everytime I attempt to log in, up they pop; each one making him look more demonic than the last. Atrocious portraits and how much did they cost one wonders?  Giacomo  23:10, 21 November 2010 (UTC)

(sound of 10-foot (3-metre) pole between me and previous post) I should have thought of this in the pub with iridescent (who braved a trek across a tube-less London), and taken a photo of our hands drinking glasses of beer. I miss English pub beer now I am back in Oz...Casliber (talk · contribs) 23:14, 21 November 2010 (UTC)

In fairness the traditional English pub beer is cheap fizzy Aussie lager. – iridescent 23:18, 21 November 2010 (UTC)

FWIW, how many Abitrator candidates are there currently? GoodDay (talk) 23:56, 21 November 2010 (UTC)

Statement regarding identification to WMF

Announcement

Is there a statement somewhere? This link seems to be taking me in circles.  Giacomo  08:42, 22 November 2010 (UTC)

Try now. EdChem (talk) 08:44, 22 November 2010 (UTC)

Ah, yes very good, it works now. I've read it. Remind me someone - what was the name of that "trustworthy" woman, they employed a year or so back for this sort of thing? Can't remember the details, but was she not found to have been deeply "unsuitable" despite numerous background checks? Nope. they are not having my name. There is no need at all for Arbs to identify. Checkusers yes/possibly (allthough, I have some ideas there), Arbs no.  Giacomo  08:47, 22 November 2010 (UTC)

Considering the Arbs need to review Checkuser data as part of their jobs (doubly so if we are on the AUSC, it follows on naturally. SirFozzie (talk) 08:52, 22 November 2010 (UTC)

Giano, how do you respond to the point which NYB has made, namely that any circumstance in which the WMF was required to reveal arb identification they would equally be required to hand over checkuser data, which will be sufficient to identify you anyway? EdChem (talk) 09:00, 22 November 2010 (UTC)

Regarding Fozzie's point, you do not need to ID to be told that A is B and vice versa and what difference does it make anyway. Probably half the ID's submitted belong to someone's neighbour's cousin. To EdChem: I'm not that sure my IP number could identify me - it may tell you that I have over the last year edited from England, Italy, the USA, and a a couple of other countries, but no much more than that. I know I am correct on this because I asked the question of a CU last year and the year previously when I David Gerard abused his CU rights and checkusered me (as he has dome at least twice). I was promised and assured that he could not know my true ID - were the CUs which I asked lying? The only people able to place my IP are my providers (and I do wonder about that as it changes every day) and they are unlikely to reveal it to someone called Bugs Bunny who is upset because I told him where to shove his carrot.  Giacomo  09:28, 22 November 2010 (UTC)

As you say, once you have the IP address, you can get the name and address of the person that used it from the service provider. The difficulty of doing this varies considerably between service providers and jurisdictions and the nature of the grounds for disclosure.  Roger ^talk 09:41, 22 November 2010 (UTC)

Just to clarify, once you have the IP address, you may be able to get the name and address of the account holder, ie. the information the ISP holds about that address - which may include the details of the library, youth club, or asylum the computer is in, the open wireless network, or those of your mum, dad, husband, wife, partner, flatmate, previous flatmate, previous resident, or simply the name you gave at the time you opened the account. There's a few holes. Privatemusings (talk) 23:40, 22 November 2010 (UTC)

On what basis do you say that? Do you have evidence that ISPs regularly hand out everything they have about a customer to anyone who asks? On what basis do you think that ISPs would hand over a customer's full record without due legal process? Is that common in your country? It would be highly illegal here. Heck, our police have a hard enough time getting information with a search warrant in hand. Risker (talk) 23:51, 22 November 2010 (UTC)

I think we're agreeing, Risk :-) - my point is that assuming all legal hurdles are hopped over, the information available from a service provider may well be rather limited in usefulness. OTOH, the WMF may hold a copy of a passport. The elephant in the room here is that WMF don't currently, to my knowledge, make it crystal clear under what circumstances they would feel compelled to share that information. As such, the risk remains that the WMF may offer significantly less privacy protection than a service provider. That's the heart of Giano's point, I feel, and he's correct in my view. I would suggest someone ask the WMF counsel... but we remain without, I believe.... hmmmmmm.... Privatemusings (talk) 23:58, 22 November 2010 (UTC)

Giano, consider the Mantanmoreland case, where inconclusive CheckUser data was one of the the factors that went into the Committee's decision. No. Checkuser does not give the WMF the name of the person who owns the account or who is logged in. In that case the chain of command would be that the person attempting to sue you would subopena the WMF and say "Give me the IP Information you have for "User:X". Then, they take that information, and go to your internet service provider and say "Turn over the information of the account who was logged into "This" IP at "This" time. ISP's have done so frequently in the past (for example, to prosecute people for file-sharing) SirFozzie (talk) 09:38, 22 November 2010 (UTC)

You are missing the point. What difference does IDing make? Does someone suddenly become uber sensible because he has "claimed" to The Foundation that his name is Fred Smith rather than FSmith? Just because most of you have been "outed" it is very unfair of you to want all others to be in the same situtaion. While being a senior Wikipedian may make you objects of desire in the USA, elsewhere in certain situations and careers it does not. Giacomo  09:44, 22 November 2010 (UTC)

Please don't put the identification requirement in terms of what I, at least, "want." I've said several times that if it were up to me I would forget the whole thing. Newyorkbrad (talk) 11:23, 22 November 2010 (UTC)

• I'm glad to hear that Brad. It just seems to me to be very silly; people keep asking why no one (of any stature) is volunteering, and then, when told, keeping arguing. If they don't like the answer and are not prepard to do anything about it - tough! There is little I can do to alter that. I've half a mind to stand, but I have no intention of ID-ing and cannot be bothered to take al the ensuing, drama and flak that would follow from the peanut gallery - so Wikipedia will just have to continue with the Arbcom it deserves.  Giacomo  13:19, 22 November 2010 (UTC)

Giano - aside from yourself, do you have diffs that show editors ("of any stature") who have declined to stand because of the ID requirement? (Define "of any stature" however you like, as it is your own wording.) I don't know if you're correct or not - in fact I rather do think there are some who agree - but I also think quite a number of fine editors simply don't have the time and energy for the drama, quite apart from any ID requirement.  Frank  |  talk  13:31, 22 November 2010 (UTC)

It is not for me to name names; I only know what others tell me on and off the site.  Giacomo  13:46, 22 November 2010 (UTC)

Oh for heaven's sake, Giano. The vast majority of people who have been "outed" in relation to Wikipedia are not arbitrators, they're ordinary editors and administrators who just happen to have irritated people who get a kick out of outing people. It's absurd to connect outing with identifying to the WMF, as the vast majority of people who have been outed were not identified to the WMF. It's the requirement of the WMF Board, not even the WMF staff, that the identification be made. Perhaps if you want to change the identification requirement, you should run for the Board of Trustees next year; running for Arbcom isn't going to change this requirement, and is one of the very, very few requirements for any editor to be an Arbcom candidate. Risker (talk) 13:36, 22 November 2010 (UTC)

Oh for heaven's sake, Risker, just because you have been outed does not mean the rest of us have to be. Nobody is directly connecting with The Foundation outing; one is just saying it is sensible to eliminate unecessary risk, and The Foundation is one such risk. It hardly has a history of employing and empowering the responsible - does it?  Giacomo  13:46, 22 November 2010 (UTC)

• May I try to add some light to all this. Giano, if you are concerned about lawsuits, I am quite sure your identity can be discovered by a well-funded litigant. They can get your IP, and they can get your access logs from the ISP, and they can find out who's paying for the Internet service, or who was staying in the relevant hotel room, or assigned to the relevant office. I am not sure about the current state of play in Europe, but I'm pretty sure about it in the United States. I've personally been involved in some such investigations and lawsuits as an expert witness. If a client hired me to ID an Internet user, and we had backing from the court, we would surely identify them. A pseudonym only provides the illusion of anonymity. If worried about lawsuits, you need to buy insurance, which is not that expensive. A few hundred dollars per year puts up a pretty thick wall for any malicious litigants to dash their heads against.
• Crazy stalkers are a different matter. Those worried about such people can use a pseudonym, but even this can be broken by some sort of social engineering (con game). If an editor makes enough edits, they may eventually give away bits and pieces of their identity. I very much doubt WMF would ever do anything to facilitate such leaks. As far as being a security risk, WMF is several orders of magnitude less than other risks every editor is already running. Jehochman ^Talk 15:55, 22 November 2010 (UTC)

• I am quite aware that the well funded can have anything they like in life, but at least if they found me, I would know from where they obtained the information - my provider. That is the important thing, my provder and I (just like all other internet users) have a contract, and as I pay them every month, and they have to maintain an important reputation for confidentiality; it is inlikely without charges of a gross magnitude they would divulge my details and even if they did, they are no photographs. However, emailing personal details to some small company in USA with whom I have no legal contract and which owes me nothing; a company which in the past has seen a staff member round (make public confidential matters) on his employer/CE (If that's what Jimbo can be called),another fired for having a criminal record and another for being an imposter makes me more than wary. I am happy to beleive the present staff are trustworthy, but my choice is not to put it to the test.  Giacomo  16:52, 22 November 2010 (UTC)

• Right, because none of those things could (or did) happen to the presumably much larger staff of your provider, who are under considerably less scrutiny than a public non-profit. Please do not attempt to camouflage your personal dislike of Jimmy or the foundation staff into a rational risk assessment; you are under considerably more risk from your provider currently than you would be by showing a piece of ID to someone at the foundation, and I have a hard time believing that you are not very well aware of that. — Coren ^(talk) 17:10, 22 November 2010 (UTC)

• What you have a hard time believing is neither here nor there or of any interest to anyone. If you, like Shell Kinney, have to resort to constant personal attack, perhaps you should not be an Arb. People keep asking why so few of the reputable editors want to volunteer and when the likes of you don't like the answer, you become angry and frankly, quite stupid in your responses. I have not said the present staff are utrustworthy, I have not said I don't like them (I don't know them) I merely point out that sending one's private details to complete strangers on the internet is unwise.  Giacomo  17:15, 22 November 2010 (UTC)

(od)I'm curious about the ID requirement too. From what I've seen of arbcom cases, it doesn't seem particularly helpful. (I seem to recall a brouhaha that lead to the id requirement but can't remember what it was.) I do think that Giano has a point though, about this requirement being a step that many editors would be unwilling to take, perhaps because of the possibility of information leaks. Though, IMO, the concern is less about lawsuits and more about the potential for misuse (perhaps by POV groups or groups with special interests). Without some clarity as to who has the information and how it is kept safe, I, personally, would not be willing to divulge my identity. (Not that I intend throwing in my hat - I don't consider myself as 'of stature' and definitely enjoy the quiet, uncomplicated life!) --RegentsPark (talk)

Further to RegentsPark's comments, I can remember one former UK Arb being threatend with attacks frm animal rights activists, at at time in the UK when they were digging up people's dead relations. Coren really has not a clue what he is talking about.  Giacomo  17:24, 22 November 2010 (UTC)

(edit conflict) People keep alluding to 'the incident' last year that prompted this identification requirement; for the benefit of those who weren't around at the time or not paying attention, this is what it was. Since not only is it still visible and undeleted on Wikipedia, but got Wikipedia dragged across the British newspapers, there doesn't seem to be any particular point in being coy about it. – iridescent 17:26, 22 November 2010 (UTC)

I don't know why it is still visible and undeleted since the individual concerned asked at the time for courtesy blanking. Sam Blacketer (talk) 12:44, 23 November 2010 (UTC)

Accountability and responsibility for one's actions. Cla68 (talk) 13:00, 23 November 2010 (UTC)

Re to RegentsPark, what did you find unclear about the statement at the top of this section? I was surprised that the foundation were handling things this way and in particular that all they are doing is checking someone is of legal age. But if the information isn't kept, merely the fact that it was checked, then the issue of how safely it is kept is almsot academic. ϢereSpielChequers 17:30, 22 November 2010 (UTC)

Well, I guess it would have been helpful to have seen that link above :) My apologies. The procedure appears adequate. A POV warrior would have to create a long standing mole to subvert that process. --RegentsPark (talk) 18:58, 22 November 2010 (UTC)

