Wikipedia talk:Harassment/Archive 11

Archive 5

←

Archive 9

Archive 10

Archive 11

Archive 12

Archive 13

→

Archive 15

Need for a better mechanism for private reporting

I take note of this existing language in the outing policy: Nothing in this policy prohibits the emailing of personal information about editors to individual administrators, functionaries, or arbitrators, or to the Wikimedia Foundation, when doing so is necessary to report violations of confidentiality-sensitive policies (such as conflict-of-interest or paid editing, harassment, or violations of the child-protection policy). Only the minimum information necessary should be conveyed and the minimum number of people contacted.

To some extent, I think that the outpouring of opposition to outing in the course of COI investigations, that has emerged in the last 24 hours or so, is a little too emotional and self-righteous. After all, COI editing and undisclosed paid editing are serious matters, and there can be a reasonable case for the language that I just quoted. It's a good alternative to posting the private information on-site.

Aside from the WMF, however, it is not particularly clear whom to email within the English Wikipedia. And I think the perception that emailing is kludgy contributes to the belief by some editors who care about COI, that they should just post on-site. It would be good to have a designated address to email such private information in the case of COI or undisclosed paid editing. Then, we could have a strict and unambiguous policy against outing while still having effective enforcement of COI and paid editing restrictions. A trusted functionary, for example, could confirm or deny that there is private information that supports an investigation, without disclosing the private information

I think emailing ArbCom is a bad idea, because they get too much email as it is. One possibility would be to designate the email for Oversighters for this purpose. Another would be to create a designated OTRS channel. Ideas? --Tryptofish (talk) 00:46, 1 July 2016 (UTC)

User:Tryptofish I agree this is a good idea. However, the WMF is not willing / able to take on this role and we have not found any group of functionaries interested in doing it either. I tried to have created a group of functionaries to take on this work but did not succeed previously. Maybe this will change. Doc James (talk · contribs · email) 06:25, 1 July 2016 (UTC)

You are very right about that. Some of that depends, I think, upon the specific problem at hand. We really have nothing right now for COI or undisclosed paid editing, and that's what the current brouhaha is focused on. But I think that for other kinds of harassment, ArbCom is willing to be contacted, and for severe threats, the WMF does have a response team. I also think the WMF is prepared to handle child protection issues. Please correct me if I am wrong about any of that. But it really seems to me that we need something for COI if we are going to eliminate on-site posting of information. --Tryptofish (talk) 19:22, 1 July 2016 (UTC)

If you are harassed or see someone else being harassed, you can contact arbcom. If the matter is severe (e.g. threats of harm, potential suicide, etc) or otherwise an emergency you should also contact the WMF using emergencywikimedia.org (see also Wikipedia:Responding to threats of harm. If you see any child protection issues (including child pornography) you should email legal-reports wikimedia.org - see Wikipedia:Child protection. Last year's arbcom (of which I was a member) were of the opinion that investigating conflicts of interest was outside its scope and was best dealt with by the WMF. This year's arbcom (of which I am not a member) have informed the functionaries that the matter is currently being discussed on the arbcom mailing list - I expect the outcome will be posted on this page when agreement is reached one way or the other. Thryduulf (talk) 20:50, 1 July 2016 (UTC)

Thanks, Thryduulf, that's very helpful information. So clearly, the need for now is to have a local mechanism for COI and undisclosed paid editing. We should not wait on the WMF for that. --Tryptofish (talk) 21:28, 1 July 2016 (UTC)

We have them, WP:NPOV WP:UNDUE WP:VERIFY WP:PROMO etc. When people violate them and do not change their behavior after notice, they are blocked. The contributions reverted, articles deleted. If they sock, that is covered under policy as well. There is nothing being discussed that is unique, we've been doing this for fifteen years now. Keegan (talk) 22:46, 1 July 2016 (UTC)

Oh, come on! The "mechanism" I am talking about is an email address to which private information can be sent, instead of posting it on-site. --Tryptofish (talk) 00:25, 2 July 2016 (UTC)

Emailing Arbcom is a bad idea because the last time someone emailed them with a COI issue, they banned them. Only in death does duty end (talk) 09:50, 1 July 2016 (UTC)

Well User:Only in death there's a pretty strong implication in your statement that that ArbCom banned a persons because they reported a COI issue. Wonder if there were were extenuating circumstances. Are you saying that the ArbCom has a general policy "If you report COI to us we will ban you"? Because that's a pretty strong statement, and if it's mendacious (as I suspect) you should not make such statements. And if that's not what you're trying to say, I'm not sure what the purpose of your statement is, except to spread poison and despair without warrant.

