Wikipedia talk:Sockpuppet investigations/Archive 14

This page is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

Notification appears to be discretionary and the template for notification optional but If an editor decides to leave a comment on the talk page of the person for whom a Sock Puppet Investigation has been requested, should that editor mention this in one of the comment sections on the page for the open case in question? That seems appropriate to me, especially if the editor is involved in such a case as Clerk, CheckUser, and/or patrolling admin. Verso.Sciolto (talk) 04:15, 21 January 2014 (UTC)

Why? Anyone who is looking into the case will be aware of it by default.
 — Berean Hunter (talk) 15:44, 21 January 2014 (UTC)

For the same reason links are provided to specific entries / differences from articles, contribution lists and talk pages. Ease of reference and direct access to pertinent materials via one centralised location, for those reading about a case. A note in the comments will provide a link with a timestamp for a notification that may already have been archived. Do not know what you mean by default - there is no reference to such a notification that I can see, not when looking at the list of open investigations nor when looking at the page for a specific investigation either. Verso.Sciolto (talk) 04:29, 22 January 2014 (UTC)

By default, anyone who is looking at the case will have discovered such talk page notices themselves so there would be no need to state the obvious.
 — Berean Hunter (talk) 04:52, 22 January 2014 (UTC)

Thank you for your clarification but I disagree with your assessment. If I had thought it was obvious I wouldn't have left this suggestion. Leaving a notification or comment on a talk page is not the default. Since leaving notifications on the talk pages of editors for whom an investigation has been initiated is not done in all cases, and is in fact strongly discouraged by sock puppet investigators in most cases, a reader can't therefore expect that a comment will always be present on talk pages of those involved. It therefore seems appropriate to me, especially for a Clerk, CheckUser, and/or patrolling admin, to make note in the case record when they have left a comment on the talk page of the person(s) under investigation. A note in the comments for a specific investigation will lead directly to a specific entry in a talk page history/archive and will also inform those who don't have the talk pages on watch that there has been some activity in the public portion of an investigation and it will provide guidance for those who may check a closed case in the future after it has been archived. Verso.Sciolto (talk) 05:34, 22 January 2014 (UTC)

If one suspect a IP user to actually be an user under a different IP number which has also edited the article (without linking the accounts), whats is the appropriate action? Assume that the IP changed from being dynamic and talk to the user on their talk page and try get them to link the account, or is it better to let the administrators take care of it so the user do not feel accused by an other editor? I found that together with identical editing style, the geo-ip resolve to the same location and same ISP. Belorn (talk) 21:48, 27 January 2014 (UTC)

I requested a range block on the IP range (39.32.x.x) used by the LanguageXpert in the last report I filed, but I am not sure if it was done as I still see his IP sock edit warring. This user edits a large number of articles so it is a cumbersome process to request semi-protection of each article separately and presenting a new case every time that is reviewed by a different admin. The issue is actually the edit wars LanguageXpert socks and IP socks get into, on most of the articles it is with Bhural socks (182.x.x.x) and possible meat puppets (41.x.x.x). So can someone please review it. -- SMS ^Talk 05:06, 28 January 2014 (UTC)

Smsarmad, the range he uses is very busy, and far too many innocent editors would be inconvenienced if we blocked it. I'd like to be able to block it, but sadly, it won't be possible. ​—DoRD (talk)​ 13:12, 28 January 2014 (UTC)

Thank you for reviewing it. Seems like the semi-protection is the only way forward. -- SMS ^Talk 18:40, 28 January 2014 (UTC)

Resolved

Wikipedia:Sockpuppet investigations/Leoesb1032 has not been processed in two weeks. Could a checkuser please take a look? Thanks. -- King of ♥ ♦ ♣ ♠ 10:27, 29 January 2014 (UTC)

Just a poke, ACC has 69 waiting requests, if anyone is available. Thanx Mlpearc (open channel) 18:36, 7 February 2014 (UTC)

Hi,
I have recently met a new account which is obviously a sockpuppet. However, connecting the account to a specific sockmaster is difficult because there has been some attempt to conceal the persona (the account is more interested in stalking adversaries than in inserting specific content), so I can see overlaps with two different well-established editors - and I'm sure those two are different people. So, this doesn't quite fit into the standard SPI approach where you name the sockmaster upfront - and I am always wary of falsely accusing people. What's the best approach to take here? bobrayner (talk) 15:01, 15 February 2014 (UTC)

Bobrayner, if you send me an email message with the account name and your suspicions, I'll try to advise you as to how to proceed. ​—DoRD (talk)​ 15:14, 15 February 2014 (UTC)

Thanks. I think there is a storm brewing offsite, and I expect more sockpuppets to appear in the Balkans soon - sorry for keeping you guys so busy! bobrayner (talk) 16:12, 15 February 2014 (UTC)

Any idea what the delay is on getting this one dealt with? Thanks. --JBL (talk) 14:48, 25 February 2014 (UTC)

It looks dealt with now. We're just extremely backlogged. NativeForeigner ^Talk 18:13, 26 February 2014 (UTC)

Yep, thanks! --JBL (talk) 19:53, 26 February 2014 (UTC)

I am a computer science Ph.D. student. Is there a list of sock puppets that have been identified? Srijankedia (talk) 23:42, 26 February 2014 (UTC)

I don't know of any specific list of sockpuppets, but you can find a list of cases here. ​—DoRD (talk)​ 17:32, 1 March 2014 (UTC)

Also, this category is a partial list of sockpuppets. ​—DoRD (talk)​ 17:36, 1 March 2014 (UTC)

The user Shabir ali khan and Shabirdop are indeed the same user-but can't do a report as I don't know who registered first. Wgolf (talk) 06:57, 1 March 2014 (UTC)

Wgolf, Shabirdop was created on 28 August 2012 and Shabir ali khan on 3 January 2014. But have they violated the Sock puppetry policy? -- SMS ^Talk 17:28, 1 March 2014 (UTC)

Thanks-and yes since the user Shabirdrop made a bio page for himself with the name Shabir ali Khan as well as edited that users page. It seems likely. Wgolf (talk) 17:29, 1 March 2014 (UTC)

FYI

You are invited to join the discussion at Wikipedia talk:Sockpuppet investigations/SPI/Administrators instructions#Tagging IPs regarding tagging IPs that are sock puppets.—Bagumba (talk) 07:12, 24 March 2014 (UTC)

Please make sure that there is enough evidence that is clearly outlined before endorsing checks. If the CU has to go reading through the archives or contributions to determine if there is enough evidence, that is not a good use of their time, especially as we are quite short on CUs this week. --Rschen7754 07:35, 25 March 2014 (UTC)

Wikipedia:Sockpuppet investigations/Turgeis/Archive is about copyvio from a book by Charles Esdaile. The latest round of Wikipedia:Sockpuppet investigations/-Ilhador-/Archive is about pushing concepts from the game Europa Universalis into our articles and was seen as overlapping with Turgeis at the time. I can confirm that there is a clear overlap from editors and two IP ranges (at least). Dougweller (talk) 16:14, 30 March 2014 (UTC)

I have seen several requests for CheckUser at SPI declined because the diffs have become "stale". When would a case become "stale" for a CheckUser to make an adequate check? There's been quite the backlog at SPI lately (with some cases unattended for almost two weeks), and what I don't want to have happening is a case to go stale because of it. Thanks, Mz7 (talk) 01:20, 6 April 2014 (UTC)

Generally, data used by CUs is only retained for a few months ("This information is only stored for a short period (currently 3 months), so edits made prior to that will not be shown via CheckUser." - m:CheckUser policy). That's generally what stale means in the CU context.--Bbb23 (talk) 01:31, 6 April 2014 (UTC)

I see. Thanks! Mz7 (talk) 02:17, 6 April 2014 (UTC)