(edit conflict, to Iridescent) Well, that is one of the things (not the only thing) that may have prompted requiring all arbitrators to identify. (SB had avoided having to identify by never asking for checkuser or oversight.) However, there's a mismatch between this impetus for the requirement and how the requirement is actually implemented, since misuse of prior accounts is not actually something that the Office checks for when they receive the identification. And in event event, it could only be detected by identification even in theory when the prior account name was the user's real name. Newyorkbrad (talk) 17:33, 22 November 2010 (UTC)

Well I am bowing out of this now as I'm not standing, I have no wish to be "outed" and I'm sick of being attacked by ignorant thugs like Coren who misuse their Arb position to attack and ridicule when they feel threatened which seems to be all too often. I have raised this issue because I think all those standing should be aware of potential risks. I hope they are.  Giacomo  17:45, 22 November 2010 (UTC)

Yes, I note you skillfully misconstrued my comment on relative risk as an attack (and took the opportunity, as usual, to make a swipe at me yourself), but deftly evaded the substantive matter. — Coren ^(talk) 19:08, 22 November 2010 (UTC)

Oh make your mind up Coren and read what's written. It now seems it's nothing to do with age, but real identity. You need to decide, exactly why you want this information. Would an American foundation employee taking a quick look "yep, he looks and has a DOB over 18 - now I destroy the email" have spotted an obscure local London politician and remembered it ages later? The question is ridiculous. If that's why its wanted there is no way it is destroyed after a cursory glance. Make your mind up which song you are singing Coren. As per usual, I have you lying lot tied up in string and you can't decide which way to jump and which story to tell.  Giacomo  19:12, 22 November 2010 (UTC)

No, they would not. I'm not entirely sure where the meme that this particular incident would have been averted with identification came from — most certainly not from me. There is perhaps an expectation that someone who is up to no good would be less willing to provide it? I've never said anything other than this ID is required because of the access to private data, and that is base strictly on age. (Well, more strictly, it's based on majority, but clearly age is the way to demonstrate that). — Coren ^(talk) 19:45, 22 November 2010 (UTC)

• Coren, it is quite aparent that you don't have a clue what you are talking about. Best be quite and let others sort this out.  Giacomo  21:44, 22 November 2010 (UTC)

As one of the people stating concerns about this, I'd like to thank the WMF for this statement. Principally, it clears up the issue of why the ID is required. It is required solely to check age, and not in order to be able to hold the individual to personal account. This doesn't necessarily mean that I personally would be willing to "identify" (is that the right word for verifying ages?), but it gives exactly the type of information that people require when making the assessment of whether they are willing to do so. The WMF have now officially indicated that they don't hold this data on file, and that (even if you identify) a litigant would require to get checkuser data from the WMF, but would only be able to get your identity from your ISP - not fromthe WMF. Thanks to those who requested, and gave, this important clarification. I still have some concerns personally, but I don't have any more questions.--Scott Mac 19:19, 22 November 2010 (UTC)

• May I suggest a compromise? If an editor does not trust WMF, it should be more than sufficient for them to provide identification to any reputable law firm, and for that law firm to give WMF a letter stating that they have reviewed the identification papers and confirm the editor is of legal age in their jurisdiction. There is no need for any WMF employee to see any private papers. Lawyers are under a higher legal obligation than any WMF employee, and have better ability to resist attempts at privacy violation. Jehochman ^Talk 19:54, 22 November 2010 (UTC)

This has potential, but still needs some work. IANAL, but I would guess that the initial temptation of the lawyer would be to write, "Jane Doe presented herself to me and provided adequate identification to confirm she is of legal age." However, when Jane notes that the letter should not contain her name, there will be some question about how to write it. "Some person claimed she was of legal age, and I can confirm it" just doesn't cut it. Presumably, the lawyer needs to provide a linkage between the person and the user name, but we should explain how that should be done. "Some person presented identification, and then, in my presence, logged into the WP site as user:XYZ". Would that work?--SPhilbrickT 20:06, 22 November 2010 (UTC)

The English Wikipedia is not exempt from WMF policy, and it doesn't get to make up its own rules with respect to policies that apply to all projects. Take it up with the WMF Board of Trustees if you feel this is a critical issue, it is their resolution that dictates the terms here, not English Wikipedia. There is no compromise to be made without the Board's approval. Note that this isn't a policy coming from WMF staff, it is one approved by the WMF Board of Trustees, and it applies to every WMF project, not just English Wikipedia. Risker (talk) 20:11, 22 November 2010 (UTC)

I have emailed the relevant people already, and I think productive suggestions should be open for discussion. @Risker, please don't attempt to derail the discussion. @SPhilbrick, the lawyer can write "A person claiming to be editor Jehochman appeared before me and presented ID confirming that they are over 18 years of age and are a resident of the State of Connecticut." Should some horrible crime every be committed by this editor, WMF could ask The Law to contact the lawyer and discover the real life identity of Jehochman. Meanwhile, Jehochman is protected somewhat from any perceived risk of malfeasance or incompetence by WMF staff. Identity escrow provides value to both WMF and the editor. Jehochman ^Talk 20:17, 22 November 2010 (UTC)

Umm, Jehochman, I think it is *you* who is derailing the discussion. This is a WMF Board policy. Why do you think that English Wikipedia should be exempted from it? Risker (talk) 20:24, 22 November 2010 (UTC)

To be perfectly clear, there's an election on, and some new people would announce candidacies, I think, if ArbCom said they would take up this proposal with WMF as a possible resolution for those who are apprehensive about revealing their identities to WMF staff. Jehochman ^Talk 20:28, 22 November 2010 (UTC)

I think the English Wikipedia should tell the Board that the policy could be improved. Good ideas should be welcomed, not stifled. And please stop putting words in my mouth. It's the height of rudeness. Jehochman ^Talk 20:28, 22 November 2010 (UTC)

You're welcome to make those suggestions, Jehochman, but the place is somewhere other than this noticeboard. I suggest the talk page of the privacy policy at Meta, where you can discuss it with the broad range of Wikimedians who will be affected by your proposals. I've not put any words in your mouth, I have asked you a question. Risker (talk) 20:33, 22 November 2010 (UTC)

(2 x ec) My memory after the last kerfuffle is that people wanted ArbCom members to have identified themselves to the Foundation, not simply shown that they were over 18, because people wanted to be assured that at least someone knew who was being elected.

Showing ID to a lawyer would actually be more secure than faxing a copy to the Foundation, because copies can easily be changed. But the names have to be given to the Foundation too, and I'm actually a bit concerned to learn that they're not being retained. If an issue arises, how will the Foundation staffer remember all the names? My recollection is that the names were indeed being retained; I remember fairly recent discussions about how they were held in a filing cabinet only certain people had access to (or something like that). So when was this policy of destroying them introduced? SlimVirgin ^{talk|contribs} 20:37, 22 November 2010 (UTC)

Just to correct my recollection, I now see that I was told in 2009 that names weren't being retained; the significance of it just didn't register with me. It actually means that people being elected to ArbCom, CU, and oversight, aren't really identifying themselves, given that the two Foundation staffers being given the details may not remember them if problems arise. SlimVirgin ^{talk|contribs} 20:49, 22 November 2010 (UTC)

The last kerfuffle had little to do with identifying with the WMF and almost everything to do with an individual's decision not to disclose prior accounts. Even if the WMF had known his identity, and retained any documentation of it, that would not have flagged the issue of prior accounts or changed the outcome in any way. In fact, the Arbitration Committee members seated in January 2009 uniformly identified in accord with WMF policy, as did those seated in January 2010, enforcing the WMF policy because we receive and handle private information. Let's not conflate things here. Again, I suggest that if you do not agree with the manner in which the WMF Board policy is being applied, you take it up with the WMF Board. Personally, I'm pretty careful about checking retention policies for any private information I submit, and I am well aware that at the time I was submitting my data the WMF did not have the infrastructure to securely store that information. Whether they do now is another question. Risker (talk) 20:54, 22 November 2010 (UTC)

There are two separate issues. The first is the minimum due diligence required by the Foundation to determine that someone is over 18. Personally I don't see accepting faxed ID as sufficient, given how easy it would be to change a date of birth on a photocopy, but that's up to them.

The second issue, which I see as more important, is that the community expressed the view that ArbCom members should be known by their real names to someone in a position of responsibility. You're right that giving real names can't avoid all problems (Poetlister, for example, identified himself to the Foundation when he was given CU on another wiki with another account name), but the idea is that being required to hand over a real name might give the nominee pause for thought, in case they're up to no good.

But if the ID is not being retained by anyone, it makes the identification almost pointless, because staffers can't be expected to remember all the details. And if an issue ever arose of misrepresentation, where an ArbCom member is believed to be X, but turns out to be Y, no one will be able to prove he said he was X in the first place. So it raises the question of why we are bothering with ID. SlimVirgin ^{talk|contribs} 21:05, 22 November 2010 (UTC)

The issue here has always been lack of clarity, meaning that those identifying had little idea what there data is being used for. People do need to know why they are identifying, and what use or retention will apply to the data before they do so. It seems that the use is age-checking and the retention is none. Sarah, I can see where you are coming from, but it seems that there is no intention to "identify" anyone (another WMF misnomer), merely to age check. The point seems to be not the hope that some employee will remember, but the deliberate intention to forget. I think, on balance, that's welcome - but it does mean that individual functionaries are not really accountable in real life to the WMF for their use of data given to them. I'm not sure that the "is who he says he is" would apply here. If Essjay had disclosed to the Foundation that his real name was Ryan and he was 22, would the Foundation have disclosed that he'd misrepresented himself on Wiki? If I'm really a 60-year-old man called Fred from Manchester, and the 20 year-old single Essex-babe female who just got herself elected to arbcom, would identifying to the Foundation be of any use? The only that would work would be if the Foundation, having received identity, confirmed the traits claimed on-wiki. Again, I think the whole mess here is lack of clarity in what the process is (now clarified) and what the point is.--Scott Mac 21:24, 22 November 2010 (UTC)

I think from the community's perspective, the point of identifying yourself is so you can't claim to have two PhDs if your ID says you're only 22, and so ID stops the nominee either from making the false claim, or from standing for election. But if ID is (a) not being handled by someone very familiar with the English Wikipedia and its issues (and who is claiming what about themselves), and (b) is not being retained, then it's almost pointless. So again we have a situation where the community asked for something, was told it was getting it, but then we find out it's yes sort of, but not really. SlimVirgin ^{talk|contribs} 21:47, 22 November 2010 (UTC)

That makes sense. We don't want a Arbitrator who claims he's got a bunch of University degrees, only to find out later, it was a bunch of baloney. GoodDay (talk) 21:50, 22 November 2010 (UTC)

@SlimVirgin, I am not sure that the community ever asked for that. Indeed, until the clarification was given, I was not sure what the purpose of identification was, and for whose benefit. I was never under the impression it had anything whatsoever to do with the community.--Scott Mac 21:56, 22 November 2010 (UTC)

SlimVirgin, I'm not sure on what basis you came to the conclusion that what you've described is what was being done. The privacy policy and the Board resolution linked above don't say anything that you're implying. They specifically say that to have access to certain information, one must provide proof of identity and that one is over the age of 18 and of the age of majority. That's all the policy says. It doesn't say "we're going to verify everything you ever said about yourself" or "we're going to check that you don't have undisclosed alternate accounts" or "we're going to keep this information on file ad infinitum". The policies have been in place since 2007, and have been revamped since then, with widespread commentary from the broad wikimedian community. I certainly didn't consider putting myself in a position to be submitting my private data until I knew exactly what would be required and what would be done with it. Risker (talk) 21:59, 22 November 2010 (UTC)

(ec) I'd hate to have to look for the diffs, but after one of the incidents where someone turned out not to be what he said he was, there was community discussion about the need for ArbCom members to identify themselves, so that their names were known, and not only to check that they were over 18. SlimVirgin ^{talk|contribs} 22:01, 22 November 2010 (UTC)

There may have been some discussion, but I can see no such undertaking being given by the WMF - so I don't think you can blame them for not delivering what you wanted them to. In any case, were they to comment that the person identifying is 21 and too young to have the three PhDs claimed, they'd be in breach of their own disclosure policy.--Scott Mac 22:05, 22 November 2010 (UTC)

