Open main menu

Wikimedia Commons β

Commons talk:Requests for checkuser


I don't think that the amount of request will be that great that we need a seperate page for each case. If might be better to have a simple transcluded page that contains all cases and an archive; similar to COM:UDEL. It might probably also an option make this a sub page of AN, as proposed on Commons:Administrators'_noticeboard#Subpage_for_CheckUser_requests.3F. -- Bryan (talk to me) 19:21, 19 April 2007 (UTC)

Why make it a subpage of AN? Most admins aren't CUs.
As to the page -- who are these alleged clerks? :P
And Use other methods first. - I have never understood this - what are these supposed other methods?? Prayer? --pfctdayelise (说什么?) 03:47, 20 April 2007 (UTC)
All clerk references that I could find have been removed... (as well as references to code letters), if you see some either remove them yourself (you can see in the comments where I left them how I tried to word around their non existance here) or complain here :) . Separate pages are easier to archive (you just move around the transclusion invocations) and preserve history better (the history stays with the subpages), but I'm open to however folks want to do it. I tested out the process by creating one subpage already, and it seemed to work ok. As for other methods... many sock cases don't warrant investigation, just block the ID as being abusive and be done with it, (i.e. either do it yourself when you see it, if you're an admin, or report it to admins via existing admin noticeboard channels...) only persistent repeated cases need explicit CU investigation, because the id keeps coming back, and so a block of the IP with no account recreation allowed, or whatever, is warranted... At least that's what I gather from elsewhere. Thoughts? ++Lar: t/c 14:21, 20 April 2007 (UTC)


Are five shortcuts really needed? I don't think so, so I'll be cutting it down to two. Picaroon (Talk) 00:16, 4 May 2007 (UTC)

Go ahead, this is too crowded. -- Bryan (talk to me) 09:26, 4 May 2007 (UTC)
Yes but you kept the WRONG TWO! (kidding!!!!!). I thought 5 was a bit much too... it was making some other things format funny for me. Good work. ++Lar: t/c 13:48, 4 May 2007 (UTC)


Why are outstanding cases listed on the subpage /Case which is transcluded in the main page, and the completed/declined ones directly in the main page? That's not logical to me. -- Bryan (talk to me) 13:51, 4 May 2007 (UTC)

Feel free to reorganise those declined ones to subpages if you like! I wonder if it is an artifact of how things were before or something? ++Lar: t/c 11:47, 31 May 2007 (UTC)

Checkuser activityEdit

Discussion in Commons:Administrators/Requests and votes/Bryan (rfcu) suggests that Commons could use a policy for when to withdraw checkuser access from those no longer active as checkusers. Reasons that support a checkuser activity policy include:

  1. There is a reluctance for good reason to have too many checkusers. Users with checkuser access who do not make use of it block access to it for others who would make mor extensive use of the tool.
  2. Being able to keep the access indefinitely promotes the view of checkuser as a status rather than simply a tool with restricted access.

The meta checkuser policy requires only the removal of Checkuser access from all accounts inactive for 1 year. It seems that we should impose a requirement based on use of the tool (which is recorded in the log) rather than simple activity. Even if a checkuser is editing prolificallly, if they're had no need for the tool in a long period, they don't need to stay a checkuser. The onus to use it should not be unduly harsh either - having a bank of experience to cross-check is no bad thing. I would therefore propose withdrawing checkuser access where no use of the checkuser tool has been made in the last 6 months.

The following thoughts arise:

  1. How to handle checkusers who will be on know long absenses? If checkuser declares they will be away from Commons for a year, for example, does that mean the inactivity period is suspended until their return (as with our admin activity requirements) or should they then relinquish the tool?
  2. This is something that will in effect have to monitored by checkusers themselves (as only they can view the log). Although the Community could say "Checkuser X does seem to have been doing much checkuser related in the last 6 months", only other checkusers could confirm this.