A public record of log-in/log-out times for all registered accounts would be a great tool for sock-hunters. This would discourage socking with proxy servers because SPI clerks could look for any suspicious log-in/log-out behaviors. I.e., Editor A is accused of socking with Sock B, but the log-in record shows that either both were commonly logged-in at the same time or that they were never logged-in at the same time. Editor A logs-in for 15 minutes and makes some edits, then they log out and 2 minutes later Sock B logs-in, causes some disruption, then logs out. Editor A then logs back in and resumes editing. If editors showed a pattern of this it could be one more tool for SPI clerks. Any thoughts? GabeMc ^{(talk|contribs)} 17:32, 4 April 2014 (UTC)

That would have serous privacy issues, and be useless if different browsers are used. Werieth (talk) 17:36, 4 April 2014 (UTC)

Why would there be more privacy issues then keeping a public record of my edits? GabeMc ^{(talk|contribs)} 17:40, 4 April 2014 (UTC)

One can log in and have a profile, preferences and such without ever editing. It also may provide far more detail than editing. A user may login daily, check their watchlist and read stuff, but make only 1 edit per week. The logs of login/logoff would provide a very detailed guide to where the person lives. Also the remember me option would mean that A user could "login" once a month, and never log out. It can also be easily spoofed by using multiple browsers and logging in within seconds of eachother. It would provide very little concrete proof while exposing quite a bit more. Werieth (talk) 17:53, 4 April 2014 (UTC)

I guess you're right, but what about making these available only to SPI clerks and/or CUs? GabeMc ^{(talk|contribs)} 18:00, 4 April 2014 (UTC)

Given how un-reliable and easy to spoof this would be, its useless as a reliable tool. Werieth (talk) 18:15, 4 April 2014 (UTC)

Not completely useless (e.g. for dealing with sockmasters who aren't as...technologically inclined); the results just need to be taken with a grain of salt. I don't know exactly what CUs have access to, but I wouldn't be surprised if they could see this sort of info. 206.117.89.4 (talk) 19:15, 16 April 2014 (UTC)

They cannot. Someguy1221 (talk) 08:53, 18 April 2014 (UTC)

Yep, from my understanding, only stewards who check login.wikimedia.org would be able to see that sort of information. Is that right Rschen7754? Callanecc (talk • contribs • logs) 12:31, 18 April 2014 (UTC)

I'm kind of concerned over the edits by some editors. I've noticed a lot of various different hoax articles about Beyonce, usually under the name "Mrs. Carter". I can't remember all of them, but they've all sort of been along the same lines, such as The Mr. & Mrs. Carter World Tour ‎, The Mrs. Carter Show World Tour starring BEYONCÉ LIVE!, Beyoncé: Mrs. Carter, The Flawless World Tour, and so on. I'm not entirely certain that they're the same person, but I've noticed a specific trend lately and many of them will have the same MO, where they make a few edits, introduce a hoax article about Beyonce and then sort of skedaddle. Other than most of them sharing the term "Mrs. Carter", I'm not entirely sure that they're the same person, so I don't entirely feel comfortable making a SPI about them since I don't really have a lot of tangible proof that they're the same person, especially given that Beyonce is so publicly recognizable and thus likely that several people might want to create a hoax about her. (Which is why I'm not listing their usernames here.) Anyone have any opinion about this? I could swear that there are a few more out there, but I can't for the life of me remember which ones they are. Tokyogirl79 (｡◕‿◕｡) 08:10, 20 April 2014 (UTC)

The worst thing that could happen with a SPI in a case like this is that it is closed as inconclusive. The best thing that could happen is that you've busted up a sockfarm. It seems that you have reasonable cause to file one. If you need help filing it, throw me some names and I'll be happy to volunteer some assistance. Doc talk 09:08, 20 April 2014 (UTC)

• Can do! I'll start compiling a list. I just get this feeling that there's one or two people behind this. Tokyogirl79 (｡◕‿◕｡) 09:15, 20 April 2014 (UTC)

• Actually... upon some really, really deep searching, I think that these might be socks of User:GagsGagsGags, who seems to be the one I was thinking of that was making similar pages. I'll make a page under that username. I have a feeling that they might be the same, so it's a good thing you encouraged me! Tokyogirl79 (｡◕‿◕｡) 09:25, 20 April 2014 (UTC)

Hello, I've found this, but I don't know any edits to prove that it happened. Any suggestions? --NaBUru38 (talk) 00:29, 1 May 2014 (UTC)

Seems fake. I looked at some of the files they show in en-wiki (where they claim to have done this), pt-wiki (which all the shown pages were in), and Commons. No sign of any corporate conspiracy. Given that, I'm not sure of the intent of the video... 206.117.89.5 (talk) 04:08, 2 May 2014 (UTC)

I think the SPI header has a few issues, from where I stand, and I'd like to improve it a little. So this post is to get a bit of feedback on possible changes.

Issues with current page

1. Two key points are bulleted; a third bullet is crucial to state: some evidence must not be posted on public wiki pages. Even good-faith users often don't know.
2. Not clear enough that in most cases behavioral evidence is enough, hence technical is extra. Makes it sound like 2 investigations.
3. Disproportionate space taken for CheckUser info. CU is 1/2 of header - it's both too much, and also still omits key points.
4. Omitted crucial point that sock decisions do NOT mean we magically "know" they are the same, or allege fraud took place - a very common and much-resented complaint we could completely avoid! It means for Wikipedia purposes we treat them as if under common direction
5. Poor/very limited information on basic SPI stuff, mostly left as "look it up" rather than summarized in brief.

We have "open a new case" in a collapse box. Using collapse boxes works well here. I'd like to add 2 more, one about privacy, one about CU, and thenmove most of the CU info to the collapse box, which cuts down the main text and anyone interested in CU can read more below.

Current header

This page is for requesting that we investigate whether two or more Wikipedia accounts are being abusively operated by the same person. Before opening an investigation, you need to have good reason to suspect sock puppetry. Evidence is required. When you open the investigation, you must immediately provide evidence that the suspected sock puppets are connected. The evidence will need to include diffs of edits that suggest the accounts are connected. (This requirement is waived if the edits in question are deleted; in this case just provide the names of the articles that both have been editing.) You must provide this evidence in a clear way. Vaguely worded submissions will not be investigated. You need to actually show why your suspicion that the accounts are connected is reasonable. Investigations are conducted by an administrator, who will compare the accounts' behaviour and determine whether they are probably connected; this is a behavioural evidence investigation. Upon request, investigations can also be conducted by a CheckUser, who can look at the physical location of the accounts (and other technical data) in order to determine how likely it is they are connected; this is a technical evidence investigation. Due to Wikipedia's CheckUser policy, CheckUsers will only conduct a technical investigation if clear, behavioural evidence of sock puppetry is also submitted; if you ask for technical evidence to be looked at but do not provide behavioural evidence, the investigation will not be allowed to proceed. Additionally, CheckUsers will not publicly connect an account with an IP address per the privacy policy except in extremely rare circumstances. How to open an investigation Rest of content here...