Well, it wouldn't do much good to have WMF as the intermediary there, it would have to come to the community, because decisions on who is on Arbcom are strictly within the scope of the project and not within the scope of the WMF. Further, if the information was provided to the WMF in confidence, they would not be permitted to share it with the community. The 22 year old with the PhDs would still not be known to the community if the information was solely provided to the WMF. So...essentially, what you are proposing is that all arbitrators must publicly link themselves to their real-world identities. Now, I don't think that is a completely off-the-wall proposal - you certainly wouldn't be the first to make it - but it has nothing to do with the purpose of providing proof of identity and age to the WMF due to access to private information. Risker (talk) 22:08, 22 November 2010 (UTC)

They would be allowed to share it if someone were committing a fraud. SlimVirgin ^{talk|contribs} 22:13, 22 November 2010 (UTC)

If someone is "committing fraud", that gives the WMF reason to not provide them access to privacy-related material. Absent agreement of the person submitting the information, it does not give them permission to share the data. That also supposes that WMF staff would be responsible for knowing all the factors of someone's Wikipedia persona, both current and historical. Risker (talk) 22:28, 22 November 2010 (UTC)

The privacy policy gives people the right to release personal information "[w]hen necessary for investigation of abuse complaints," and "[w]here it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public." Where someone has been elected to ArbCom on the basis of his contributions to physics articles in his capacity as a nuclear physicist, but it turns out that he's the owner of a pizza parlour and all his edits are suspect, a strong case could be made for releasing information about him to the community, at least enough to clear up the discrepancy. SlimVirgin ^{talk|contribs} 22:35, 22 November 2010 (UTC)

And why would the WMF know on what basis people are elected to the Arbitration Committee? Particularly given the fact that, at the community's decision, voting is via SecurePoll, they have no basis on which to judge this. The WMF of 2010 is not the WMF of 2007, and the English Wikipedia community itself has undergone some pretty significant change. Some of it is for the better, but it's pretty clear from the messages I have received in recent days that the degree of suspicion cast upon arbitrators, Arbcom candidates, and even WMF staff is playing a significant role in keeping more good candidates from putting their name forward. Risker (talk) 22:50, 22 November 2010 (UTC)

It's not a question of suspicion, just professionalism and good governance, which I've seen you argue for elsewhere. AGF has to have its limits. People were recently astonished that plagiarism could get on the front page. But we have an FA system where the source-text relationship is rarely checked, and where nominees aren't even required to have the offline sources to hand during the FAC process so reviewers can ask questions about them (and attempts to require it have been roundly rejected). So the system allows plagiarism to appear, which means we can't reasonably be surprised when it happens.

Similarly, people are always up in arms when an ArbCom member turns out not to be quite what they said, even though the system clearly lends itself to it. So all I'm doing here is arguing for a bit of extra professionalism, not much. Just that, if we're going to require IDs, let's at least spend some money on a secure system for retaining them. Or let's not bother. But the halfway house isn't necessarily better than not checking at all. SlimVirgin ^{talk|contribs} 23:06, 22 November 2010 (UTC)

Well, based on this thread alone, there's certainly no consensus for your position. Giano up there is arguing that any identification is an unnecessary intrusion, Scott Mac is saying he's fine with it, Jehochman wants people to have the option to to go pay a lawyer a few hundred quid to confirm that they are who they say they are if they do not want to identify to the WMF, you want the WMF to take responsibility for not just accepting identification information but verifying that people are exactly who they say they are both on- and off-wiki. And that's before we even involve the rest of the Wikimedia community, who would be affected by any change, or the WMF Board of Trustees who would need to reconsider the policy and pay for the program. Risker (talk) 23:13, 22 November 2010 (UTC) Modified after Jehochman indicated that he felt I was misstating his position. Risker (talk) 00:11, 23 November 2010 (UTC)

I do see some consensus. Several of us seem to be arguing that taking ID is undesirable (e.g. Giano), or that taking it is pointless because the Foundation cares only about age (Jehochman), or that taking it is good, but we're not doing it properly, so we probably shouldn't bother with the current system (e.g. me). SlimVirgin ^{talk|contribs} 23:17, 22 November 2010 (UTC)

That's a very strange interpretation of consensus. Am I reading you right, that you've interpreted this to say "we all think what's being done is a bad idea so we should stop doing it?" I suppose that there's consensus amongst the three of you on that. But since you are widely divergent on next steps, (stop doing it, do it in a way that disenfranchises people financially, do it in a way that puts a person's entire life on the line for the pleasure of banning badly behaved users on a website), I don't think you're really all that close. Risker (talk) 23:25, 22 November 2010 (UTC)

How would anyone be disenfranchised by Jehochman's suggestion? It would be an option not a requirement, and it's a great deal more secure showing real ID to a lawyer, than a faxed photocopy to a Foundation staffer who won't remember it. SlimVirgin ^{talk|contribs} 23:27, 22 November 2010 (UTC)

(ec) The current election criteria include that ArbCom members must be "be willing and able to identify to the Wikimedia Foundation before taking their seat." There is a footnote next to that requirement, which leads to the Foundation policy. This says: "Any volunteer who is chosen by any community process to be granted access rights to restricted data shall not be granted that access until that volunteer has satisfactorily identified himself or herself to the Foundation, which may include proof that such user is at least 18 ..." (my bold).

There is nothing here to suggest that the age is the only concern, and nothing to suggest that the data is not retained in any way. So I would say we are misleading the community into believing that IDs are given, minimally checked, and retained, which is what I would say "identify himself" means in ordinary English. SlimVirgin ^{talk|contribs} 22:10, 22 November 2010 (UTC)

What would make you say that? A while back I went to a concert in Atlanta, and I had to identify. That constituted showing my passport to an officer for 10 seconds. When picking up tickets for a play, I have to identify. They forget who I am as soon as I walk away from the box office. When I get on a flight, I have my passport checked half a dozen times, am screened at least twice, and there are probably miles of security video that shows my face. Those are all ways to identify. The community has never been misled. Some members of the community have chosen to interpret things their own way without verifying that their interpretation is correct. Risker (talk) 22:17, 22 November 2010 (UTC)

Your name is retained in all these examples, particularly where you're buying tickets for a play or flying. But where you're dealing with elected representatives, and the community electing them has asked for ID, I'd be surprised if people realized the IDs were faxed to two employees who immediately destroyed them, so that, in the event of a problem arising, the name of the representative is no longer available, and probably won't even be remembered. There's unlikely to be any other election anywhere in the world for any position of responsibility that is run that way. SlimVirgin ^{talk|contribs} 22:40, 22 November 2010 (UTC)

Actually, only in the case of the flight is my name retained. The tickets are usually purchased with someone else's card, and box office instructions phoned in at the last minute because "someone else" is notoriously late. :-) And seriously...I think you're placing a lot more importance on the role than is appropriate. There is a saying about "the smaller the stakes, the meaner the spirit", and I think it might possibly apply here. We have absolutely no fiscal control, and the biggest restriction that we can apply is banning someone from a website. If you'd like to put forward a proposal that private information about those who identify to the WMF be retained by the WMF, please head over to Meta to make that proposal and discuss it with the Wikimedian community; your proposal affects all of them as much as it affects the users on this project. The WMF Board and staff have to deal with all of the communities, not just ours, and they set overall policy in this regard. One project cannot demand that the WMF put in place the security measures that would be required in order to keep that information safe. And please bear in mind that others disagree entirely with any expectation that people identify to the WMF even to the current small extent. This isn't the place for that discussion. Risker (talk) 23:00, 22 November 2010 (UTC)

It doesn't have to be the Foundation that checks IDs. If they're not willing to do it for legal reasons, the English Wikipedia could set up its own system. I doubt they would want to (for the same legal reasons), but it's a discussion worth having. To what extent we want to know who we're voting for is a legitimate question. SlimVirgin ^{talk|contribs} 23:11, 22 November 2010 (UTC)

And how, exactly, would we select the people who would be trusted enough to receive the private information of Arbcom, CU and OS candidates? Do you see the circularity of your argument? Risker (talk) 23:17, 22 November 2010 (UTC)

I don't see any circularity. We can just as easily assign that responsibility to someone, as can the Foundation. I don't think we would want to, because there are legal implications for the person retaining the data, but there would be no reason for it to be a more precarious system than the current one. SlimVirgin ^{talk|contribs} 23:30, 22 November 2010 (UTC)

Really? And how would we decide who to assign that responsibility to? An election? At which they would have to promise to...ummm...obtain and retain their own private information confirming their identity? And how exactly would we be assured that the data was retained in a secure and confidential manner? Or that the person wouldn't wander off on a wikibreak, never to be seen again? Thanks, but I'm more likely to be sending it to the WMF, where at least the current employees have all now gone through background checks. Risker (talk) 23:39, 22 November 2010 (UTC)

@I'm afraid I'm with Risker. I'm not about to disclose my identity to the WMF, but there's no way in hell I'd disclose it to some unemployed Wikipedian who'd be under no contract of employment to anyone.--Scott Mac 23:42, 22 November 2010 (UTC)

The current system relies entirely on trust at every level, so it's pointless, just so long as we realize that. We have to trust the nominee to use his real ID, and not a mate's. We have to trust him not to fiddle with the photocopy. And then if we later find out he misrepresented himself, there's no possible legal comeback (not even in theory), because no one can prove he said he was the wrong person in the first place, because the ID he supplied is not retained. So as with so much of Wikipedia, we have a system in place that bears no scrutiny. I don't think the community is aware of that, though I could be wrong, so the sensible thing to do after this election is open up a wiki-wide discussion to find out what consensus is in time for next year, and whether there's any system we can put in place that's reasonable and sustainable. SlimVirgin ^{talk|contribs} 00:09, 23 November 2010 (UTC)

I agree with Slim. The current system isn't providing security at all. It's just theater. For real security somebody trustworthy needs to look at an original ID, and store a copy in case the subject ever does something seriously wrong. ("Somebody" could be a WMF employee, a designated volunteer who's already trusted, or a licensed attorney as a last resort.) I'd prefer real security, but if we can't do that, then we ought not inconvenience people with security theater. Jimmy privately told me that if somebody doesn't trust WMF, why should he and WMF trust them? That's a good argument: trust is a two way street. Either trust WMF to keep a copy of your identity, or don't volunteer for a position of high trust. Jehochman ^Talk 14:44, 23 November 2010 (UTC)

I'm afraid it is all this "Jimbo has told me privately" that creates an atmosphere of mistrust. Wikipedia is no longer Jimbo's private feifedom. Neither has a series of less than desirable people working close to Jimbo aided the system. ID-ing is not necessary unless one wants CU and OS rights. The foubdation has no right to demand ID from volunteers.  Giacomo  15:48, 23 November 2010 (UTC)

I have a business interest in Internet security and identity on the web. As a result I exchange email with lots of people on these topics. When somebody says something interesting to me and I want to share it, I can hardly do so without crediting the original source. There's no need for mistrust on this minutia. As for wanting to serve on ArbCom and eschewing CU/OS and the mailing list, those all seem like reasonable ideas. Many disputes can be resolved with publicly available info, and you could always recuse from those disputes that can't. There's more than enough work to go around. Jehochman ^Talk 16:23, 23 November 2010 (UTC)

As far as I remember it was 'the incident' that made the community (not the WMF!) require identification of arbs, and if anything 'the incident' created this whole sock paranoia, or 'atmosphere of mistrust' as you call it. Also interesting (to me) that you managed to distort Jehochman post into 'It's Jimbo's fault'. Amalthea 17:02, 23 November 2010 (UTC)

Anything wrong with Wikipedia is Jimbo's fault, because he started the damn thing. Jehochman ^Talk 17:24, 23 November 2010 (UTC)

Are we going for the World's Longest Thread record?