That being said, I agree that ArbCom is probably too busy to take on most COI. I'd be willing to help out if asked. Herostratus (talk) 14:06, 1 July 2016 (UTC)

• Herostratus, if Only in death is thinking of what I'm thinking they're thinking of, they are utterly wrong in their implication (which you mark correctly, I think)--I assume their "the last time" is "the last time that I think I know something about". At any rate, this is just a ruse, promoted at least twice on this page alone. Time to find a new tune. Drmies (talk) 23:51, 4 July 2016 (UTC)

I agree that part of why we're in this predicament today is because we (both collectively and in terms of Arbcom or some other body taking responsibility for this) have failed to present the community with viable and reliable options other than "*shrug* Iunno, y'all are on your own for this one". I think either Arbcom or the Oversight team would be a proper private venue to direct these issues, and I encourage both groups to consider coordinating, and then presenting to the community, a way for them to do so. The only thing preventing community from sending these cases to, say, oversight-en-wp-at-wikipedia.org for handling is that people currently have no way of knowing whether the team at the other end of that address is going to handle the case or stick it in the "not our job" trashcan. Speaking as one person on the OS team, I see no reason to not handle these with the OS team, especially as it will reduce our firefighting workload by heading off cases where the info would otherwise be posted on-wiki; colleagues, what say you? A fluffernutter is a sandwich! (talk) 15:05, 1 July 2016 (UTC)

I think that's a good idea and a good point. These things should be handled privately, but they should not fail to be handled altogether. Commercial advocacy and shills are a serious problem, they suck up a massively inordinate amount of community time and resources, and we need to tell them in no uncertain terms to follow our policies (without needing to be constantly reminded and prompted) or to leave. Seraphimblade ^{Talk to me} 16:19, 1 July 2016 (UTC)

I would be happy to see functionaries join in the efforts. The degree of problems however is such that they are not going to be able to manage it alone. Doc James (talk · contribs · email) 16:58, 1 July 2016 (UTC)

Fluffernutter and Seraphimblade, yes, what you are saying is exactly what I am trying to get at. Maybe the Oversight list, or maybe the Functionaries list, or something like those. It's really for the people on those lists to say. But you are right that handling it that way can head off larger problems following blocks, like the block that exists right now. And there is another aspect that I think is very important. If it gets handled privately, then we are much less likely to have Streisand effects, which become very large effects when discussions like this break out. After all, the real consideration that matters most is protecting the private information of the potentially outed person. --Tryptofish (talk) 19:29, 1 July 2016 (UTC)

Ones public linkedin profile is not private information. Doc James (talk · contribs · email) 20:49, 1 July 2016 (UTC)

Unless a user has linked to that profile on Wikipedia then that information must be treated as private (it is equivalent to personal information of notable people which they have not made public). Simply sharing a username, no matter how unusual that username is, does not constitute a link (for example, my username is among the more unusual I've seen yet not every account on every website with this name is anything to do with me). If you post private information about a user then you are outing them - it is never acceptable to out or attempt to out someone. It is particularly bad when you make an incorrect link as you are harming two (or more) people without even potential justificiation. Thryduulf (talk) 20:57, 1 July 2016 (UTC)

The extreme view by many appears to be that linking to any information off of WP is disallowed. That would mean that those taking this position would need to remove the pillar WP:V and would make writing a verifiable encyclopedia impossible. Doc James (talk · contribs · email) 06:22, 2 July 2016 (UTC)

Doc James, no matter how many times you repeat it, it's not going to become true that "linking to LinkedIn is OUTING" is "the extreme view", and your claim that "linking to any information is disallowed"--that's crazytalk. Linking to a book is obviously not the same as linking to...why am I even saying this? Drmies (talk) 23:55, 4 July 2016 (UTC)

Is linking to Elance jobs outing? The question has been asked and most of the functionaries have declined to engage with it.Doc James (talk · contribs · email) 05:45, 5 July 2016 (UTC)

There are a couple of issues with this though (putting aside my objection of Wikipedians investigating other Wikipedians real lives).

1. This group that would be setup and making decisions on whether to block someone because of conflict of interest would get super litigous, real fast, whether it has basis or not right now. ArbCom has recently had it's fair share of possible legal cases, so I'm not even inclined to put myself into even more risk. The disruption of one litigation issue is going to be substaintail. I don't want to know what more would be like.
2. The resources. Neither ArbCom nor the functionaries list (especially looking at the discussion and the number of opposes) will have enough manpower. I'm assuming there are many cases that would come up in an average week espeically if the whole of Wikipedia is reporting on them. So it's going to get backlogged, and then there will be complains about backlogs and wanting to onboard new members.
3. That wanting to onboard leads to more issues now as we'd need community members to be handling extremely private information sensitively. So now we either gotta build another RfA or ArbCom has to appoint them. Anything less...I'd be scared of what people could get on and see private information about so many wikipedians, and then the risk of it leaking just like functionaries and arbcom goes astronomical.
4. What about cases that are declined to be acted on? Will that person who filed the report simply disengage or will they still have the same drive now to post that information onwiki because morally they believe people should not get away with COI editing?