Draft rewrite to consider

This page is for requesting that we investigate whether two or more Wikipedia accounts or IPs are being abusively operated by the same person. Before opening an investigation, you need to have good reason to suspect sock puppetry. Evidence is required. When you open the investigation, you must immediately provide evidence that the suspected sock puppets are probably connected. The evidence will need to include diffs of edits that suggest the accounts are connected. (This requirement is waived if the edits in question are deleted; in this case just provide the names of the articles that both have been editing.) You must provide this evidence in a clear way. Vaguely worded beliefs and submissions will not be investigated. You need to actually show why your suspicion that the accounts are connected is reasonable. You should not post personal, private, very sensitive, or off-site material about other editors here, including most off-site communications, social media, and webpages. Some material is permitted if you obtain permission. Please see below if you have useful evidence that isn't from Wikipedia's public pages, or was on Wikipedia but is now deleted, or is very sensitive. Investigations are conducted by an administrator, who will compare the evidence you and others provide, about the accounts' behaviour and editing, to determine whether they are probably connected; we call this behavioural evidence. This is often enough to decide the majority of cases. A decision that socking has occurred does not necessarily mean the editors are "proved" to be the same person (we can't always be sure the exact setup or how many people are typing). It means that for Wikipedia purposes we feel there is quite good evidence that their closely co-ordinated or extremely similar behavior suggest that we apply our policy to treat such accounts and their edits as the work of either the same person, or editing in common by connected or 'recruited' people. In both cases, the result is that sanctions and Wikipedia activities of any one individual operating the accounts, will also affect anyone else who may operate the accounts, and the additional accounts will usually be blocked. In complex or uncertain cases, anyone can ask for additional SPI work to be conducted by a CheckUser, who will look at the physical locations of the accounts (and other technical data) in order to determine how likely it is they are connected; we call this technical evidence. Technical evidence is sometimes helpful when the full extent of abuse is unclear, or where there is good reason to suspect there may be undetected abusive accounts or activity, or when a user may be evading a block. But you need to provide clear, behavioural evidence of possible sock puppetry and also a convincing explanation why a decision based on behavioral evidence might not be enough to resolve the issue, otherwise it won't be looked at. Please see below for more information about asking for technical evidence, and what will (or won't) happen when you ask. Further info: Privacy issues Material that is not already publicly viewable on Wikipedia should not be posted at SPI. Ask to submit it by email instead, if it's necessary. Wikipedia has strict policies about harassment, including public "outing" and "doxing" of editors, even if just to "prove" they are abusing Wikipedia (and even if they posted the material themselves). Generally your SPI evidence should include only pages, diffs, and public log entries, on Wikipedia and its sister sites and public Wikimedia mailing lists only. In particular it must not include: Personal information about an editor beyond that on public Wikipedia pages (such as names and nicknames, identifiers, contact or social media details, real-world information, work information, location data) Communications taking place off Wikipedia's public pages, unless all the parties to the conversation agree you can do so Evidence from third party websites or external organizations Personal information that was once on Wikipedia but is now deleted and not publicly viewable (you can link to the diff though). We are happy to consider such material if it's necessary, and if it clearly shows that serious abuse of Wikipedia editing is probably taking place, but only by email or similar. There are a small number of highly experienced users trusted to make decisions about abuse and violations based on such information. Our policies exist mainly to forbid public disclosure and reduce the risk that private material gets used for harassment, retaliation, and "trolling". So you can ask to submit the evidence - but you must not post it on Wikipedia's webpages. If non-public material may be helpful in a case, or may help to demonstrate someone is abusing Wikipedia, then please don't post at SPI to start with. Instead ask for advice from any CheckUser or email the functionaries team. If they are convinced it's necessary, you will probably be asked to submit the evidence by email to an appropriate user or team instead. Further info: CheckUser and technical evidence Technical evidence is only ever sought in addition to normal behavioral (visible) evidence. It has a very strict privacy policy of its own, so in practice CheckUsers are extremely close mouthed about their detailed examination, do not use the tool unless convinced by the facts of the case that it's appropriate, and disclose publicly as little as they feel able of any private information seen in their examination, in order to prevent abuse and safeguard private information. Normally they will state the accounts shown to be closely enough connected (or operated in concert) to be considered abusive, and any other unknown accounts detected, and little more. In addition, all uses of CheckUser examination tools are logged and are subject to review to confirm there was a good reason to use them. In particular we do not allow CheckUser to be used for mere vague suspicions without real grounds ("fishing"), and CheckUsers will try hard not to disclose or link IPs to users publicly (even abusive users) if it seems the matter can be resolved without doing so. However in serious, continuing, and extreme abuse cases, limited private information such as IP addresses may be permissibly disclosed to editors on our public pages, in order to improve detection and prevention of further abuse. Because editors' privacy is so important to us, technical evidence will only be examined if you provide clear, behavioural evidence of possible sock puppetry and also a convincing explanation why a decision based on behavioral evidence might not be enough to resolve the issue. If you ask for technical evidence to be looked at but do not provide clear behavioural evidence why you think there is a problem, we won't be able to help - you must include reasons and evidence substantiating your concerns. How to open an investigation Rest of content here...

Feedback welcome. FT2 ^{(Talk | email)} 22:11, 3 May 2014 (UTC)

Thank you for thinking of this FT2, but your proposal is making things more complex rather than simpler. The only direction I'm willing to move at this point is "simpler". Risker (talk) 02:57, 4 May 2014 (UTC)

A collapse box labeled "privacy issues" is not going to confuse people. If you believe WP:OUTING matters then you might consider where else a user will learn of this upon visiting SPI, if they visit to report socking based on - unknown to them and apparently quite reasonably - material from a forum or facebook page they follow, or email they saw.

If non-admins can navigate the arcane click-throughs and forms to report a sock and the technical skills to collate diffs and behavioral evidence of socking, I'm sure a collapse box explanation that says "don't post these things on the wiki, report them by email" is valid and pretty darn simple. "Simple" is indeed helpful but so is balance with actual crucial needed-by-visitors information. I'd like to hear from people who aren't admins and CheckUsers first, before judging if we can do better, if that's okay. FT2 ^{(Talk | email)} 12:10, 5 May 2014 (UTC)

To your last sentence: no, I don't think we should. Admins and checkusers are precisely the people that have observed, day in and day out, what works in this process and what does not. AGK [•] 12:24, 8 May 2014 (UTC)

I'm sorry to see that attitude AGK, while you may not be interested in the opinions of mere editors, the community as a whole disagrees. All the best: Rich Farmbrough, 13:47, 8 May 2014 (UTC).

I'm sorry you struggle to understand what I write. I said it is worth hearing from both checkusers and editors. You surely don't propose that checkusers are to be ignored and suppressed, do you? AGK [•] 14:39, 8 May 2014 (UTC)

• Absolutely not. We rewrote the header because it was so full of bloat and poorly-written prose that users of this process were completely ignoring what it said. This proposal completely overturns this effort and puts us back to the days when SPI and SSP were full of complex instructions comprehensible to nobody. TL;DR still counts for something, in our book. AGK [•] 12:22, 8 May 2014 (UTC)
• I'm not sure it's an improvement. I would like something to the effect that checkusers will not checkuser obvious socking, as this is something that has become lost in the last few years. All the best: Rich Farmbrough, 13:49, 8 May 2014 (UTC).
  

  Let me work on an alternative draft for a bit. All the best: Rich Farmbrough, 13:55, 8 May 2014 (UTC).
  

This page is for requesting that we investigate whether two or more Wikipedia accounts or IPs are being abusively operated by the same person. Before opening an investigation, you need to have good reason to suspect abusive sock puppetry. Evidence is required. You must immediately provide evidence that the accounts are probably connected, and being used abusively if so. The evidence will need to include diffs of edits that suggest the accounts are connected. (This requirement is waived if the edits in question are deleted; just provide the names of the relevant pages.) You must provide this evidence clearly. showing why a suspicion that the accounts are connected is reasonable. Private or off-wiki information should be communicated separately - see below. Investigations are conducted by an administrator, who will examine the evidence you and others provide to determine whether they are probably connected, and being used abusively; we call this behavioural evidence. This is often enough to decide the majority of cases. A decision that socking has happened means that for Wikipedia purposes there is good enough evidence of co-ordinated or extremely similar behaviour to apply our sock puppet policy. Consequently sanctions and Wikipedia activities of one account, will affect all accounts. In complex or uncertain cases, anyone can ask for additional SPI work to be conducted by a CheckUser, who gather technical evidence using the CheckUser tool. There will need to be clear, behavioural evidence of possible abusive sock puppetry, but not enough to decide the case. Further info: Privacy issues this section not changed in this draft Further info: CheckUser and technical evidence this section not changed in this draft How to open an investigation Rest of content here...