The angels just phoned, and said they want their pinhead back. Since Jimmy Wales is not going to change his policies in the 23 hours before nominations close, isn't there something everyone else could be doing, and come back to sort this issue out further down the line when the time pressure is off? – iridescent 23:54, 22 November 2010 (UTC)

Close it down, as only the arbitrator candidates are effected by what's being discussed. GoodDay (talk) 23:58, 22 November 2010 (UTC)

Actually, the previous discussion has solicited a clarification statement from the WMF - that's information that people thinking of nominating themselves may find useful. I suggest if you don't find this discussion useful, then you don't have to read it.--Scott Mac 00:20, 23 November 2010 (UTC)

Already have decided that. GoodDay (talk) 00:22, 23 November 2010 (UTC)

Are we going for the World's Most Hackneyed Joke record?

How about we close the thread when nominations close – which, as has been so astutely pointed out, is not very long away? Or, better still, how about we not stifle a perfectly valid discussion and let it rattle on as long as necessary? It's not causing any damage. ╟─TreasuryTag►quaestor─╢ 23:59, 22 November 2010 (UTC)

Are we going in circles again?

What is the point of this thread? The Foundation won't change their identification requirements that easily. A certain few people are now just arguing for the sake of arguing. Let's go back to writing articles and watching the election. It's the WMF's call, so this mile long thread doesn't really establish anything (except that some users really like proving that they are "right" and some others just love causing drama). /ƒETCHCOMMS/ 01:25, 23 November 2010 (UTC)

It seems to me that the announcement that ID material is discarded once someone checks its age statement is not consistent with the WMF policy linked.

Wikimedia's offices are in California, which has an anti-SLAPP statute that has shown some effectiveness against bogus litigation in the past. IANAL but if the location of the office can bring nutcase lawsuits into California jurisdiction, that might give some remedies to arbitrators and others who are concerned about getting caught up in such things.

SlimVirgin - Jehochman's suggestion of having candidates hire attorneys as intermediares to the WMF is financially disenfranchising to the candidates unless WMF pays the legal fees.

Giano's newfound privacy activism might be better directed at recent efforts to increase the obnoxiousness of the EU Data Retention Directive. Giano IMHO is unlikely to be able to keep his anonymity against a determined investigator even in the current regulatory regime, much less the proposed brave new one. 69.111.192.233 (talk) 02:19, 23 November 2010 (UTC)

Other projects?

Does anyone happen to know if the Committees on other projects are required to identify? — NGQ Jon 02:40, 23 November 2010 (UTC)

See the first paragraph of [5]. 69.111.192.233 (talk) 05:40, 23 November 2010 (UTC)

I do appreciate that link. However, it doesn't fully answer my original question. Does the privacy policy really mean that every person who arbitrates must submit documents? Do the German arbitrators, for instance, submit documents to WMF? Did the WMF board really have in mind arbitrators when they passed the privacy policy? Has the WMF Board publicly stated that they consider that the privacy policy applies to the Committee, rather than only to the technical CU/OS positions?

Taken together, these questions are meant to lead toward the underlying question: If an individual was elected to the English Committee, but refused to submit identifying documents, who would stop them from voting on Committee affairs? If they did not want CU/OS, and did not wish to oversee those functions, but only wanted to act as an arbitrator on user disputes, would the WMF Board or staff really step in to prevent the English community from having them do the work of an arbitrator?

Indeed, my understanding is that some arbitration Committees have no involvement at all with CU/OS appointment or oversight. Some present arbitrators above make statements indicating that identification is a WMF mandate that they are powerless to combat. However, if an arbitrator was to decide to refuse involvement in the CU/OS matters (limiting his remit solely to arbitrating), would the WMF Board or its designees really stop such an elected arbitrator from arbitrating? Respectfully, — NGQ Jon 06:28, 23 November 2010 (UTC)

I would expect that dewiki has something like enwiki's arbcom-l mailing list. I would hope that the contents of any such list would be subject to the privacy policy, and therefore arbs couldn't be added to the list without satisfying the ID requirement. I would expect someone not on the list couldn't serve effectively as an arb. So my inference is that dewiki arbs have to provide ID, and similarly for enwiki arbs who don't have CU/OS bits. That is pretty simple logic. On the other hand, Wikipedia is not always logical, so who knows. 69.111.192.233 (talk) 08:23, 23 November 2010 (UTC)

At dewiki, arbs do NOT have to identify themselves because they don't have access to private data as defined by the privacy policy. Non-admins who are voted into de-arbcom get the admin bit so that they can read deleted versions, but that's it. However, the role of the de-arbcom is quite different from enwiki's, and so is the general power structure of the projects. For example, the community of dewiki decided almost unanimously that no user can hold more than one special function (Bureaucrat, CU, OS, ArbCom) at the same time. @69.111.192.233: Foundation-hosted mailing lists are not covered by the privacy policy, see here (second paragraph). --Tinz (talk) 12:41, 23 November 2010 (UTC)

Indeed, that is what I thought. We now have an individual running who says he will refuse to identify. The chances of this particular individual being elected are rather slight. As a matter of principle though, such a person must be seated if they win. To do otherwise would be to apply the Board directive in a way it was never intended to be taken. — NGQ Jon 01:40, 24 November 2010 (UTC)

(edit conflict) Tinz, thanks for the clarification about de-arbcom. Obviously at least some WMF-hosted mailing lists are not subject to the privacy policy; for example, enwiki-l is a public list. But arbcom-l (from what I understand)_ regularly discusses CU and OS data which is under the privacy policy, so it follows that the list contents itself is (or at least should be) under the policy.

The idea of Jehochman and others that someone might usefully serve on arbcom without CU/OS and without access to the mailing list is just weird. Why would anyone even want to do that? SirFozzie and others have explained that most of arbcom's work takes place behind the scenes. If all you want to do is help sort disputes between users, you don't need to be on arbcom for that. You don't even need a user account. There was a time when only Arbcom and Jimbo could impose binding resolutions enforcable by admin action, but that shifted several years ago, so now such things are handled routinely by regular admins at ANI (e.g. ANI discussions leading to someone getting a topic ban or the like). The only things arbcom can really do that regular admins can't are 1) desysop admins and 2) use confidential processes and info while performing DR. Confidential processes includes private deliberation with other arbs, which is a regular and accepted part of every case in the arb process as we currently know it. It is analogous to jury deliberation and is part of the reason arbitration is accepted (by some) as the "last stop" in WP DR. (OK, I suppose you could run as a radical transparentist saying arb deliberation should all take place in public, but none of those whining about the ID issue in this thread seem to be taking such a stance right now. Maybe I shouldn't give them ideas. Of course anyone who takes that stance after supporting secret-ballot arb elections will have a credibility problem to manage).

If you're going to opt out of seeing confidential info, that perhaps leaves some cases so clear-cut that private deliberation is obviously useless, but in today's DR environment those cases are usually resolved way below arbcom. The one exception could be ultra-clear-cut cases where the remedy involves desysopping. And only users addicted to troublemaking would consider running for arbcom just for that. Such users exist, of course, but I'd hope they'd never be elected as arbs. In short, opting out of arbcom-l is not a serious possibility for anyone hoping to serve usefully as an arbitrator. 69.111.192.233 (talk) 02:08, 24 November 2010 (UTC)

Age checking vs. accountability

Philippe Beaudette and others have written that ID sent by arbs to the WMF is used strictly for checking their age, then destroyed. This seems to me to be in conflict with WMF's Access to nonpublic data policy which says:

"The intent of this policy is to ensure that volunteers who have access to nonpublic data covered by the Wikimedia Foundation privacy policy are personally and legally accountable."

That seems to go further than age checking. In the above discussion we never resolved that difference. So which is it?

I was particularly surprised to hear that the WMF doesn't retain the ID info that it receives. I remember a time when (iirc, can't find the diff) Karmafist got caught running a sock that looked to be heading towards adminship. Karmafist said something like "don't worry, within a few years I plan for my socks to occupy at least three or four arbcom seats". Of course (I hope) he was joking, but it amuses me that WMF's practice of throwing away ID info after checking it would let this through.

69.111.192.233 (talk) 04:49, 24 November 2010 (UTC)

That's a question that is more properly discussed at Meta rather than here, as it applies to how they address the information from *all* projects. I'm pretty sure that Karmafist never really stood a chance of doing that; almost all arbitrators, and a goodly number of the current candidates, have appeared in public at Wikipedia-related events, so most of us are identifiable to some extent or another. I'm pretty sure nobody's going to confuse me with, say, John Vandenberg or Kirill Lokshin. Risker (talk) 05:08, 24 November 2010 (UTC)

Well, Philippe did put that statement here on enwiki, which has a boldface link under it that says "Discuss this". I clicked the link and it brought me here. I appreciated the nice pictures of you and Kirill,[6] since it indicates that there are at least two distinct people occupying the 15 or so arbcom seats ;-). 69.111.192.233 (talk) 06:01, 24 November 2010 (UTC)

• Comment by FT2 Skipping the wall of text, this procedure doesn't make sense as it stands. Before commenting further can someone explain exactly and authoritatively, the following:

1. What is the intended purpose of
    (a)  obtaining identification,
    (b)  confirmation of age, of a user proposed to handle non-public data?
2. The access to nonpublic data policy states that its intended purpose is "to ensure that volunteers who have access to nonpublic data covered by the Wikimedia Foundation privacy policy are personally and legally accountable".
    (a)  is that statement factually correct?
    (b)  if so how is that goal currently being accomplished in light of (and compatible with) destruction of identification data?
3. Under what circumstances would the age or identification of a user with such access be relevant to WMF or the project (ie, more than an editor who does not handle non-public data)?

A formal clarification of these would help inform the discussion. Thanks. FT2 ^{(Talk | email)} 06:34, 25 November 2010 (UTC)

I think Risker is basically right that this is not in enwiki jurisdiction and it's better to ask on meta or on a mailing list. 69.111.192.233 (talk) 07:04, 25 November 2010 (UTC)

Identification information page

I saw the large mess above and couldn't find any project-space page explaining the identification process, so I wrote one at Wikipedia:Identification. --MZMcBride (talk) 04:01, 27 November 2010 (UTC)

Maybe move that information to meta and replace the page with a soft redirect? NW (Talk) 04:23, 27 November 2010 (UTC)

Well, I think explaining local procedures/practices has value. Some of the additional information should probably be incorporated into the header of the m:Identification noticeboard, though. --MZMcBride (talk) 04:25, 27 November 2010 (UTC)

Appeal to BASC: Spartan

Announcement

Resignation of Steve Smith

Announcement

'I thought it preferable to the alternative' - I wish to read creative guesstimates as to what Steve meant. Steve is welcome to join the game, although he'll probably leave half way through... ;-)

• I thought it preferable to the alternative of heading down to a Denver shooting range with my twin.too soon?
• I thought it preferable to the alternative of selling out and working for Facebook
• I thought it preferable to the alternative of being denied intercourse for a further 12 months.

The option 'I thought it preferable to the alternative of not really being around enough to commit fully to the efforts the role deserves' is boring, and should not be mentioned. Oh, and good luck Steve :-) Privatemusings (talk) 05:42, 25 November 2010 (UTC)

Sincere thanks for your service Steve; you were one of the good ones. Now back to WP:FAC, no timewasting ;) Skomorokh 05:49, 25 November 2010 (UTC)

• I wish Steve much happiness and success in the future, and will miss his fine sense of humour as well as his insight. All the best to him. Risker (talk) 06:16, 25 November 2010 (UTC)
• That time of year. Anyway, thanks from me, too. It's a tough job, as too few grok. Cheers, Jack Merridew 06:28, 25 November 2010 (UTC)

• Thanks, Steve. It was a pleasure working with you. SirFozzie (talk) 16:21, 25 November 2010 (UTC)
• Sorry to see you go! --Elonka 21:48, 29 November 2010 (UTC)

Review of security

Announcement

What does this relate to? ╟─TreasuryTag►stannator─╢ 18:42, 9 December 2010 (UTC)

Wikipedia talk:Arbitration Committee#Official Comment required. NW (Talk) 19:07, 9 December 2010 (UTC)

• Pages were "deleted as unnecessary, redundant, or obsolete". Hm, could some of those last three terms be "unnecessary, redundant, or obsolete"?--Scott Mac 18:44, 9 December 2010 (UTC)

• Might I ask why SirFozzie and KnightLago did not vote on this (FayssalF presumably did not vote because of inactivity)? KnightLago's recent contributions, at the very least, show him commenting on this issue. NW (Talk) 19:06, 9 December 2010 (UTC)
  • Probably just not caught up with their email yet, I suspect: "not voting" doesn't mean "abstain". We usually post once there's a super-majority supporting and latecomers can modify the page to cast their vote later.  Roger ^talk 19:12, 9 December 2010 (UTC)
    • Correct. The discussion firmed around this statement in the last few days, in a time period I was mostly away from Wikipedia. I support the statement. SirFozzie (talk) 20:11, 9 December 2010 (UTC)
      • Ditto, I supported and support. KnightLago (talk) 23:03, 10 December 2010 (UTC)

This 'Review ' is not impressive: 'A banned user attempted to gain access ... there is no evidence that any materials were successfully retrieved'. But is there evidence they logged in or evidence they didn't login? I get the idea they could of logged in but your not aware of it yet. Wiki security is like something out of back to the future.