What do people think? WjBscribe 15:48, 4 September 2007 (UTC)

For what it's worth I agree with this almost completely. Short of time and I'll look some more later/tomorrow. Bear in mind I do have strong feelings about being inactive with additional rights - my Meta matrix now authorises Stewards to remove any rights I have not used for three months.
I'd be quite happy with "I'm away for a period". I would certainly be obliged to confirm CU activity/inactivity with the community - after all they trusted me with the rights --Herby talk thyme 15:55, 4 September 2007 (UTC)
I also support the removal after 6 months of no CU activity for reasons stated above by WJBscribe. Also, I think we should promote a custom and practice that encourages folks to voluntarily hand in the tool when they find themselves not using them for an extended period of time with the understanding that they will be returned automatically if not longer than 6 months have gone by.(6 months is an arbitrary number but I think fair).
I have no problem with the CUs monitoring themselves as they are the most trusted users on a site. We could set up a system of automatic review of all the activity of CUs to see if more are needed or if some need to be asked to turn it in, but I'm not sure that is really needed at this time. FloNight♥♥♥ 16:08, 4 September 2007 (UTC)
No question really about this in my mind. For me tools are about being active. Try getting admin, CU, 'crat with a "but I might not do anything for six months and see how the Rf* runs. Nothing against any of these folk at all - they have all worked hard for Commons and contributed strongly but a CU who has hardly edited for a year much less touched a now changed CU tool seems hard to support. I should have covered this better on the de-admin policy bit. The overall admin policy has stalled but I said to Fred I would try and get it going again (unless anyone else does?). --Herby talk thyme 17:33, 4 September 2007 (UTC)
Seems a sound proposal to me, with the proviso that I'd like to see something similar to the admin one, that if someone steps up and asks forebearance, a bit more time is given. But really, this is just tightening up the base foundation theme here on inactivity. If you don't use the tools at all, (with certain exceptions as I've said before) you should give them up. Thanks, WJBScribe for starting this up again. ++Lar: t/c 01:19, 5 September 2007 (UTC)

{{Checkuser requests to be listed}}Edit

The above template is placed on every new CheckUser request. It is there so that users and Checkusers are able to see which requests have not been filed on the main page, and as such require someone to list it for Checkuser attention. When I went there today, I found that there were close to 55 cases listed in the category, which really defeats the point. I already went through and removed the template from the cases that were listed, and had a Checkuser respond. In doing so, I found at least one case that was left unattended/not listed since March of this year (I listed it on the main page). Because of all this, I am asking that once CheckUsers respond to a case, and/or once someone lists a case they remove the template from the case page. This will make it easier to track cases, and ensure that no case falls through the cracks. Cheers, Tiptoety talk 04:32, 25 August 2009 (UTC)

looks like we need a better write up of the process for listing, processing, delisting, etc... would you be willing to take a crack at that? ++Lar: t/c 11:33, 25 August 2009 (UTC)
I would be more than happy to. I am also thinking a better archiving process is needed. Tiptoety talk 15:57, 25 August 2009 (UTC)
I don't understand. ¿Could someone noticing old requests or archives poke priv or irc to some checkuser ? -- Drini 18:28, 25 August 2009 (UTC)
What don't you understand? Tiptoety talk 18:33, 25 August 2009 (UTC)

My changesEdit

As requested above, I made a few changes to the overall process. First I edited Commons:Requests for checkuser/Inputbox to reflect my comments about the Checkuser requests to be listed template [1], I also added some information about editing an archived case/starting a new request on a existing case page page [2]. Secondly, I (boldly) created two archival templates {{Rfcua}} and {{Rfcub}} (similar to en.wikis old RFCU archival templates). These are to be used when archiving a case to help avoid confusion about open/closed cases, and inform users how to reopen the case should they need to. I updated the instructions at Commons:Requests for checkuser/Archives to reflect that. An example of the template being used can be found here: Commons:Requests for checkuser/Case/MRDU08. (Note: I already added it to all the archived cases). If there are other changes you would like me to make, I am willing. Also, I am open to constructive criticism along with general thoughts. Cheers, Tiptoety talk 20:47, 25 August 2009 (UTC)