I have re-drafted the top section of FT2's draft. It is comparable in length with (slightly shorter than) the version we currently use. All the best: Rich Farmbrough, 14:19, 8 May 2014 (UTC).

I submitted a request at 01:17, 1 May 2014‎ and the request was endorsed at 14:02, 5 May 2014‎. And now awaiting a Checkuser. This does not seems to be working properly. Any thought?―― Phoenix7777 (talk) 08:44, 7 May 2014 (UTC)

Either more admins willing to block in more circumstances without CU confirmation but mainly more active CheckUsers. Callanecc (talk • contribs • logs) 14:06, 7 May 2014 (UTC)

Callanecc, what is the process of being approved as a checkuser? Are there still checkuser clerks? Liz ^{Read! Talk!} 22:29, 7 May 2014 (UTC)

We appear to be down a couple of CUs due to RL commitments at the moment. Although Callanecc has been doing the majority of the clerk heavy lifting and Atama has been helping out a lot on the admin side as of late, SPI would certainly benefit from having a few more active clerks and admins. Breakdown:

• 47 cases requiring archiving (handled by clerks or willing admins)
• 4 cases requesting CU (to be reviewed and endorsed/declined by clerks)
• 5 checked cases (requiring follow-up and closure by clerks)
• 26 open cases not requesting CU (can be handled by any willing admin)
• 2 cases requiring further info from OP

Therefore out of 94 cases, only 10 require immediate CU attention. Information regarding Checkuser elections can be found here and information regarding clerking can be found here.--Jezebel'sPonyo^{bons mots} 23:11, 7 May 2014 (UTC)

Thanks for the link, Jezebel'sPonyo. I didn't realize how much of the work here was done by clerks. Liz ^{Read! Talk!} 16:19, 8 May 2014 (UTC)

Article New Relic: http://en.wikipedia.org/w/index.php?title=New_Relic&dir=prev&action=history August 10 2013 to September 10 2013. One suspected Morning277 sockpuppet involved. Account A adds lots of text. Changes lightly with the edit „make more neutral” after it was tagged. Account B removes advertisement tag two days later. Account C (banned: suspected Morning277) „cleans up” to make this version survive? Looks like Wiki-PR coordinated editing to me and matches their silicon valley client preference, too. — Preceding unsigned comment added by 188.104.94.195 (talk) 22:57, 7 May 2014 (UTC)

1. Wikipedia:Sockpuppet investigations/Lilkunta/ I have moved this to Wikipedia:Sockpuppet investigations/Lilkunta. I believe the redirect could be speedied as housekeeping if nothing links there. The investigation shoudl probably be archived as stale
2. Wikipedia:Sockpuppet investigationsAlexBrownGarcia should probably be deleted or hist merged to Wikipedia:Sockpuppet investigations/AlexBrownGarcia and archived
3. Wikipedia:Sockpuppet investigationsChaosname should probably be histmerged to Wikipedia:Sockpuppet investigations/Chaosname and archived
4. Wikipedia:Sockpuppet investigations Gareth Griffith-Jones I have moved to Wikipedia:Sockpuppet investigations/Gareth Griffith-Jones should be archived as stale. It may need a little tidying too.
5. Wikipedia:Sockpuppet investigation/NVanMinh I have moved to Wikipedia:Sockpuppet investigations/NVanMinh. I don't believe any action is required.
6. Wikipedia:Wide surge 7 should probably be histmerged with Wikipedia:Sockpuppet investigations/Wide surge 7 and archived as stale

The following SPI pages are on talk pages, and should probably be histmerged to Wikipedia space and archived as stale.

1. Wikipedia talk:Sockpuppet investigations/Mukukv
2. Wikipedia talk:Sockpuppet investigations/Richard Daft
3. Wikipedia talk:Sockpuppet investigations/Jnc
4. Wikipedia talk:Sockpuppet investigations/Himesh84
5. Wikipedia talk:Sockpuppet investigations/78.144.236.198
6. Wikipedia talk:Sockpuppet investigations/Thesomeone987

The following SPI pages are on talk pages, and should probably be moved to Wikipedia space and archived as stale.

1. Wikipedia talk:Sockpuppet investigations/108.170.85.234
2. Wikipedia talk:Sockpuppet investigations/Mankiw2

I have moved the following page from talk to Wikipedia space. It should probably be simply archived as stale.

1. Wikipedia talk:Sockpuppet investigations/RussellHill 2013

Of course, feel free to revert the page moves I have made if you think it appropriate. All the best: Rich Farmbrough, 21:41, 11 May 2014 (UTC).

This page is a very old draft SPI in user space. I believe we have criteria for speedy deleting this sort of thing. All the best: Rich Farmbrough, 22:16, 11 May 2014 (UTC).

I have blanked the page, which seems both appropriate and sufficient. All the best: Rich Farmbrough, 08:29, 12 May 2014 (UTC).

(ec) Thanks, Rich. I deleted the redirects in the first section. I also deleted one of the cases because there wasn't anything to investigate there. I'll try to do something with the rest of them when I have some spare time. ​—DoRD (talk)​ 22:22, 11 May 2014 (UTC)

I was looking into Danton's Jacobin and the accounts that were accused of being his socks (see Category:Wikipedia sockpuppets of Danton's Jacobin). But I searched the archives and can find no documentation on the investigation that was done. Can you direct me to the correct page? There must be some record, just in case future socks appeared, so they could be added to the report. Liz ^{Read! Talk!} 15:22, 11 May 2014 (UTC)

It doesn't appear that a formal investigation was done, but that isn't particularly unusual. There are is an archived ANI discussion regarding the editor, though. ​—DoRD (talk)​ 22:03, 11 May 2014 (UTC)

I didn't realize that, DoRD. It seems like it would be useful to have a page listing all of the socks, for future reference. Thanks for the link. Liz ^{Read! Talk!} 20:35, 16 May 2014 (UTC)

Ironically, a page listing all the suspected and proven socks is usually not all that helpful at all after a year or so, particularly if it includes IP addresses. As an ever-increasing percentage of non-institutional IPs are dynamic, and the geographic ranges covered by IP ranges expands in many countries (US and UK in particular), it is rare that a non-institutional IP address is not reassigned at least every few months. I really wish people would stop including IP addresses in the "Category:Socks of xxxx" pages, and would love to see someone come up with a bot to remove the tags and categorizations from IP user pages after, say, six months. By that time, even when it's an institutional, truly static IP, it is almost guaranteed that if someone is editing from that IP, it is not the person who caused the trouble. Risker (talk) 03:09, 21 May 2014 (UTC)

That's been tried recently (a bot IP sock tag remover), and it was met with some... resistance.[1] It would probably take a RfC to approve such a thing. I know I'd oppose it again: as it would remove my ability to track pests like Sven70 (talk · contribs), who only uses IPs now and was recently active using an IP that only he has used since October of last year with 163.32.124.125 (talk · contribs) Doc talk 03:50, 21 May 2014 (UTC)

Of course we are short of people to run such bots. A related (and consensus) proposal (old IP warning) struggled to find an implementer at BOtreq recently. All the best: Rich Farmbrough, 03:39, 22 May 2014 (UTC).

The existing table has some odd entries for status, that actually reflect an action taken for example close. Also run-together statuses like cudeclined and cumoreinfo. I propose the following status strings.

• Declined
• Declined (CU)
• Endorsed
• On hold
• On hold (CU)
• Requires more info
• Requires more info (CU)
• In progress
• Relisted
• Completed
• Closed
• Awaiting checkuser
• Awaiting administrator
• Open

These are implemented in {{SPIstatusentry/sandbox}} and an example is at Template:SPIstatusentry/testcases. I also propose to ask Amalthea to use the phrase "Time stamp" for the time columns instead of "timestamp".

All the best: Rich Farmbrough, 22:13, 21 May 2014 (UTC).