Suggest the following requirements are given to the technical team asap:

• Anyone logging into the arbitration wiki site are logged in a file with the IP and username. That login information is made easily viewable for a period of around 72 hours to other ARB members in some form when they are logged in. This will enable all Arb members to see if there has been a login security breach.
• Double login is done. Normally this is via Apache htaccess or equivalent. This is standard practice on most forums and sites on the net.
• Login is done to a none public URL known only to the few that use it i.e https://secure.wikimedia.org/wiki/some/random/place/1234/speciallogin. Making the url obscure reduces the changes of anyone unauthorized attempting to login.

Regards, SunCreator ^(talk) 19:49, 9 December 2010 (UTC)

Do you have any information that such steps are not already taken?  Frank  |  talk  20:32, 9 December 2010 (UTC)

I'm not too happy about "The Committee notes that it would have been significantly more appropriate for concerns about any security flaws to have been brought to our attention privately for remedy rather than pointing them out prominently on-wiki and potentially bringing them to the attention of thousands of people." Sunlight is the best disinfectant. The lack of imagination which allowed the flaws to continue for so long needs pointing out publicly. DuncanHill (talk) 23:48, 9 December 2010 (UTC)

What he said. I find it distasteful in the extreme that ArbCom would say that we should hide things; that sort of information needs to be publicly known, both because of the data which ArbCom has access to and on the general principle that known security flaws are rapidly fixed security flaws. → ROUX ₪ 23:54, 9 December 2010 (UTC)

Well get used to it! Wikipedia is about to enter a new dark age, you've seen the last of openness for a very long time. I would alao love to know how Shell Kinny and NYB come to be voting on this, in the top secret and sinister emails sent to me last week from Knight Largo I was assured she and the other candidates were excluded from the the enquiry. One cannot beleive a single word these people say. Would you like me to publish the emails here?  Giacomo  23:58, 9 December 2010 (UTC)

Well, there are ways and ways. If you find a security weakness that concerns you and you want it fixed, point it out quietly to those maintaining it and let them fix it. Don't post the weakness publicly (see WP:BEANS). If you find a security weakness that concern you, and you want to cause maximum drama, then adopt the opposite policy.--Scott Mac 00:03, 10 December 2010 (UTC)

If you want to hear lies and cover up on wiki do things quietly.  Giacomo  00:05, 10 December 2010 (UTC)

For once I find myself agreeing with Scott. If you find a security vulnerability, inform privately the people responsible for it, let them fix it, and, once it is fixed, feel free to make all the noise you want. That's just common sense. If you find a security loophole in Windows (or Mac OS X, or whatever), it is not a good idea to announce it to the world while Microsoft (or Apple) work on a fix because unscrupulous people would have abused god-knows-how-many computers in the mean time. You let them fix it first, then you can talk about it all you want. T. Canens (talk) 00:54, 10 December 2010 (UTC)

Absolutely. What you're describing is called responsible disclosure. Jclemens (talk) 01:09, 10 December 2010 (UTC)

From Kinight largo to Giano: "I am writing on behalf of the Arbitration Committee regarding the recent unauthorized access to the private Arbitration Committee wiki. Those Arbitrators running for election are not privy to this email or the discussion concerning this matter as it is being discussed on our "B" mailing list. Please either respond to the "B" mailing list CC'd on this email or to me directly." Isn't that amzing, yet they managed to vote on it!  Giacomo  00:08, 10 December 2010 (UTC)

Access to the secondary list, and its archives, was restored when the voting closed and nothing could affect the results anymore. The final wording of the motion was put for voting (on the main list, even) after that. The point of using the secondary list was to prevent any influence on the election since you were also a candidate, not because candidates suddenly became incapable of voting rationally on an issue of security. — Coren ^(talk) 00:18, 10 December 2010 (UTC)

• Of course it was.  Giacomo  00:20, 10 December 2010 (UTC)

Oh yeah, I just love this "There is no evidence that GiacomoReturned successfully retrieved any materials from the wiki." maliciously implying I "tried unsuccesfully" well next time the arbs are too stupid to spot there own gaping holes in security, I will just let then stay wide open.  Giacomo  00:27, 10 December 2010 (UTC)

Oh, stop it with the grandstanding already! Thank you for making us take a second look at our security, so that we could notice an entirely different and unrelated problem than that which you imagined existed during the exercise. You are not a savior, you simply attempted to posture during an election. You pretend much, imply a great deal, but it's all so much smoke. You are carefree with throwing "lie" and "liar" around but, in the end, the grapes are only sour in your own imagination. — Coren ^(talk) 00:33, 10 December 2010 (UTC)

Just a moment - this is a very important; Do you have evidence that GiacomoReturned attempted to retrieve material or otherwise gain access to the wiki? If you have such evidence, why is GR posting here? Such acts of deliberate hacking must surely be countered with a sanction! If you have no evidence, then I strongly suggest that you reword that announcement to reflect that you found no evidence contrary to to GiacomoReturned noting he did not and was not attempting to access the wiki. I do not think the Arbitration Committee needs to be found to be apparently casting aspersions upon another contributor, especially since it is they who discovered and announced possible security breaches. I am not impressed, either, by the tone of the response. If you do not enjoy being made to look incompetent, try not to repeat the mistake in acknowledging the lapse. LessHeard vanU (talk) 13:53, 10 December 2010 (UTC)

Of course we have evidence that Giano tried to access the wiki; the system logs quite clearly show him attempting to log in using several arbitrators' accounts, some repeatedly.

Now, we don't have any evidence that Giano successfully gained access to the wiki using any of the accounts in question, or that his attempts to do so were directly related to the ones made by a certain banned user around the same time; and that's why we have not imposed any sanctions in the matter. We are, in other words, choosing to assume good faith regarding Giano's motives and treat the incident as an investigation of potential security weaknesses gone awry. If you know of any reasons why we should consider it in a different light, please let us know privately. Kirill ^{[talk] [prof]} 14:17, 10 December 2010 (UTC)

and how do you know it? because I told you - plastering it on the Arbcom Page! Using the password "123456789" - that's your's is it? repeatedly yes, i could not beleive the names I was seeing as account holders! Shame you did not see them first!Do you even know all the names? Did your bloody enquiry even look at that? looking at all those names, no wonder Jimbo was so angry with me last week.  Giacomo  14:22, 10 December 2010 (UTC)

Considering that some of the accounts you tried repeatedly belong to a current arbitrator, I'm not sure why you would be so surprised; but that's neither here nor there. Personally, I don't believe that you had any nefarious motives in doing what you did—as I said above, I think you were trying to investigate a potential security weakness, and may have been a bit overly enthusiastic in trying different things—but, given the timing of your actions relative to those taken by other users, it was necessary for us to investigate the matter, if only to clear you of any wrongdoing. Kirill ^{[talk] [prof]} 14:26, 10 December 2010 (UTC)

I don't want to be "cleared" by you, I would not trust you and your colleagues to run a piss up in a brewerey!  Giacomo  14:40, 10 December 2010 (UTC)

You do know how to test for false positives, don't you? When determining the properties of an unknown you test the properties of a known - thus you test how a security function reacts to an attempt by an approved party, and see if there is a different reaction to that to a party that should not be approved. In this case, some former arbs got the same response as current arbs (that the password was not recognised while the username was) and others different - that the username was not recognised. I did the same test, but only with ex arbs account names, and got the same results as Giacomo. I did not think to also test the response for accounts of current arbs, but Giano did. However, I am smart enough to recognise a simple false positive test - which talent seems to be absent within the Committee. LessHeard vanU (talk) 21:06, 10 December 2010 (UTC)

Oh posture during an election - is it? I have another word for the activities of the last week, but I don't think now is quite the right time to dish it up. You need to put ypur house in order.  Giacomo  00:36, 10 December 2010 (UTC)

Oh, and on a substantive matter, how else than "tried unsuccessfully to retrieve material from the wiki" would you describe trying username and password combinations, and constructing URLs to hypothetical pages to see if/what you can get from them? — Coren ^(talk) 00:46, 10 December 2010 (UTC)

I dunno about Giano, but "attempted felony computer trespass" comes to mind... Seriously, Giano, that's no different than seeing a Kwikset lock on an important door, and attempting to pick it ostensibly so you can crow about the poor security. It's still attempting to commit a crime, no matter what your motive, unless you have preexisting permission to do so. Jclemens (talk) 01:02, 10 December 2010 (UTC)

Don't we have a policy against calling people criminals? BLP maybe? Or NPA? Or don't they apply when you want to libel Giano? DuncanHill (talk) 01:13, 10 December 2010 (UTC)

No, they clearly don't apply. This is a bloody good start for a new Arb and it does not bode well!  Giacomo  12:22, 10 December 2010 (UTC)

I have no knowledge of what he did or did not do. He described a scenario, which may have been true or hyperbole, and I explained my understanding of the legal consequneces, including another scenario to illustrate the point. I'm neither a lawyer nor a law enforcement officer. I entirely agree it would be inappropriate to accuse Giano of a crime, but likewise it is inappropriate to excuse or minimize the severity of attempting to bypass a username/password challenge to gain access to a computer. WP:SPADE applies. Jclemens (talk) 02:04, 10 December 2010 (UTC)

One of the more disruptive essays littering wikipedia, far too often used, as here, to excuse a poor choice of language. One of the reasons WP:CIVIL is pretty much a dead letter is the repeated use (or at least tacit approval) of personal attacks and BLP vios by various admins, arbs, and sole-co-founders. DuncanHill (talk) 02:26, 10 December 2010 (UTC)

Let's try to deescalate this discussion significantly and promptly. The point being made in this paragraph of the committee statement is that if there had been a very serious gap in the arbwiki security as was originally suggested, publicizing this fact would have allowed malicious persons to access confidential data on the arbwiki before we had an opportunity to work with developers to identify and correct those gaps. It was entirely appropriate for Giano to inform us that a security problem appeared to exist (and indeed, his post did lead us to identify the deficiences we have noted and to address them), and his doing so served a valuable purpose that is appreciated. Our concern is that posting as much detail about the security issues as he did on-wiki could have allowed other persons than Giano—including banned users and other persons hostile to Wikipedia or some of its contributors—to obtain access to the information as well, utilizing the bugs in whose general direction he was pointing. This is what we are suggesting should be avoided if any data security issues—hopefully not involving the Arbitration Committee next time—are identified in the future. Newyorkbrad (talk) 01:10, 10 December 2010 (UTC)

Rubbish! you have tried to shoot the messenger for reporting in public. God knows what you would have done if I had been stupid enought to tell you in private. In the intersts of self-preservation, I advise all to keep all dealings with the arbcom as public as possible, and as for JC Clemens veiled legal threats, well we all know how wikipedia treats those, don't we - or do we?  Giacomo  07:26, 10 December 2010 (UTC)

Good to know that you're back to your old self again now that the election's over. --Conti|✉ 07:44, 10 December 2010 (UTC)

ArbCom is full of political tools given technical tools. Somebody ought to address that at some point. --MZMcBride (talk) 08:28, 10 December 2010 (UTC)

The longer I have thought about this the angrier I have become and I have been pretty angry over the last couple of weeks over their failure to attend to security and the way they have been treating me about it. Here is an Arbcom holding an enquiry into whether I managed to get into its Wiki, when it should be holding an enquiry into its own incompetence. The only excuse I can even invent for them, is that as Brad, as a candidate, was ignorant of what the rest of them were up to last week, but even he has been so foolish as to put his name to this enquiry. It is not an enquiry it is a feeble and transparent attempt to shift blame anywhere, but where it squarely belongs—with the Arbcom and its developers.