Wow. I had expected you to make a few suggestions but instead you've went to work. I'm keen to hear what Herby thinks of your improvements, which are many, but I like what I see. Thanks muchly. ++Lar: t/c 01:32, 26 August 2009 (UTC)
Meant to get back to this one but other things got in the way :(
I'm not a Wikipedian so "process" to me is not a fave subject! I guess I have time to "do" or time to fill stuff in sadly. Lar on the other hand....:)
Anyway, I appreciate the help you are giving us Tiptoey & things look fine. Just point it out to me if I get anything wrong! Cheers --Herby talk thyme 12:01, 28 August 2009 (UTC)


I admit that I'm not really active in the Checkuser area, but I was wondering if the "Case" prefix is really needed? This page hardly has any hardly any subpages subpages (only archive, header and inputbox, which are unlikely to conflict with potential sockpuppeteers) and I believe that longer names and more slashes in page titles are more difficult to remember and to link. I was wondering what other users think of this idea? --The Evil IP address (talk) 20:51, 17 February 2010 (UTC)

I don't see any issue with nixing the /Case subtitle, but of course, that would either require quite a bit of work to move or lead to inconsistency. –Juliancolton | Talk 23:13, 17 February 2010 (UTC)
I don't think the /case subpage is needed, but I agree with Julian that removing it at this stage in the game might create some headaches. Tiptoety talk 02:35, 18 February 2010 (UTC)
Nah, that moving shouldn't be too complicated. It can probably easily be done with the option "Move subpages" similar to the way Rich Farmbrough moved the PUF over at Wikipedia. --The Evil IP address (talk) 20:49, 21 February 2010 (UTC)


Wo finde ich alle Anfragen, welche mit CheckUser-Berechtigung durchgeführt wurden um zu prüfen, ob auch tatsächlich nur offensichtliche Problemfälle behandelt wurden. Desgleichen meine Frage, wer eine Anfrage beantwortet, ob jemals eine Checkuseranfrage bzgl. meines Accounts durchgeführt wurde. Ebenso möchte ich wissen, ob aufgrund eines SUL-Accounts auch projektübergreifende Abfragen möglich sind. Und zwar durch CU-Berechtigte, welche deren CU-Berechtigung ausschließlich durch eine Wahl in Commons erlangt wurde.--Hubertl (talk) 06:17, 19 June 2013 (UTC)

Translation: Where can I find all the CU-requests that have actually been carried out (or literally: requests that have been carried out with CU-justification), in order to check whether only really obvious problem cases were treated. Likewise, if ever a CU was performed regarding my account. I would also like to know whether cross-project CU's based on a SUL account are possible. More specific, if they are performed by CheckUsers, who only obtained their CU-status by an election on Commons. Wikiklaas (talk) 20:23, 19 June 2013 (UTC)
Projektübergreifend CUs durchführen geht nicht. Aber es ist hier möglich, dass gegen dich ein CU ausgeführt würde, wenn in einem externen Forum jemand behaupten würde, du wärest identisch mit Benutzer:XYZ, wobei es egal ist, ob du oder Benutzer:XYZ hier beide jeweils Zehntausende an Beiträgen hätte und es wäre auch egal, ob jemand von euch beiden hier und auf de-WP Adminrechte hätte. Gerüchteküche und Bauchgefühl eines Checkuser-Berechtigten ohne irgendwelche handfesten Indizien – es reicht für CU schon aus, dass du in einer Diskussion derselben Meinung wie ein anderer de-Benutzer bist, um verdächtigt zu werden, dass ihr dieselbe Person seid – reichen hier bereits aus, damit nach einer Anfrage, die nicht mal auf den CU-Seiten selbst stattfinden muss, ein Check durchgeführt werden kann (Beispiel des letztjährigen Checks von Saibo und Niabot, beide Zehntausende von Beiträgen und einer gewählter Admin hier und auf de:). Wenn eine Beschwerde hier auf Commons schnellgeschlossen wird, ohne dass der betreffende CUB überhaupt nur dazu Stellung bezogen hat, und man gegen ein solches Vorgehen protestiert, dann wird einem wiederum mit einer Sperre gedroht. So läuft CU auf Commons, und das finden die Meisten hier normal. Zu irgendwelchen Konsequenzen führen derartige CU-Checks hier nicht. --Geitost diskusjon 09:03, 20 June 2013 (UTC)


Request rejected

My request for transparency as to whether CUs have been run on my accounts, and if they have, then to be provided with a summary of the reasons this was done, has been open for a week. There have been no comments in the last 7 days, and with no reply from anyone holding Check User rights apart from questions and general statements, including assertions that this request was written to be disingenuous. I have had no contact privately with any reasons for this failure to meet my request, nor has there been any specific explanation of why I cannot know what investigations might have been conducted against me in secret.