Just as a summary, what would the difference be in terms of viewing the table on the main SPI page? Callanecc (talk • contribs • logs) 08:09, 22 May 2014 (UTC)

The entries in the "status" column would be made of real English words, with spaces in between them, that reflect the status. All the best: Rich Farmbrough, 13:07, 22 May 2014 (UTC).

Thanks just wanted to check that that's all would change. Sounds like a good idea. Callanecc (talk • contribs • logs) 13:12, 22 May 2014 (UTC)

As I have been used to the existing statuses for a long time, and so have the other checkusers and the SPI clerks and sysops, I oppose removing them (if that is what is proposed here). Otherwise, more failsafes are always a good thing. AGK [•] 14:47, 22 May 2014 (UTC)

As long as the current parameters are grandfathered in I don't have a problem. Callanecc (talk • contribs • logs) 15:06, 22 May 2014 (UTC)

It doesn't affect what you put in the SPI reports at all, it simply makes the table more readable. All the best: Rich Farmbrough, 16:01, 22 May 2014 (UTC).

By resolution of the committee, our rules and internal procedures are currently being reviewed with the community. You are very welcome to participate at WT:AC/PRR. Information on the review is at WP:AC/PRR. The current phase of the review is examining the committee's procedures concerning advanced permissions (and the appointment and regulation of permissions holders). AGK [•] 11:22, 24 May 2014 (UTC)

Participate in this review

A request for checkuser was declined at Wikipedia:Sockpuppet investigations/ChildofMidnight, with the CU in question saying that it would have to be determined by behavior. How long does one of these generally go on? I can't remember previously participating in a behavior-based SPI, so I'm not clear if it will go for several days until a time limit, or if it's eligible to be closed now, or if it will keep going until an uninvolved admin comes along to close it. Nyttend (talk) 00:58, 24 May 2014 (UTC)

• All SPI cases are behavioral based, actually. Even with CU, you have to pin behavior, not just technical link. The problem is that this is a very complicated case involving two accounts with 25k plus edits. I looked at it myself, but I'm not fully objective here. The behavioral work doesn't require a CU or clerk. Any admin (or multiple) can and if they find a link, make the block. Or pipe in and say "I don't think they are linked" if that is the case. Dennis Brown | 2¢ | WER 01:06, 24 May 2014 (UTC)
  • You can have all the "behavioral evidence" in the world, but if the sockmaster knows how to use proxy servers – like all the good ones do – you are just wasting your time with SPI and CU. GabeMc ^{(talk|contribs)} 22:12, 25 May 2014 (UTC)
    • Not really relevant. With blocks to names, admin don't know the underlying IP, and regular IP addresses are easier to get than open proxies. If a CU finds an open proxy (or an admin if the user is editing as an IP) then the proxy server is blocked for a year. If the behavior clearly matches, they are blocked, regardless of whether they use a proxy or not. Dennis Brown | 2¢ | WER 22:20, 25 May 2014 (UTC)

I have unblanked this page - the page is of interest, NOINDEXED and in an archive with a label saying "beware of the tiger". Another level of indirection does not help WP:DENY, it merely shows we are according the editor special attention. Moreover it is an invitation to fall into NPA traps. Describing an editor as "a minor banned, abusive user." is pretty silly on several levels. First it is engaging with the user. Secondly "minor" is calculated insult to the user, especially coming from an editor with less than 3% of the article edits. Thirdly calling them "abusive" is not helpful - we look to the archive for that information, not a blanking notice. Fourthly the status of the user (blocked, banned, in good standing) is dynamic, and documenting it in a blanking message smacks of personal involvement. All the best: Rich Farmbrough, 16:47, 16 May 2014 (UTC).

I have once again reverted a user blanking this page. I can see no consensus that archives should be blanked, except (rarely) as courtesy, and, as far as I know (and I have checked the current version of all archives,as of yesterday) we have never blanked per WP:DENY. The implications of such a new procedure are far reaching, and should we decide to go down that route, a full community discussion is probably required. Is there any support here for the concept of blanking, per DENY, or is the archiving (which, if I remember correctly, became universal at least partly for DENY reasons) sufficient. All the best: Rich Farmbrough, 10:54, 18 May 2014 (UTC).

You clearly require a review of WP:BRD, because you quite obviously misunderstand it. When your Bold edit has been Reverted by another editor, the next step, if you continue to think the edit is necessary, is for you to Discuss it on the article talk page, not to re-revert it, which is what you did, and which is the first step to edit warring. During the discussion, the article remains in the status quo ante, which is what I returned it to. Your additional revert is yet another step into edit warring. BRD puts the onus on you to start the discussion and to build a consensus for the version you prefer. Thanks, BMK (talk) 11:10, 18 May 2014 (UTC)

Hmm. The real Bold edit was here.[2] The Revert of that bold edit here was supposed to lead to the Discussion, but it was just Reverted again less than an hour later without any explanation or discussion. DENY is not in itself a good enough reason to claim that the edit should stand without any further discussion, or that the revert becomes the "B" because some time has passed before the revert. Edit warring does not help either. Doc talk 11:40, 18 May 2014 (UTC)

Yes, Rich's action was the Revert not the Bold. It shouldn't have been rereverted without discussion. Liz ^{Read! Talk!} 14:52, 18 May 2014 (UTC)

There is certainly a "temporal" gray area when it comes to BRD and a previous status quo consensus. There's additionally the IAR factor in this case regarding DENY. IMHO, the BRD cycle on any page begins with the bold edit that changes the previous status quo consensus. Now, if an editor who legitimately objects to such an edit (a very key point) does not catch this bold edit "in time", and reverts it later, it's still just a revert; and not the starting point of the BRD cycle. To revert the revert of the bold edit without discussion, as was done in this case, is not quite in the spirit of BRD or consensus-building. Doc talk 02:43, 19 May 2014 (UTC)

I can't think of any other time for a user like this that blanking is used so the full history should definitely be restored. In my opinion BMK is out of line to blank the page without discussion or at least checking with a clerk or CU first. Callanecc (talk • contribs • logs) 07:47, 19 May 2014 (UTC)

It's quite forgivable from BMK, a hapless non-admin like myself. And it's also very forgivable from AGK. But as a admin and checkuser, AGK could best explain how DENY should trump consensus on this one. Doc talk 10:31, 19 May 2014 (UTC)

I missed those edits from AGK, sorry BMK. This doesn't seem to be an appropriate use of rollback so an explanation would be even more necessary I think. Callanecc (talk • contribs • logs) 11:34, 19 May 2014 (UTC)

I checked that policy before rollbacking, and used it at the SPI in question under the provision for edits "by a misguided editor … provided that an explanation is supplied in an appropriate location, such as at the relevant talk page". Checking again, I see that that provision is reserved only for "widespread edits", which I confess is news to me. In any case, yes, an explanation is necessary: although I immediately commented at length on the talk page, I should have pointed to my comments in an edit summary before doing so. Sorry if my edit confused anyone. Thanks for your question and for pinging my talk page. AGK [•] 11:22, 20 May 2014 (UTC)

So, then, what do people propose to do now? There is a closed SPI page for Kumioko, but any attempt to archive it right now would just mess up the archive page. I'm inclined to support restoring the archive page's content, and if edit warring continues, protect the archive page indefinitely against edits by non-admins. Comments? — Richwales (no relation to Jimbo) 21:09, 22 May 2014 (UTC)

@Richwales: There seems to be consensus to restore the content. I doubt either of those who want it blanked would be foolish enough to re-blank it at this stage, and one of them is an admin anyway, so I see no point protecting it. All the best: Rich Farmbrough, 19:17, 26 May 2014 (UTC).

I propose to unblank the Kumioko archive page (restoring its pre-blanked content). The page is currently unprotected (the full protection expired a little over a day ago), and I propose to keep it unprotected (for the time being at least). Does anyone object to my doing this? — Richwales (no relation to Jimbo) 03:20, 27 May 2014 (UTC)

Just do it. Doc talk 05:23, 27 May 2014 (UTC)

 Done. AGK [•] 06:53, 27 May 2014 (UTC)

Hello everyone.