For God knows how long it has held information on many of us, which it does not permit us to see, and clearly did not need which it has then kept it an insecure wiki. When this is pointed out to them, do we have apologies or admissions of responsibility? No, we have have supercilious comments from Coren and his Arbcom cronies and a new Arb, eager to make new friends, making veiled legal threats, and of course, Scot Mac famed only for his [7] “this is no news” comments when Abs and overnighters were caught trying to oversight/cover up one of their friends strange edits during an election.

It’s 100% clear from the intimidating emails and questions which the Arbs were emailing to me last week that they have not a clue who has been in and out of that Wiki. Last week, we were told it was impossible to delete information, now suddenly there is rightly a huge bonfire of the material held there. I know of editors with concerns who have disclosed all manner of private information to this Arbcom and now we see the respect with which they have treated it. I hope to God no-one has got in there and found any of it, but what are we getting from this incompetent crowd? “we have no evidence that ex Arbs actually accessed, and all have now been fully disabled” They don’t bloody know! And do we have an apology or indeed any sign of remorse? – do we hell! We have patronising “run along and play children, the Arbs know best” type comments. We have “Giano should have told us secretly, then no one would know how careless we have been.” I will not be made the scapegoat for this, and the rest of you should be wondering why that has even been tried.  Giacomo  14:09, 10 December 2010 (UTC)

The arrogant "Arbs know best and allowing the community to know what they get up to" attitude has time and again caused Arbcom to shoot itself in the foot and undermine themselves. We do seem spectacularly good at electing people with a complete lack of good-faith in the community, and a complete inability to see just how daft they look. DuncanHill (talk) 14:14, 10 December 2010 (UTC)

(edit conflict; to Giano:) Obviously the goal is that there should be no security flaws of any kind surrounding confidential information, whether in the hands of the Arbitration Committee or anyone else. To the extent any flaws exist, it is entirely right that they must be identified and fixed. The point is that if there had in fact been a gaping hole in the security as you first feared, as opposed to lesser (but still significant) issues as turned out to be the case, there are any number of persons less scrupulous than yourself who might have sought to exploit it. In such event, let there be no doubt that the primary fault would lie with actions of the malevolent person in exploiting the security gap, and another primary fault would lie with the original existence of the security gap to begin with—but how would you have felt about your own role in leading the malevolent person to it? Newyorkbrad (talk) 14:20, 10 December 2010 (UTC)

had you bothered Brad to read the information gathered by your merrymen last week, you would know that that was quite the reverse of the situation! Which is why it is such a major breach!  Giacomo  14:29, 10 December 2010 (UTC)

(ec x ??) I am also deeply unimpressed with the fact that this statement seems (whether by accident or design) to adopt a wording that paints Giano in an unnecessarily negative light. I realise that he can be an outspoken critic but he does have valid reasons for preferring public discussions; that might be unfortunate from ArbCom's perspective but that isn't a basis for declaring that he was wrong to raise his concerns publicly. I am disappointed that no Arb feels the need to distance themselves from the comments of current-arb Coren and future-arb Jclemens, which appear consistent with a hostile attitude towards the Giano as the person who brought the issues to light. EdChem (talk) 14:22, 10 December 2010 (UTC)

This is not about Giano, or any other individual; this is about finding the right balance between drawing attention to security issues (so that they will be dealt with) and not publicizing such issues until they can be attended to (for the reasons I have discussed a little higher in this thread). WP:BEANS is overcited, but if you discover an unprotected image on the main page, is it better to post on ANI that "THERE IS AN UNPROTECTED IMAGE ON THE MAIN PAGE THAT IS A PRIME CANDIDATE FOR TEMPLATE VANDALISM!!!!" or is it better to quietly ask an administrator to protect the image? It's the same principle, really, except at a higher level. (As for Giano's individual role, an irony is that I've never bought into the necessity of the identification requirement for arbitrators, and if it weren't for the contretemps over Giano's not wanting to identify and the consequences it would have for his access to information, Giano would very possibly be an arbitrator-elect himself right now.) Newyorkbrad (talk) 14:29, 10 December 2010 (UTC)

On no he bloody would not because he has seen what happens when you put a good apple into a box of rotten apples, that's why I was determined to stay out of the box!  Giacomo  14:31, 10 December 2010 (UTC)

Brad, the balance you mention is influenced by whether one trusts how ArbCom would respond to being told confidentially. Given Coren's comment and Kirril's comments that Giano needed clearing and the harshly worded "There is no evidence that GiacomoReturned successfully retrieved any materials from the wiki", I can understand his decision to raise the issues publicly. By the way, what would have been so bad about saying "The investigation notes there was evidence consistent with Giano's statements that he probed security vulnerabilities but did not breach the security of the arb-wiki"? It seems a fairer formulation. As for Giano as an arb-elect, Jimbo's actions strongly suggest to me that Giano wouldn't have been appointed had he had your level of support, Brad... which just shows we still have serious governance issues to sort out someday. EdChem (talk) 14:46, 10 December 2010 (UTC)

Brad, what will Arbcom do to reassure editors that despite their previous incompetence, they are now to be trusted to maintain appropriate levels of security? DuncanHill (talk) 14:33, 10 December 2010 (UTC)

Well, I'm not the person with any relevant technical expertise, but among other things we've been talking directly with developers about security aspects of the arbwiki and addressing all the potential vulnerabilities that anyone has been able to think of. Some of the more technically minded arbitrators might want to jump in here with their comments; and we have a new crop of arbitrators joining us in a couple of weeks, some of whom may have some more ideas for additional steps we could potentially take, if there are any. Newyorkbrad (talk) 14:44, 10 December 2010 (UTC)

After reading all this, I'm a little taken aback that the statement does not explicitly thank Giano for helping identify the security weaknesses. Whether he should have done it privately or publicly, the point is that because of his, made clearly in good faith, actions arbcom identified a set of security flaws and corrected them. Where's the thank you? The current statement reads a little like a grudging exoneration of a criminal (though I'm sure that is unintentional). (Also, it might be useful to consider adding some background information to statements of this sort so that readers can contextualize it. The original posting made no sense to me and, presumably to others, who were unaware of the issue.) --RegentsPark (talk) 14:40, 10 December 2010 (UTC)

This statement is about the situation and not about any individual. I believe some arbitrators did express appreciation to Giano at the time he first raised the issue. Your last comment is well-taken; we need to remember that just because we have been looking carefully at an issue over a period of days doesn't mean that anyone else has it in mind at a given time. Newyorkbrad (talk) 14:46, 10 December 2010 (UTC)

Adding background information would have made it too obvious that Arbcom was only acting because Giano had spoken up. Of course, not adding the information just confused some and made Arbcom look small in the eyes of others. DuncanHill (talk) 14:52, 10 December 2010 (UTC)

• Oh yeah, one other small thing our noble Arbs have not told you: I told the Risker (and Coren is conveniently forgetting) almost 24 hours before I posted it on Wiki [8] I even tell Malleus so. I only posted it here when I realised the revolting way they were going to handle this. So you see the arcom is not being quite as straight as they say!  Giacomo  17:38, 10 December 2010 (UTC)

I wondered how long it would take you to blame me for this, Giano. When you communicated to me, I made you extremely well aware that I was addressing major Real World issues, was unable to resolve the matter myself at the time you contacted me (less than 12 hours before you posted onwiki) and that I would draw your concerns to the attentions of others - which I did; at least one other arbitrator and a developer were already reviewing the situation when you posted onwiki, a fact of which I made you aware. I am genuinely disappointed in the brinksmanship you are showing here. I am terribly sorry that you have such a strong need to "win" that you'll condemn people for putting serious real life matters ahead of satisfying your demands that they *personally* and immediately "fix" something. You were taken seriously, your report was passed on to others in a better position to review and resolve, and you were informed of that. Risker (talk) 17:54, 10 December 2010 (UTC)

• I am sorry, but this is what happens when you start a culture of blame, as you have tried to do to me. This was an important security lapse, you are one of many Arbs - delegate! Or are you the only one capable of looking into such matters? This farce of an enquiry absolved the arbcom and blamed the messneger, so don't you dare accuse me of aportioning blame.  Giacomo  18:06, 10 December 2010 (UTC)

Excuse me, I *did* "delegate". That what you considered a problem was not solved immediately to your personal satisfaction changed nothing; your concerns were being addressed. As it turns out, the thing you insisted was the problem, actually wasn't a problem at all; the accounts that you thought were accessible were not. Everyone took your concerns seriously. And we did not stop our investigation after *your* concerns were satisfied, we continued to examine other possibilities, and found other things that could be improved. Risker (talk) 18:17, 10 December 2010 (UTC)

• (ec)I have to say, it does like like Arbs are just about the most ungrateful bunch of so-and-sos about. Have we reverted to the OM-debacle era of incompetence and self-serving? You're all just angry that you've been shewn up (yet again), and particularly angry that it's been done by the editor Jimbo (and most of you) would most like to get rid of - trouble is of course, that at least half of you behave just as badly as he does at his worst, but few of you contribute as well as he does at his best. Pull yourselves together, stop shooting the messenger, and start acting like people with a clue. Could you have said "The committee would like to thank Giano for discovering this failure and bringing it to our attention"? Of course not, you just couldn't resist putting the boot in - and making yourselves look much worse as a result. I had thought that the current crop were above the spoilt brat behaviour of past incarnations, but clearly I was wrong. DuncanHill (talk) 18:08, 10 December 2010 (UTC)

• I don't think Giacomo should be demeaned for going up and knocking on the door in an investigative manner as he did, I mean , who wouldn't? Just walking away without knocking, well, it would be rude. Perhaps it could be added to the report that no bad faith was found in his actions and also noted that the committee are grateful for his bringing it to their attention. Off2riorob (talk) 18:10, 10 December 2010 (UTC)

• Shameful announcement from a shameful group.--Cube lurker (talk) 18:20, 10 December 2010 (UTC)

I would just love to know who drafted that shameful statement before they all queued up to sign it, mind you it's not exactly stretching my brain to guess who. If I had not posted on wiki after having given them a working day to sort it, I would be banned by now - and the rest of you told God knows what!  Giacomo  18:30, 10 December 2010 (UTC)

Bah, your plotlines are weakening and your charaterization is cardboard thin. Wake me up when you get to the action scenes. Once you've elaborated it to the point where you expertly evade the black helicopters of our secret police force through a daring car chase through the busy Paris streets; it might have gotten entertaining. — Coren ^(talk) 18:56, 10 December 2010 (UTC)

Oh dear poor Coren - you missed the action - it took place amonth or so ago - while you were asleep.  Giacomo  19:00, 10 December 2010 (UTC)

Coren, Why did ArbCom mention Giano at all? Simple take out the mention of his name and say "there is no evidence anybody gained improper access to the ArbWiki." That's all that needed to be said. The backhanded attack on Giano is outrageous. I also knocked on the door. Why are you all going after him and not me? Jehochman ^Talk 19:02, 10 December 2010 (UTC)

Yea, I went there and immediately knocked on the door also. Off2riorob (talk) 19:03, 10 December 2010 (UTC)

I agree with Jehochman. I am surprised and disappointed to see a respectable Committeeman take such a dismissive tone toward the legitimate concerns of the Community. Giacomo has realistic concerns about the accusatory and unappreciative tone of the Committee Statement; a kindly and apologetic response would be more appropriate. I am concerned that the Committeemen are jaded toward this user and therefore are not dealing with him in the proper manner. — NGQ Jon 19:04, 10 December 2010 (UTC)

Jehochman: It was not our intent to attack Giano. You will note that at least three arbitrators who passed the statement have publicly thanked him for drawing it to our intention (although in a less-than-ideal manner). We only wanted to convey that nobody had actually attained access as far as we could tell, and Giano's discussion of "secret files on individual editors" should not be read to mean that he had actually accessed any "secret files." Some users mistakenly believed that Giano had "hacked in," and we wanted to specifically clarify that it was not true.