I consider this request positively rejected, or deliberately ignored, by current CU rights holders. I am not a fly-by-night contributor, nor am I a simple troll or vandal, based on my leading record of contributions to this project over the last four years. I do not consider this a satisfactory response if the Wikimedia Commons community is truly serious about acting to implement our shared values of openness and transparency.

Many key volunteers are busy with Wikimania, so after the conference I intend to put a RFC to the Commons Community in order to define firm expectations on Check Users for a default of providing feedback for long term contributors that request it, unless there is an extremely rare current legal challenge, or serious, damaging and specific privacy issues for parties other than the requester, that requires that all information must be secret from the subject of the same check user investigations, potentially including that an investigation has been conducted. This should be binding on those with Check User rights and may result in appeals to the Ombudsman commission. -- (talk) 15:48, 1 August 2014 (UTC)

How and where is a user expected to request a summary of what CUs have been run on their account? I would like a definitive answer as to whether any CUs have been run on my account, what records have been retained, and the full reasoning behind any investigation. I am familiar with meta:CheckUser policy, and having an answer to my request fits within the guidelines of that policy. Thanks -- (talk) 03:30, 26 July 2014 (UTC)

I cannot speak for any of my colleagues, but I, for one, see no way to answer that question. I do not keep any record of CU checks where there is no evidence of sockpuppetry. I think that is true of all of us. Therefore it is entirely possible that I ran a CU check on you some time ago and have no record or memory of it -- I do not think that it is the case, but it is possible.
Please understand that a significant fraction of the checks that CUs run turn up nothing suspicious. If we never made mistakes of that kind, it would be obvious that we were not running enough checks. If you have never used a sockpuppet, then any CU check done on you is of little or no consequence. There is no way that a CU can remember IP addresses, and, as I said, no notes are taken. On the other hand, if you have used sockpuppets, then it is entirely possible that there is a record. That would be appropriate, so that we can check any future suspicious activity.
Also, please remember that while, as required by policy, we guard them very carefully, IP addresses tell very little about users, except for very general location. Mine,, will tell you I am somewhere in Boston*, a metro area of almost 5 million people. It will also tell you that my ISP is Comcast, the largest US ISP, with around 20 million customers. (*note -- about half of the sites say "Boston". The other half say "Newton Centre", which is a suburb of Boston and not where I am.)
Bottom line -- the user who does not abuse multiple accounts has nothing to worry about if a CU check is run on him. .     Jim . . . . (Jameslwoodward) (talk to me) 13:58, 26 July 2014 (UTC)
I am very unhappy with this answer, particularly the qualification "if you have used sockpuppets" as this may include alternative accounts, such as bot accounts, past accounts that are long since retired, or accounts only active on other projects; even declared alternate accounts are often called "sockpuppets". I believe this answer does not represent the intent of the policy on meta, nor policies of this project which have openness and transparency as a core value, only creating exceptions for defined legal issues or matters of understandable privacy.
If a current or past user with CU rights had run CUs on my accounts, I should be able to ask to be actively informed, receive an explanation behind each CU event, and receive copies of any reports that have been retained that are against my account and might be referred to as evidence in the future; by definition they cannot contain material that should be kept private from me. "If you have nothing to hide you have nothing to fear" is NEVER a good response to questions of transparency and the governance of the use of rights that have the potential to infringe on an individual's privacy. I am requesting a report, by confidential email if necessary, if I have ever been subject to CU and copies of whatever analysis has been recorded. In the past I have made a declaration of accounts, I can supply this again if someone is prepared to provide a meaningful report against my request.
My request is within the scope of the meta policy, and amounts to basic transparency to requests like this from long term contributors to Wikimedia projects.
The answer "we only have records for 90 days" is a bit thin, particularly if analysis, deductions or email summaries remain on record, even if these quote no IP address directly. If there is no proactive reporting policy, then the response from users might be to create a list of users that positively ask, every 90 days, for a report of any CUs being run on their accounts. It is not exactly hard for me to set up a bot to do precisely this by posting a request on AN every 3 months. -- (talk) 14:29, 26 July 2014 (UTC)
This comment strikes me as entirely disingenuous. Per COM:CU, sockpuppets are "multiple undisclosed accounts all controlled by the same editor that are used for fraudulent, deceptive, or otherwise disruptive purposes." By definition, then, sockpuppets exclude "bot accounts, past accounts that are long since retired, or accounts only active on other projects" (to say nothing of the fact that this is the Commons and checks performed here only provide information related to account use on the Commons). As this definition also corresponds to the colloquial use of “sockpuppet,” I would expect an experienced user to be well aware that sockpuppet necessarily means a disruptive alternative account, not merely an alternative account.