Due to the frequent backlogs that arise here, which are caused by people filing requests that do not include the required evidence, we will be enforcing the requirements for checks appropriately. This means that all requests for checkuser need:

1. At least one diff is from the sockmaster (or an account already blocked as a confirmed sockpuppet of the sockmaster), showing the behaviour characteristic of the sockmaster.
2. At least one diff per suspected sockpuppet, showing the suspected sockpuppet emulating the behaviour of the sockmaster given in the first diff.
3. In situations where it is not immediately obvious from the diffs what the characteristic behaviour is, a short explanation must be provided. Around one sentence is enough for this.

So that's at least as many diffs as accounts, and around one sentence of prose. That's all. If you cannot provide diffs for some reason (e.g. the relevant edits are deleted and you're not an admin), explain why so that we know. Any requests not meeting this format will be summarily declined until such time that this evidence is provided, even if a clerk has endorsed it, as clerk endorsements do not negate the need to provide evidence.

Thank you.

--(ʞɿɐʇ) ɐuɐʞsǝp 03:22, 20 May 2014 (UTC)

What does "requests or checkuser" mean? Does it mean that you'll be strictly enforcing the requirements for both checkuser requests and non-checkuser SPI reports, or was this a typo for "requests for checkuser"? —Psychonaut (talk) 21:11, 20 May 2014 (UTC)

It would be the latter.--Jezebel'sPonyo^{bons mots} 21:17, 20 May 2014 (UTC)

Sorry, that was a typo. I've fixed it. --(ʞɿɐʇ) ɐuɐʞsǝp 00:13, 21 May 2014 (UTC)

Notification of accused users

• As a note, I'd like to also see evidence, at least on initial SPI, that the users involved have been notified and provided with a link to the SPI. Risker (talk) 05:27, 21 May 2014 (UTC)

• Users should rarely, if ever, be notified of SPI investigations. Amplifies the drama and does nothing to help resolve the investigation.—Kww(talk) 05:42, 21 May 2014 (UTC)

I dunno. I've been doing a fair number of SPIs in the past several months, and there were several occasions where the basis for accusation was shaky at best. It's not to the project's benefit that "experienced" users can bring their opponents here to this little hidden location, and start brandishing "suspected sockpuppet" tags on some occasions; that's every bit as dramatic. It's really not that hard to come up with diffs that show two accounts are "editing the same" on any reasonably active article, sufficient to meet the minimal criteria as described by Deskana. Risker (talk) 06:08, 21 May 2014 (UTC)

I didn't oppose diffs, but I certainly oppose routine notification. An accusation with a shaky basis should fail whether the accused is notified or not.—Kww(talk) 06:22, 21 May 2014 (UTC)

Required notification? I'd certainly oppose that. Our guidance is "(Notification is courteous but isn’t mandatory, and in some cases it may be sub-optimal. Use your best judgement.)" - if it can be sub-optimal it shouldn't be required. I agree that we generally need diffs, although there will always be exceptional circumstances where that's not possible or even perhaps desirable. Dougweller (talk) 13:44, 21 May 2014 (UTC)

Risker's "initial SPI" qualification is key. It should take exceptional circumstances for notification not to occur for the initial SPI. --NeilN ^{talk to me} 14:14, 21 May 2014 (UTC)

Nope, not even then. —Kww(talk) 14:22, 21 May 2014 (UTC)

I don't think forced notification is a good idea at all. Typically, clerks or admin are able to quickly throw out the obviously bad faith stuff and delete the page. Having the person there just asks for more drama. Dennis Brown | 2¢ | WER 18:05, 21 May 2014 (UTC)

Hm... I agree that it would be cool if a bad faith nom was rejected without the victim having to even know about it. But on the other hand having a consensus form before the victim can respond can lead to bad things happening. The IP that appeared to sign his posts with the user name of a suspected sock just a few days ago is a case in point. If I hadn't happened across it it might have been a behavioural shoe-in. The IP should certainly have had the chance to explain.

We require notification in most places where an actionable complaint can be made, why not here? All the best: Rich Farmbrough, 18:46, 21 May 2014 (UTC).

When this topic was raised at AN, my response was: "Mandatory notification of SPI listings is akin to waving a red cape in front of a bull. The disruption a group of socks can generate in an investigation is a time-suck for clerks and CUs and only serves to provide the attention some of the sock masters crave. Will some socks show up at an SPI regardless of notification? Yes. Should we invite them there? No. Editors opening cases are given the latitude to use their best judgement to decide whether informing the potential socks of an open case is prudent. Making it mandatory only serves to add more bureaucracy to an already complicated process with minimal benefit and possible detriment. Would editors requesting CU assistance via IRC or email also be required to provide a mandatory notice to the suspected sock/master? The modus operandi of sockpuppeting is subterfuge, yet you are endorsing shining as much light as possible on those trying to limit the disruption quickly and quietly. If it's not apparent, I would oppose any mandatory notification." My opinion on the matter hasn't changed.--Jezebel'sPonyo^{bons mots} 18:52, 21 May 2014 (UTC)

Rich Farmbrough, accidental logout edits are pretty easy to spot and any admin would close the case quickly. That isn't socking. If user Bob1 is edit warring and gets blocked, then a new user Bob2 shows up and picks up where Bob1 left off, then an explanation isn't really required or even helpful, and only serves to slow down or add drama to the process. Most socking abuse is so obviously damaging that no explanation is needed. Other cases, a clerk will notify the user and ask for an explanation, maybe it was an ugly freshstart, etc. When I clerked, I notified the accused from time to time, other clerks do as well. You have to rely on admin and clerks using good judgement. Same for editors when they make the report. In the end, it is easier to figure out that someone is innocent if there isn't 10 pages of back and forth bickering and drama on the page, and the environment is calm. What you don't want is for SPI to look like ANI, but with CUs. Dennis Brown | 2¢ | WER 21:07, 21 May 2014 (UTC)

• The case in question wasn't editing logged out, it was actually a cut and paste, that was misinterpreted. Wikipedia:Sockpuppet_investigations/Eracekat/Archive Both the reporting editor and the clerk who endorsed are respected, intelligent and experienced. Of course my intervention made little effective difference, just saved an out of process check-user from being done, but it does show that there exist good faith, superficially convincing cases which the "accused" could quash with a word.
• Your arguments about drama etc. are well founded. They apply equally well to AN/I though.
• I am against making anything compulsory - but traditionally the community has always opted for notification on this type of board. We do have Echo now which renders the "bureaucracy" argument moot.

All the best: Rich Farmbrough, 21:56, 21 May 2014 (UTC).

I don't think Echo is triggered by opening an SPI. AGK [•] 14:45, 22 May 2014 (UTC)

I was surprised to see the IP added. I didn't want to remove it but should have commented. Rich Farmbrough, I appreciate your comments there and your kind words about me above. But I agree strongly with Dennis's post above. Dougweller (talk) 16:07, 22 May 2014 (UTC)

If the {{Checkuser}} template is used it does the trick the way we have default echo set up for new accounts (see picture). All the best: Rich Farmbrough, 18:20, 22 May 2014 (UTC).

Echo notifications aren't triggered due to the signature requirement and how the Echo parser works. Legoktm (talk) 09:13, 27 May 2014 (UTC)

Can you explain that in more detail? This edit successfully alerted me, and most SPI's are signed. All the best: Rich Farmbrough, 12:05, 27 May 2014 (UTC).

It depends on how you sign it. The default SPI template should not trigger notifications last I checked. Legoktm (talk) 19:16, 27 May 2014 (UTC)

Every time an SPI is filed it empowers the sockmasters by teaching them what sock hunters look for. Indopug recently opened an SPI that included no evidence, so AGK closed it summarily. Indopug was; however, correct that the user was a likely sock, and in fact anyone familiar with this SM knows what to look for even if others, like AGK, do not.