I agree that your wording might have worked better, but we wanted to issue a timely statement—which, after all, Giano had requested. Cool Hand Luke 20:44, 10 December 2010 (UTC)

Somebody changed the wording, totally out of process, and in violation of all local, national, and intergalactic wiki policy. Nevertheless, I suggest letting it be, for the sake of peace and harmony. Jehochman ^Talk 20:48, 10 December 2010 (UTC)

When the broken-hearted people living in the world agree... Cool Hand Luke 20:59, 10 December 2010 (UTC)

Oh don't worry about me, Coren is building up to one of his usual "Giano's paranoid" moments next. I usually indulge him a little at this stage, it makes him feel less ridicuous. That he's managed to take the rest of the Arbcom with him this time is concerning really, I suppose.  Giacomo  19:20, 10 December 2010 (UTC)

Dear Reader, Jehochman ^Talk has given you some popcorn. Popcorn is crunchy goodness, and is wonderfully delicious!

Be sure to grab some before reading this conversation.

Right - I can't see anything more useful coming from this thread. Tempers are getting frayed and I think we all need to move on before tempers get more frayed. I can see how it developed (sigh) and I think we just need to all leave this thread alone for a little while. Casliber (talk · contribs) 20:38, 10 December 2010 (UTC)

May be true, but trying to conceal it under a hat with a dismissive summary is highly ianppropriate.--Cube lurker (talk) 20:41, 10 December 2010 (UTC)

Perhaps arbs would consider rewording the statement along the lines suggested in this discussion - thank giano, explain circumstances, etc. That would defuse this in a flash. --RegentsPark (talk) 20:49, 10 December 2010 (UTC)

Already been done.[9] Per WP:IAR. Jehochman ^Talk 20:51, 10 December 2010 (UTC)

No more jibe against Giano, but no thanks to him either. It's striking the kind of warfare that was required to remove the jibe. ScottyBerg (talk) 20:54, 10 December 2010 (UTC)

Several arbitrators did thank Giano. Sheesh. Cool Hand Luke 20:56, 10 December 2010 (UTC)

"Arbcom" though did not. Quite the opposite.--Cube lurker (talk) 20:58, 10 December 2010 (UTC)

(ec) There are no thanks recorded on the announcement page. ScottyBerg (talk) 21:00, 10 December 2010 (UTC)

(multiple ecs)There is a difference between a public thanks and a private thanks. And, trust me, for someone who doesn't know what's going on, and i'm sure that was not intended, the original announcement made it appear as if giano was maliciously attempting to break into where he's not supposed to go. The new statement reads much better but it would be nice if there was a thank you to giano, jehochman and anyone else who helped point toward security flaws. A bit of graciousness goes a long way. --RegentsPark (talk) 21:04, 10 December 2010 (UTC)

No need to thank me. I'm just glad I wasn't banned. Jehochman ^Talk 21:06, 10 December 2010 (UTC)

He was publicly thanked by at least three arbitrators. The intent of the bullet point was to specifically repudiate the myth that Giano "hacked in" (see my longer comment above to Jehochman). Cool Hand Luke 21:14, 10 December 2010 (UTC)

• Regardless of how infelicitous the original statement might have been (something which is debatable but probably shouldn't be), the fact of the matter is that the arbitrators signed one specific statement and not a modified version of it. One cannot retroactively alter the record like that. — Coren ^(talk) 21:02, 10 December 2010 (UTC)

EC:- ::I see nothing changed; it remains a calculated and inflammatory insult.  Giacomo  21:03, 10 December 2010 (UTC)

Indeed, until they retract the insult, somebody else editing the announcement does not cure your grievance. Jehochman ^Talk 21:06, 10 December 2010 (UTC)

The insulting reference to Giano has been reinstated. ScottyBerg (talk) 21:09, 10 December 2010 (UTC)

(EC's) How about you all go back and revote on one that isn't morally bankrupt?--Cube lurker (talk) 21:07, 10 December 2010 (UTC)

Whatever the intent, and I can't believe that there was anything malicious behind the statement, it is fairly obvious that many editors believe that the reference to giano was inappropriate and conveyed an incorrect impression. Appearances are generally 90% of things, and it may not be a bad idea to reword the statement (or for individual arbs to reconsider their votes). --RegentsPark (talk) 21:21, 10 December 2010 (UTC)

• • [@Giano]You've done nothing but inflame and insult people continually recently. You are in no place to demand satisfaction. The hypocrisy here is outstanding as usual. You tried to stir drama by inferring that certain ex-arbs still had access. It might have been a real concern, but you were wrong. Now, rather than let it rest, you are clutching at straws to keep up the tension. As I've said, at one time the tenacity and campaigning was perhaps admirable, now it has slipped into childish and narcissistic trolling. It is beginning to bore. No doubt I will now be abused for calling it as it obviously is.--Scott Mac 21:11, 10 December 2010 (UTC) [clarification added]--Scott Mac 21:45, 10 December 2010 (UTC)
    • RegentsPark has been very civil lately. Are you sure this comment is in the right place? Jehochman ^Talk 21:27, 10 December 2010 (UTC)
      • Apologies. I fixed my indent (added a few extra to be on the safe side). Still, it does now appear that Scott is responding to coren and I don't think that's his intention. --RegentsPark (talk) 21:34, 10 December 2010 (UTC)

• Hold on. GiacomoReturned posted here on 26 November that he had made attempts to enter the arbwiki; at that time he neither confirmed nor denied that he had gained access. Why is it that Arbcom confirming what Giano says himself, that he did not gain access, is an insult? Risker (talk) 21:37, 10 December 2010 (UTC)
  • The announcement is without any context. It says that giano was trying to get access to arbwiki. All that may be true but without any note that giano himself brought this to the attention of arbs this puts giano in a very poor light. Breaking and entering is criminal behavior. Now, apparently, his motives were pure. Why not just thank him, inform everyone that the reason for all this is because he thoughtfully pointed to a security flaw, that you found a different flaw but wouldn't have done so without his intervention, and be done with it. Those are, after all, the facts - aren't they? --RegentsPark (talk) 21:47, 10 December 2010 (UTC)

• The ambiguity and "double entendre" of the phrasing. The reference that you should have been told privately, when you were told privatly. The fact that the aportioning of blame is appareant and one sided. The fact you accept no responsibility yourselves and the fact no one now beleives a word you say - I know the names of all the former Arbs and others who had access untill last week, why don't you publish them? Ask them to deny they had access (I don't doubt they will) - an interesting collection with one common denominator. I'm not bothering with you any longer Risker, you and your cronies here are disgraced and floundering wildly to save yourselves.  Giacomo  21:54, 10 December 2010 (UTC)

• "former Arbs and others who had access untill last week" that is a very serious allegation. If it isn't true, it would appear to be libellous. It would appear to mean that all the arbs who signed the motion were lying, and all should be banned. Giano - can you substantiate that allegation?--Scott Mac 21:59, 10 December 2010 (UTC)

• Oh if it makes you happier "potential" accesss. Did they or didn't they? That's the question. You see Scott, the Arbcom doesn't know. Giacomo  22:02, 10 December 2010 (UTC)

• as you know, that's an entirely different thing. What you are saying is that you have proof (what?) that arbcom's statement is, in fact, correct.--Scott Mac 22:04, 10 December 2010 (UTC)

I am saying that I think it would be a good idea if the Arbcom screwed up their findings, drafted a new piece of paper, gave it some greater consideration and then signed it. That would defuse the situation and allow us all to go to bed.  Giacomo  22:07, 10 December 2010 (UTC)

User:Scott MacDonald/JFK Appropriate userbox supplied.--Scott Mac 22:15, 10 December 2010 (UTC)

Section break

Oh, a substantive point was raised somewhere up there in the middle: "Why did ArbCom mention Giano at all?" The reason is simple. At the time we got a hold of a sysadmin who could inspect the server logs (which is just a bit before Giano made his public post), there were exactly two persons who had made failed attempts to access the ArbCom wiki, over a period a little more than and hour and a half long. One is a banned user, and the other is Giano. Giano is the only one to have made an on-wiki claim of having tried to log in on that wiki, and we felt it important to note that he had not, in fact, accessed anything.

It's entirely possible that more people might have tried the same thing after Giano made his public statement; I doubt it's useful to request that a sysadmin again inspects the logs just to be able to confirm that "other editor X also tried and did not get in". — Coren ^(talk) 00:00, 11 December 2010 (UTC)

Before someone jumps in and turns Coren's statement right above me into saying "They're just trying to get Giano", I think I should point out that the reason that we are not redumping the logs on a regular basis to determine if someone's trying to access it, the method that Giano and the banned user found to "access" the arbcom wiki only worked to give a "ping" that there was a page on whatever they plugged into the URL (so if they put Foo in the proper place in the URL, but wasn't logged in, they'd get a login response, confirming there was a page Foo), but they did not get any information as to what that page entailed.

As I understand from the discussions the Committee had with developers, the hole that allowed Giano to get that "ping" back has been patched, and that in these discussions, we are looking at additional methods to make sure that the data remains secure. I wish Giano had contacted one of the Arbs he has a warmer relationship with (and before anyone scoffs, I know of several arbs who Giano contacts and talks with every so often, including myself) with before going public with the fact there was a potential security hole. As it was, if the method WAS a full breach, a banned user who specializes in off-site harassment of editors would have all the privacy-related information that was on the ArbCom wiki. So.. Giano DID find an area that needed looking at, and as a result there is active, ongoing work between the Committee and the developers to make the information on the ArbCom-wiki more secure, and for that I will publicly thank him. However, the method of disclosure of this breach and the discussion that followed was much less then optimal. SirFozzie (talk) 00:19, 11 December 2010 (UTC)

Ya'll need to step back & take a break folks. Howabout a 6 months intermission? GoodDay (talk) 01:09, 11 December 2010 (UTC)

I just don't understand what benefit you derive from personalizing the incident. But more than that, the phrasing is awful. Read the section as though you were completely unfamiliar with the topic. Giano isn't even introduced before you say "There is no evidence that [he] successfully retrieved any materials from the wiki." Maybe it's just my jaded view at this whole Wikipedia circus, but it has a very "When did you stop beating your wife?" kind of feeling.

You all really ought to consider changing it. There's nothing wrong with copy-editing. It's the wiki way. --MZMcBride (talk) 01:22, 11 December 2010 (UTC)

Do you mind if I copy-edit this statement, but leave your signature? 71.233.46.33 (talk) 02:53, 11 December 2010 (UTC)

MZMcBride makes a valid point here. We should have noted that this statement was made in response to a post where Giano asked for an official comment. We provided an official comment, but should we have run that official comment past Giano first before publishing it? Maybe, but the reason for publishing this was because Giano himself said Official Comment required. Well, we provided that. Should we have run the draft past the community first? The incoming arbitrators will be able to review the entire sets of discussion that took place on these matters, and judge for themselves. Carcharoth (talk) 03:04, 11 December 2010 (UTC) I've now added this note. Carcharoth (talk) 03:11, 11 December 2010 (UTC)

The note does clarify matters. Supported. — Coren ^(talk) 04:53, 11 December 2010 (UTC)

I may find myself without internet for the next few days, so rather than wait if the situation will be resolved, as appears to be the case, I will comment now: Ideally, Arbcom would lead by example. That's not always possible, but at least Arbcom should not undermine its own rulings by collectively and vigorously breaking their spirit. I see enormous tension between the following two official Arbcom pronouncements: Template:Blockquotetop It is unacceptable for an editor to routinely accuse others of misbehavior without reasonable cause in an attempt to besmirch their reputations. Concerns, if they cannot be resolved directly with the other users involved, should be brought up in the appropriate forums with evidence, if at all.

---

• There is no evidence that GiacomoReturned successfully retrieved any materials from the wiki.
• A banned user attempted to gain access around the same time that GiacomoReturned did; again, there is no evidence that any materials were successfully retrieved.

Template:Blockquotebottom This must be fixed. I see this as part of a general pattern of Arbcom not communicating effectively. I hope that the new Arbcom will

1. take measures to minimise the likelihood of such communication disasters in the future, and
2. develop strategies for mitigating, rather than aggravating, them when they become apparent. E.g. Arbcom pronouncements could be run by uninvolved third parties whose job it is to completely rephrase them, so that problems in the wording can be identified before it becomes official.