Your invocation of the meta checkuser policy also appears disingenuous. The policy identifies that "Notification to the account that is checked is permitted but is not mandatory." To somehow contort this into "I should be able ... [to] receive an explanation behind each CU event, and receive copies of any reports that have been retained that are against my account and might be referred to as evidence in the future" is ridiculous for, among other reasons:
  • Notification is not reasonably interpreted also to include explanation and/or copies of reports;
  • Notification is explicitly not mandatory (i.e., it is not a "right"); and
  • Non-mandatory notification, taken in conjunction with "This log is available to those with the checkuser-log permission" implies that log information is not to be disclosed without cause. Indeed, otherwise, one would expect notifications to be mandatory (or at least mandatory upon request) and/or the logs to be public.
That notwithstanding, Jim is correct in that much of the information you've requested is simply not retained. If you have a compelling reason (the aforementioned "cause") to receive notification of whether checks were run on your account, by all means provide it--here or via email--and it will be considered. Эlcobbola talk 15:41, 26 July 2014 (UTC)
Hi Эlcobbola. You have above twice accused me of being disingenuous. I read this as a direct accusation of being deceitful or dishonest. I have no idea why you are jumping to these apparently bad faith conclusions, when I have simply put a request for a answer as to whether I have been subject to Check User and whether any analysis or records of this exist. I am not part of a conspiracy, nor is anyone using me as a proxy to raise this question. With regard to "log information is not to be disclosed without cause", this seems on the surface to be an irrelevant concern for privacy when the person the log information is about is the one asking to know what has been recorded about them and has been accessed by users with CU rights. Asking for copies of the records would seem sufficient cause, indeed under UK law it would be required. -- (talk) 17:27, 26 July 2014 (UTC)
I've said “this comment” and “your invocation” (also a comment) appear disingenuous. You (Fae) are not your comments (“you have above twice accused me"). Sincere people at times make disingenuous statements; insincere people at times make sincere statements. I made and make no comment about you. You may endeavor to read critically before assumptions of bad faith in the future. I wonder why you concern yourself with this distraction instead of providing a reason for requesting private information to which you have no entitlement. You may believe (and may be correct) that it does not conflict your privacy, but it may conflict with the privacy of the user(s) who performed and/or requested the check. Эlcobbola talk 18:00, 26 July 2014 (UTC)
I am not going to continue dwelling on your wording, it is a tangent, however my reading was in simple standard plain English based on standard dictionary definitions of the negative words you chose to apply.
I would like to repeat my request. I believe that CUs have been run on my accounts, neither informing me that this has happened, nor sharing with me the results of any analysis. There can be no possible privacy issues with providing me with the results of CU analysis, as the information would be about me and my accounts, nobody else. This need not compromise the privacy of users who requested checks or performed checks, I have not asked for, nor expect, that information, so this concern is irrelevant.
Further I would like assurance that any future CU on my accounts will result in me being notified, the reasons for the check being conducted and any resulting analysis so that I have the opportunity to refute it if mistakes are being made. I believe that my request should be sufficient grounds to expect a reasonable response, however as it appears from this discussion that Wikimedia Foundation policy forces a situation that a simple user request is insufficient, I can state that I sometimes log in from multiple IP addresses in parallel, use shared IP addresses from time to time, and regularly use multiple browsers and device types to make contributions which will give varied header information and even arbitrarily non-standard header information. I have in the past been falsely accused of internet harassment, which has apparently been conducted by others, who either are deliberately pretending to be me, or are being assumed to be associated with me. In these circumstances it is entirely possible for CU information to be misinterpreted.
I would like as full a set of records as is possible of any private information about my edits used in Check User investigations, to best protect my interests in the long term. -- (talk) 18:29, 26 July 2014 (UTC)
Just a technical comment. Fae, if no negative record is ever kept, how do you expect to get a report? Or do you mean that se should keep all records, including negative ones? I think that may not be acceptable to WMF's privacy conditions, and would be counterproductive for achieving a system with more privacy. That's the point of not keeping a record. Generally, if more records are kept, there are more risks for privacy issues. Regards, Yann (talk) 18:39, 26 July 2014 (UTC)
I have no such expectation, nor have raised this above. If analysis, reports or emails exist on record or in archives, then I would like copies, even if information on other people is redacted. The WMF policy allows for the basic information to be logged of when a CU was done and the reasons for doing it, there is nothing in that policy that says this must not be shared in response to a request for transparency, or that secondary analysis cannot be shared. Specifically the same policy states that information may be shared "with permission of the affected user", in this case I have explicitly given permission to share any information about me, with me.
A minor point of clarity, if no CU has ever been run on me, and there has never been a request, then this should be an easy positive answer to give. If a CU has ever been run, then my understanding of how this works is that current CUs can easily see that it happened in the logs, and any reasons, even if they were not involved or a CU at that past time. -- (talk) 19:01, 26 July 2014 (UTC)