Maybe Wikipedia should consider a new approach. What if we designated a class of admins as "sock hunters". Editors could e-mail the SH with evidence, and when the SH feels that a case is strong enough they request a CU. This would eliminate the SPI "training course" that does little more than teack them how to not get caught. SPI also seems to violate the principle of WP:DENY, since the attention that they gain through SPI might even encourage their behaviours. Any thoughts? GabeMc ^{(talk|contribs)} 19:38, 25 May 2014 (UTC)

• Sounds like a great way to create superadmin with no oversight that can block anyone without proving anything ;) But seriously, most of the real connection methods are kept secret, the investigation shows only the most obvious stuff. Clerks and admins discuss cases offwiki and don't disclose their more fancy methods here, only enough to establish a link. WP:ADMINACCT kind of requires that enough info is provided to show they are linked. Accountability is more important than any single sock. As for CUs, they quietly make blocks all the time, but they have oversight from Arb and are held to a pretty strict standard for using the CU tool. Because they can connect names and IPs with the tools, WP:OUTING demands they do some things quietly. I think the main problem is a shortage of people patrolling rather than methods. Of course, that is just my singular take. Others may feel differently.Dennis Brown | 2¢ | WER 20:52, 25 May 2014 (UTC)

Well, admins already block without reason or explanation and without concern for recourse, of which there is none, and this is beyond one person and one sock. MrWallace05 has been disrupting the project under various forms for more than two years. But, there is always someone to say that everything here is good and fine and nothing needs improvement. Here's to protecting the disruptive vandals and making good-faith editors "deal with it". GabeMc ^{(talk|contribs)} 21:14, 25 May 2014 (UTC)

Of course there is recourse and accountability, as imperfect as it is via WP:AN and WP:ADMINACCT. And your characterization of my reply is inaccurate. Dennis Brown | 2¢ | WER 22:22, 25 May 2014 (UTC)

I didn't mean to misrepresent you, Dennis, but you seem to have taken up the role of "Defender of the Status Quo". Dennis, can you link me to the most recent example/s where an admin was held accountable – at AN – for a bad block? GabeMc ^{(talk|contribs)} 22:26, 25 May 2014 (UTC)

Yes, Dangerous Panda about two weeks ago, the editor was unblocked. Other issues regarding admin acct. have been debated around here over the last week. These happen regularly. You are the only person that has ever called me a "defender of the status quo", it's kind of funny actually, but I don't want to labor the details. I want more change than you can imagine, but having admin operate in even more secrecy isn't the best option. Having more CUs and more admin working SPI would mean faster reaction time, and that discourages socking. Dennis Brown | 2¢ | WER 22:44, 25 May 2014 (UTC)

Granting an unblock is not at all the same as holding the admin accountable. You bailed on the admin reform right as it was taking shape; what "reforms" have you worked on since then? This isn't about you, but it must have been nice to work on Wikipedia before so many entrenched attitudes made change virtually impossible. AGK could have trusted Indopug and looked into it - they didn't even request a CU, but essentially at SPI the filer is treated with disdain and mocked for being embarrassingly wrong until they are proven not wrong, when I'll bet 80% or more of the accounts that are brought here are in fact socks. FTR, I've identified at least 20 socks that were eventually proven, but nobody believed me until other people proved it. I've never had one successful SPI, but I've only been wrong a couple of times. I knew MrWallace05 was a sock/sockmaster after their 5th day editing, but nobody believed me and SPI is too discouraging to bother with most of the time. GabeMc ^{(talk|contribs)} 23:00, 25 May 2014 (UTC)

I didn't "bail", the community didn't approve of the policy and after months of no interest to implement it, I marked it as historical. Actually, I've had dozens of conversations offwiki on that very subject, and dozens onwiki as well, so it wouldn't be accurate to say I've given up on it. As for AGK "trusting" someone and running a CU....policy doesn't allow that, it is flatly forbidden to run a CU without a threshold being met, and it is up to YOU to provide the links to meet that threshold. As for rude, I didn't see a link but that isn't really the point here. While I don't work as a clerk anymore, I did for over a year and have way over 1000 sock blocks, so I'm moderately familiar with the process. I have had several CUs refuse my for checkuser until I provided better info, via two links. I also understand the restrictions they have to operate under, which are there for a reason, although I would love to see CU have just a bit more flexibility to check users. Right now they don't and they must follow existing policy. If you KNOW the sockmaster, of course you are more likely to see the sock before an admin or CU, but it is up to you to provide evidence. We can NOT just block because we "trust you", it will never happen, and any admin that did that regularly would be bit stripped. Honestly, if you want changes, complaining here won't get you anywhere. You need to change the policies that regulate what happens at SPI. CUs, clerks and admin simply follow them. And again, the biggest problem is a lack of manpower. Dennis Brown | 2¢ | WER 23:12, 25 May 2014 (UTC)

Seemed like there was plenty of interest, but you wouldn't budge from requiring three admins to certify the complaint, and that's what killed the policy, naturally. I never said AGK should have jumped to a CU or a block; Indopug didn't even request one, but is CU really the only tool at AGK's disposal? How did I know that Mrwallace was a sockmaster after 5 days if my instincts are bad? There is a level of familiarity that ones gets when they regularly interact with a personality for more than two years, but that's not evidence, which is time consuming to gather and present, especially when its usually unimpressive to clerks. At any rate, Indopug disclosed how he knew this was a MW sock, so he was CUed and there is something rotten in Denmark, confirming that Indopug's instincts are good enough to be trusted. Also, SPI is a stage for these clowns; you seem to forget that they might enjoy this attention. GabeMc ^{(talk|contribs)} 23:29, 25 May 2014 (UTC)

This isn't the right place to debate it, but that isn't accurate. The current version doesn't reflect that as well. I'm also not the only person who wrote that policy, so there is more than meets the eye. Dennis Brown | 2¢ | WER 15:02, 26 May 2014 (UTC)

GabeMc, if an editor finds a suspected sockpuppet, but doesn't want to divulge too much information, they are always welcome to email an individual SPI clerk or active CheckUser. ​—DoRD (talk)​ 16:08, 26 May 2014 (UTC)

Right you are; I agree. I guess my point here is that maybe all such communications should be private and the drama board of SPI closed to the general public. I can see several good reasons why this is not feasible, but after 4 years watching SPI I think it little more than a stage for attention and a training ground on how to not get caught. GabeMc ^{(talk|contribs)} 16:11, 26 May 2014 (UTC)

WP:BEANS is certainly a valid point. But I don't like private accusations with no right to reply. I don't see SPI as a drama board. It would be interesting to compile some statistics on how many contributors there are to the average SPI, in the "other editors" section. All the best: Rich Farmbrough, 21:00, 26 May 2014 (UTC).