And there should be an ethos that the idea of an Arbcom pronouncement counts, not its wording. If the words don't describe the idea effectively, so that, e.g., Arbs disagree about the meaning of the words, then the wording is defective and this must be admitted and addressed. Hans Adler 23:13, 11 December 2010 (UTC)

A few points to make here:

• "Arbcom pronouncements could be run by uninvolved third parties whose job it is to completely rephrase them, so that problems in the wording can be identified before it becomes official." This isn't a bad idea, actually. But part of the problem comes from the siege mentality that can be provoked when there is a public outcry in response to a statement like this. It makes ArbCom more likely to issue bland statements that have been 'tested' first - do you really want things to go down that route?
• What happened here was that Giano made a hue and cry about arbwiki security and demanded an official statement. The committee (which includes me) discussed and voted on an official response that was initially quite short and was then expanded to provide details we thought would help explain things somewhat, but seems to have had the opposite effect. Part of the statement was based on correspondence and evidence that is not public. There were attempts to communicate with Giano that didn't really get very far. We concluded (not unreasonably, in my opinion) that Giano (despite appearances based on what he had said) hadn't actually seen what he said he had seen (or was being imprecise about what he had seen), and had merely been poking around trying to see what was there (like many other people have been). However, there was a distinct possibility here, given the (admittedly circumstantial) evidence we had before us, that our conclusions could have been completely different.
• Maybe the statement should have said "we asked Giano about this, but his responses were unhelpful" - would that have been any better? My view on this is quite simple. If Giano had corresponded with us in private about this, instead of going public at the time he did, and tried to be more helpful when we contacted him, rather than being angry half the time, the necessary changes would still have taken place, and any public statement would not have been so controversial. There are examples of other people raising matters with us that get resolved without any hue and cry, so it can be done. But the approach of angrily demanding an official comment, and then angrily decrying the official comment, doesn't really work.
• With hindsight, though, a copy of the statement should have been sent to Giano first as a courtesy, not to let him change it, but to allow him to raise objections for consideration.

For what it is worth, Giano has my thanks (belatedly) for raising this entire matter, since it did indirectly alert us to some matters of account security needed to be addressed, and led to a shake-up of how the arbwiki is handled. Carcharoth (talk) 04:04, 12 December 2010 (UTC)

I have internet for a few minutes, so just a quick response to one aspect: "whose job it is to completely rephrase them" -- I see I wasn't clear. The idea is that someone completely rephrases your pronouncement, possibly using more frank language for what they think you wanted to say, and then you compare to see whether it is what you meant, and perhaps adapt your wording if it isn't. In this case a possible result would have been "Giano tried to break into the Arbcom wiki but failed, so there is no reason for concern." Obviously the idea of such tests would not have occurred to me if I did not have the impression that you have been a bit careless. It was most obvious with the climate change topic bans. They contained wording that was read as purely ornamental by some and as severely restricting the scope of the bans by others. At first I thought this was deliberate, but when it became apparent that the Arbs themselves disagree about the scope of the bans I decided that the real problem is different levels of reading comprehension between Arbs. Hans Adler 09:48, 13 December 2010 (UTC)

What you describe isn't restricted to arbitrators. It's a widely known and researched phenomenon. Different people take different meanings from the same words. This is governed as much by how the readers themselves use the word/s as how the writer does (cf. idiolect and lexicon); the social and/or professional context/s in which they use them or see/hear them used; what meaning the reader wants the words to have; which meaning of multiple meanings apply (most words have more than one); whether the reader takes the primary or seconday meaning of the word; whether the word has a special contextualised meaning; whether the word has a literal meaning as well as an extended metaphorical one (concrete v. abstract) and so forth. I'm not sure if there's a simple answer.  Roger ^talk 10:47, 13 December 2010 (UTC)

Exactly. idiolect, idiom, lexicon should all be blue-links. Maybe a warning should be attached to all ArbCom announcements - "this may not mean what you think it does - if there are several ways to interpret this statement, please ask for clarification rather than assume your interpretation is correct". Obviously the language used should be as clear and precise as possible, and we should strive to phrase things as unambiguously as possible, but that isn't always the case and sometimes is not obvious to those drafting such statements, and when it isn't, asking and then waiting for clarification is better than possibly running with an incorrect interpretation. Carcharoth (talk) 11:11, 13 December 2010 (UTC)

Indeed, and - while we're at it - confirmation bias; the phenomenon of people taking/making the interpretation most favourable to their position and discounting any other.  Roger ^talk 11:19, 13 December 2010 (UTC)

• I must be alone here in crediting the Arbcom with the ability to speak and write English. They wrote a statement, and are now backtracking on it because they rightly realise it has caused a backlash against them. They would have found me a great deal more forthcoming and amenable to their enquiry if they had approached me with goodwill and an open mind. As it was, I had an accusatory and blunt couple of emails making all manner of inisinuations from Knight Largo and veiled warnings from Risker. I am prepared now to say no more about this; I hope they have been taught a valuable lesson. Now let this be the end of it.  Giacomo  08:56, 14 December 2010 (UTC)

They would have found me a great deal more forthcoming and amenable to their enquiry if they had approached me with goodwill and an open mind. I'm not sure that statement is capable of supporting the irony inherent in it. --InkSplotch (talk) 15:25, 14 December 2010 (UTC)

Let's take a breather. GoodDay (talk) 15:39, 14 December 2010 (UTC)

Appeal to BASC by User:Wiarthurhu

Announcement

Appeal to BASC: Jahnbon

Resolved

Announcement

Regarding this, text of the decision has not been left on the User's talk page. As of right now, the user's talk page is redlinked, and there is no evidence it has been left. Can this be rectified? --Jayron32 15:35, 17 December 2010 (UTC)

Sorry about that, I put this up first and then the talk page notice; I'll do it in the reverse from now on since that actually does seem to make more sense :) Shell ^babelfish 17:19, 17 December 2010 (UTC)

Es todo bueno. --Jayron32 17:27, 17 December 2010 (UTC)

Wikipedia:Arbitration/Requests/Case/Race and intelligence

Original announcement

Arbitration motion regarding a case request about User:YellowMonkey

Original announcement

Good outcome. I hope that YM returns to editing and using admin tools (in accordance with his agreement to be more careful and explain actions better) soon. Nick-D (talk) 23:23, 24 December 2010 (UTC)

Disappointing outcome, which does nothing to resolve the wider dispute about YM's use of administrative tools, and a poorly worded motion. Still, it's the best we have, and I suppose the ball is now in YM's court. Physchim62 (talk) 00:02, 25 December 2010 (UTC)

Motion summary: "Stonewall us, please. It works if you're an admin!" Tijfo098 (talk) 02:26, 25 December 2010 (UTC)

^ What he said. I thought there was some sort of policy about disappearing during scrutiny. As I recall, the end result was not "ehh, let's move on." --MZMcBride (talk) 05:16, 25 December 2010 (UTC)

YellowMonkey's last edit was before the arbitration request was filed. Last time I looked, there was no prohibition against taking a break after responding to concerns raised at an RfC. It is quite clear that YellowMonkey does have further concerns to respond to, but we can't judge that and his response to that until he returns (otherwise you open the door to people piling on after someone takes a break). Previous examples nearly all involved people ceasing to edit after a request was filed, not before. Carcharoth (talk) 07:16, 27 December 2010 (UTC)

Was there a need to decline this with a motion instead of just doing it the old-fashioned way? DC 06:10, 25 December 2010 (UTC)

I would have preferred a "this is on hold until he returns, then it will be revisited" motion, which I thought was the standard for these situations, rather than declining it. Wizardman _{Operation Big Bear} 14:09, 25 December 2010 (UTC)

Effectively we have said it is on hold until he returns, but he has the option of responding at the RfC first before any judgment is made as to whether a case is needed. Otherwise you open the floodgates for people to jump from RfC to RfArb with no time for responses inbetween. If people are not satisfied with responses at the RfC, they can refile the request and ask arbs to judge if any hypothetical responses were satisfactory, but we can't do that until there are responses to judge. Carcharoth (talk) 07:24, 27 December 2010 (UTC)

Change in status - Arbitration Committee clerk

Original announcement

Personnel changes effective 1 January 2011

Original announcement

I am sad to be the first to thank our three outgoing arbitrators here for their labour, diligence and personal sacrifices over the years in one of the project's most difficult roles. FayssalF, Carcharoth, KnightLago: know that the community values your efforts. Respect, Skomorokh 11:52, 3 January 2011 (UTC)

• Strong support for this statement -- PhantomSteve.alt/talk\^{[alternative account of Phantomsteve]} 20:58, 3 January 2011 (UTC)

I will miss all three of the departing arbitrators and their contributions to the committee. It will, however, be a couple of weeks before I have to start missing KnightLago, as I think he's chosen to stay active on one or both of the two cases currently pending (which outgoing arbitrators have the privilege of doing), which will take a little while longer to resolve. I would also like to express special thanks to Carcharoth for his arbitration work over the past two years. While every arbitrator finds a niche within the committee and plays an important role, I have found Carcharoth to be especially dedicated and diligent in commenting on proposals. An ample number of times, it was he who made sure that all sides of issues were heard and that an important point didn't get overlooked. My disappointment that he did not seek reelection, which he would certainly have earned, is tempered only by the fact that we will now enjoy the benefit of his having a good deal more time to devote to content creation. Newyorkbrad (talk) 22:43, 3 January 2011 (UTC)

Agreed. I will miss our departing arbs greatly. Thanks guys, it's been fun :) SirFozzie (talk) 21:18, 5 January 2011 (UTC)

Arbitration Clerks Seeking New Volunteers

Original announcement

It's like the best part! AGK [•] 20:39, 5 January 2011 (UTC)

• It baffles me, NuclearWarfare, that you didn't mention the best part of being a clerk: the fez. I'd add to any potential applicants that this is actually quite an enjoyable job, with reacting to and resolving unique and unusual situations (normally involving prickly Arbitration participants, but also a variety of other contexts) being a sizable part of the clerk's duties. AGK [•] 20:39, 5 January 2011 (UTC)

• My question is: do you get access to the ArbCom/V.I.P. Party Room, and if you do, do they make you serve the cocktails? Beyond My Ken (talk) 22:47, 5 January 2011 (UTC)

Looking at the number of menial clerks who then are elevated to arb masters, I'm wondering if there's some fagging implied in this system.--Scott Mac 23:02, 5 January 2011 (UTC)

Nah, I can see where you think that, but it tends to attract the people who have a skillset that would make a good Arb.. in my case I was involved in (filing and as an interested parties) so many cases, that I didn't need the clerk job, I was already intimately familiar with what made well (and not so well) run cases. SirFozzie (talk) 23:10, 5 January 2011 (UTC)

We didn't even have any former clerks (who hadn't become arbs in the mean time) running in the last election IIRC, which suggests that many of the clerks appear to have come to their senses... Jclemens (talk) 18:58, 6 January 2011 (UTC)

If I took the job back, would I get my seniority restored for use of breakroom? I'm forced to consider such things in this economic climate.--Tznkai (talk) 23:03, 6 January 2011 (UTC)

We would welcome you back with open arms and give you what you ask for and a 3 month signing bonus to boot! NW (Talk) 00:31, 7 January 2011 (UTC)

Reviewing the list of open cases, we couldn't assign you to the World War II case as that one is already taken, but I suppose we could give you the gift of Longevity. Newyorkbrad (talk) 00:56, 7 January 2011 (UTC)

this thread features some of the lamest humour we've seen so far on wiki - much as I'd wanna volunteer to be a clerk, I kent (geddit) - too busy being superman (geddit again? - lamer puns may earn cookies.......) :-) Privatemusings (talk) 01:52, 7 January 2011 (UTC)

Does it come with tools as part of the role or do you have to bring your own? If yes, are they hand-me-downs or new? If you bring your own, are you required to share? billinghurst sDrewth 02:59, 7 January 2011 (UTC)

Arbitration motion regarding Wikipedia:Requests for arbitration/West Bank - Judea and Samaria

Original announcement

Ban appeal by User:Turbotad

Original announcement

Sanctions appeal by User:Koavf

Original announcement

World War II

View announcement