Clarification to CU policyEdit

Hello sorry to ping you, when I was surfing in our Wikimedia project I found this requests for comment. I just wanted to notify that to you in the case you were not aware. @Trijnstel: @Magog the Ogre: @Krd: @Jameslwoodward: @Elcobbola:. Regards, Christian Ferrer (talk) 18:20, 5 August 2017 (UTC)

@Christian Ferrer: thanks for the heads up.   Magog the Ogre (talk) (contribs) 02:22, 6 August 2017 (UTC)
@Christian Ferrer: Thanks, you might want to review Template:Reply to/doc#Multiple recipients.   — Jeff G. ツ 03:06, 6 August 2017 (UTC)

Possible Joe JobsEdit

With reference to INeverCry, I saw damage done through a Wikipedia suspected sock investigation that concluded that accounts confessing to be so-and-so, blocked user, were actually that user. Such a confession is grounds for immediate block, but when it is concluded that this was the blocked user user "confessing," long-term harm can be done. "Duck test" blocks can easily be fake accounts, created to harassed the blocked user. Please be careful! Much less common, but still possible: accounts that use an open proxy or other access that could appear as possible or even confirmed by checkuser. Self-confession does occur, but it should always be viewed with healthy suspicion. For the example of impersonation that I have in mind:

  • 22 June 2017 was filed for actual socking by the user (as admitted off-wiki, for some of the listed accounts, not for others.
  • 19 August 2017. What was called "obvious" had been created by impersonation.
  • On meta, it was shown by steward checkuser that the original SPI filer and all those disruptive socks were the same user. This was actually an LTA -- that is under investigation -- attacking a relatively harmless -- at worst -- enemy.

Please be careful. INeverCry was a long-term, high-contribution user, and should be treated with respect and caution. I hate to see a million-edit user tossed away like a piece of junk. I was no particular friend of INC, but believe that the communities should be careful about extreme reactions. INC should not get a pass, but should be allowed to recover, if he can. His primary account should be allowed Talk page access, unless it is clearly and harmfully abused, and even then, blocks should clearly be accompanied by offers to reinstate editing privileges if errors are admitted. Any blocking admin (latest block) may restore status quo ante without discussion. --Abd (talk) 13:13, 5 October 2017 (UTC)

Return to the project page "Requests for checkuser".