In terms of Wikipedia:Deny recognition, SPI is a disaster. GabeMc ^{(talk|contribs)} 21:07, 26 May 2014 (UTC)

Just to chime in as an inactive clerk. There may be a centralized mailing list for CUs to discuss but clerks don't (or at least I'm aware of). OhanaUnited^{Talk page} 22:36, 26 May 2014 (UTC)

Another idea that would help combat socks editing via proxy is to ask the Wikimedia foundation to purchase subscriptions to corporate proxy services for use by CUers and anti-vandalism editors. These editors could then log-in to the proxy servers and determine exactly which IPs they make available and then block those IPs. Any thoughts GabeMc ^{(talk|contribs)} 16:29, 26 May 2014 (UTC)

Paid proxy services account for a small fraction of the abuse we see. User:ProcseeBot blocks some open proxies, but there are many more out there that we don't see until abuse occurs. ​—DoRD (talk)​ 16:44, 26 May 2014 (UTC)

I'm not sure that's accurate, DoRD. Have you ever tried getting on Wikipedia with a free proxy versus a paid one? There are very few workable free proxies and numerous paid ones that work. GabeMc ^{(talk|contribs)} 16:46, 26 May 2014 (UTC)

If the paid proxy isn't open, then there isn't a problem. We don't prohibit closed proxies, they are perfectly legitimate. Also note that running nmap to test open servers is legal grey area in the US. Some jurisdictions will flatly call it "cyber attack", so the Foundation won't endorse it and all CUs/Clerks/Admin do so at their own risk. Dennis Brown | 2¢ | WER 16:51, 26 May 2014 (UTC)

Wow, I'm so surprised to hear you say that there is absolutely nothing to be done with open proxies; what a surprise! Are you seriously saying that if an admin went to hidemyass.com and blocked some of the 78,000 available IPs the company would see that as a cyber-attack and sue the Wikifoundation? Are you serious? GabeMc ^{(talk|contribs)} 16:58, 26 May 2014 (UTC)

That's not at all what he's saying. Nmap is a tool to scan IP addresses, and as Dennis said, its use can be seen as a cyber attack. ​—DoRD (talk)​ 17:02, 26 May 2014 (UTC)

Okay, but what does nmap have to do with buying subscriptions to open proxy services? I never mentioned nmap, all I said was get a subscription to these services and block the IP addys they make available. GabeMc ^{(talk|contribs)} 17:08, 26 May 2014 (UTC)

Again, paid proxy services are not the problem, and paid proxies are not the same as open proxies. ​—DoRD (talk)​ 17:10, 26 May 2014 (UTC)

Is it at all possible that you are at least slightly wrong about that? Have you ever tried socking on free proxies? Aren't some paid proxies also open? Define open. GabeMc ^{(talk|contribs)} 17:12, 26 May 2014 (UTC)

Paid proxies are by definition closed. There is no such thing as a paid open proxy. Open means anyone can use, without registering, just point your browser to that port and use. Closed proxies (paid or free) require registration and signing in. They are perfectly legal here. As for "open" proxies, I have written some scripts specifically to identify them, and run that on remote servers, to isolate my location, so I'm familiar with how to catch them. Trying to test massive numbers of IPs would be considered an attack by that ISP, however, as you would be hammering 100s of thousands of ports on their networks. You don't really test for one until there is abuse. Dennis Brown | 2¢ | WER 17:20, 26 May 2014 (UTC)

(ec) Really? I run several hundred checks every month, so I do think I am more familiar with the sources of abuse than you apparently think I am. Also, please see Open proxy. ​—DoRD (talk)​ 17:22, 26 May 2014 (UTC)

Well, I meant no disrespect, DoRD, but I think paid proxies are more common on Wikipedia than you do, but as Dennis points out, there is nothing against operating dozens of paid proxy accounts, so once again we are back to "everything is fine the way it is, and no improvements are needed", otherwise known as stock admin response #142. GabeMc ^{(talk|contribs)} 17:36, 26 May 2014 (UTC)

@GabeMc: Im a non-admin, and would have to agree with DoRD and others. Most sockmasters are not willing to pay for access to an IP that will be blocked rather quickly. As for proxies, paying for the needed information wont get you much, at best you will get a couple percentage points of the total proxies and be out a large amount of money. Given any halfway competent CU, which I happen to be on a different wiki, spotting these are easy and quickly handled if there is any evidence to go on. Second mass CU would probably violate our privacy policy. If you really wanted to end socking the method would be to use two factor authentication tied to a phone number. Anything short of that isnt going to be 100% effective. And given the standard Cost/benefit analysis your suggestions are not a good idea. Werieth (talk) 17:46, 26 May 2014 (UTC)

Actually, it is discussed regularly, including from CU to other CUs (you and I don't see those discussions) and between CUs and clerk, offwiki (at least it was when I was a clerk). This falls under the WP:DENY you mentioned earlier. Just because you don't see the discussions, don't think it isn't being debated and discussed constantly. Some people live in countries where they must use a proxy or they can't edit at all, at risk of breaking the law. Keep that in mind. Even my office uses a closed proxy that I edit from daily. If a paid proxy poses problems, it IS blocked, btw. Dennis Brown | 2¢ | WER 17:39, 26 May 2014 (UTC)

In reality, editing from a paid proxy service is no more abuse than editing from a residential ISP is. We do see some abuse from paid proxy services and web hosting providers, but the overwhelming majority of socks are seen on residential ISPs and mobile broadband providers. ​—DoRD (talk)​ 17:46, 26 May 2014 (UTC)

Why is it against policy to edit from a free proxy, but not a paid one? What's the substantive difference regarding our guidelines? GabeMc ^{(talk|contribs)} 17:49, 26 May 2014 (UTC)

Please read open proxy and WP:NOP. Free is not the same as open. ​—DoRD (talk)​ 17:52, 26 May 2014 (UTC)

I did read them, but I still don't see what the substantive difference is. If its okay to edit Wikipedia with a proxy, then why is it not okay if the proxy is free? GabeMc ^{(talk|contribs)} 17:54, 26 May 2014 (UTC)

The price is meaningless, what really matters is "open" or "closed". Open and closed are technical means of access and availability, price isn't. Dennis Brown | 2¢ | WER 17:58, 26 May 2014 (UTC)

Okay, so free = open, but paid does not = closed, right? But if paid is always okay, then when is paid also open, which is never okay? GabeMc ^{(talk|contribs)} 18:04, 26 May 2014 (UTC)

"Closed = registered persons can use it after signing in (pay or free like in an office)" and "Open = anyone on the internet can instantly use it, always free". Again, forget money, the key is "open" and "closed". You won't find "Paid but open" because you can't enforce pay if you are open. Dennis Brown | 2¢ | WER 18:18, 26 May 2014 (UTC)

Interesting discussion. I think what Gabe is getting at is (and he can correct me if I'm wrong): what inherently makes open proxies more liable to abuse than closed proxies, such that we forbid the one and allow the other? I don't know the answer to that question, but I'm sure someone does. Evan ^{(talk|contribs)} 18:45, 26 May 2014 (UTC)

Right you are, Evan. What is inherently disruptive about open proxies? I could vandalise from an open proxy or a closed one, so why are open ones considered blockable, but closed ones not – at least not until they are abused? I love the privacy dance though; its amusing how we bend over backwards to "protect" privacy but allow IPs to edit as a guiding principle of the project. GabeMc ^{(talk|contribs)} 19:24, 26 May 2014 (UTC)

The issue with open proxies is their ease of abuse. Open proxies by pure definition are not bad, however since there is no barrier to use (IE register or pay for) the amount of anonymous abuse is far higher. The NOP practice only became an issue with the level of abuse coming from it. Its similar to the TOR case, Once the level of abuse reaches above a level it becomes problematic, and needs addressed. That ratio of use to abuse on closed proxies is far far less. If the level of abuse from those becomes an issue then it will be addressed. Reminds me of how we use protection on our articles, we dont mass protect them to avoid issues, we apply it on an as needed basis when the issue comes up. If a user chooses to edit as an IP they know what privacy they have and what they are giving up. As a registered user I expect that my IP information isnt exposed and access to it is on a very limited need based system. A CU cannot just randomly CU me and get my IP address, doing that may reveal information about myself that I have made a point as a user not to expose. As for IP editors, quite a few of our articles and a good chunk of the content is written by them. Werieth (talk) 21:05, 26 May 2014 (UTC)

Another is a question of accountability. If someone is running a for-pay proxy and we report abuse, they can kick that user off their network for violating the TOS. With an open proxy, there is no accountability. Edits are hit and run. That is one reason you see more abuse from them. Dennis Brown | 2¢ | WER 14:31, 27 May 2014 (UTC)

And a question I have: where do Tor nodes fit into this picture? They don't require registration, but they do require a software download and install. How does the distinction between "open" and "closed" make a practical difference? I'm not saying it doesn't; just asking how. Evan ^{(talk|contribs)} 18:47, 26 May 2014 (UTC)