This is a solution with a lot of bullets through it already, and it hasn't even started. -- Amanda (aka DQ) 02:38, 2 July 2016 (UTC)

Certainly Kohs has already threatened to sue me for the work I have done on COI. There are also legal risks when dealing with content though. I ended up with a bunch of legal issues for supporting the inclusion of the images of the 10 Rorschach ink blots and had to get a lawyer for 8 months to defend my case. One of those who launched an attack was a fellow Wikipedian. Doc James (talk · contribs · email) 13:36, 2 July 2016 (UTC)

@DeltaQuad: those are good questions, and they lead me to clarify what it is, and what it is not, what I am trying to propose. (Intervening discussion has obscured that.) I'm not in favor of setting up some kind of new star chamber. Definitely not. Rather, I'm seeing this as a mechanism for confirmation, so that linked material does not have to be posted in public, on-site. Think of it this way. Let's say there is an issue concerning COI or undisclosed paid editing, with someone who is uncooperative. An editor discovers off-site information that should not be posted on-site, but which clearly establishes the nature of the problem. That editor emails the information privately to a designated email address. Maybe it's the oversighters list, or maybe another, we have to decide. It won't be ArbCom. Someone reads it there, and then posts one of two things on the discussion at COIN or ANI: "confirmed" or "not confirmed". It would look very much like what checkusers post about socks. No one else sees the private information, and the private body does not necessarily do more than that. There is then a determination on-Wiki about what sanctions if any are needed, as normally takes place. But instead of posting private information, it is AGF'ed that the information has been confirmed (just as checkusers are trusted in sock investigations). Surely, that's better than current practice. --Tryptofish (talk) 19:30, 2 July 2016 (UTC)

I like that idea. Email the info to a new OTRS queue say OTRS-COI which will return a ticket number to the reporter. The publicly viewable portion of the ticket has a sanitized description of what is being claimed like "Joe editor is a UPE" or "Joe editor has a COI with respect to XXX" and a status open, confirmed, not confirmed. Simple. Also, I do not see why we need to even get the functionaries involved, all OTRS members have signed the same confidential/personal information agreement as the Functionaries. They would just need to be authorized to report the status of UPE/COI tickets. Uninvolved admins could then deal with the situation based on their judgement and whether the off-wiki claims are true or not without needing to know the substance/details that backs them up. Jbh^Talk 23:42, 4 July 2016 (UTC)

@Jbhunley: I support the use of OTRS for this (of course, there are other alternatives). This would not result in outing. Perhaps I have a minor quibble. "100% proven" is impossible - especially using internet data, but some folks might interpret "confirmed" in that way. Maybe the report back should say Open, Valid concern, or No apparent reason for concern. In any case, I support the concept of OTRS doing this and the form of the report could be further discussed. Smallbones_(smalltalk) 15:30, 5 July 2016 (UTC)

I think that either the Oversighters list or a new OTRS-COI would work equally well, and I really do think that this is needed very badly. @Fluffernutter: and @Seraphimblade: what are your thoughts about which of those two would be better? --Tryptofish (talk) 21:47, 5 July 2016 (UTC)

I can see pros and cons to both. In the case of oversighters, the primary plus is that the oversighters would be able to review any deleted or oversighted information, but the main drawback is that there aren't too many. Nor would all be interested in handling this type of thing, that's not really what they signed up to do. With an OTRS-COI, there would possibly be more hands (and everyone who signs up presumably wants to do it), but we'd have to be very careful to vet its members for suitability in handling sensitive personal information. Seraphimblade ^{Talk to me} 21:52, 5 July 2016 (UTC)

Thanks. I think that analysis is exactly right. It would be interesting to find out the actual level of interest/disinterest among the Oversighters. And would it be possible to choose the OTRS-COI personnel somewhat like the way Oversighters and Checkusers are chosen: some discussion by the community, followed by appointment by ArbCom and disclosure to WMF? --Tryptofish (talk) 22:13, 5 July 2016 (UTC)

If I were setting up the process I would say set up an OTRS-COI queue and as part of the process-flow set up criteria to open up OVERSIGHT tickets (maybe create a ticket and then "transfer" it to the Oversight queue) although with the new process there should not really be anything on-wiki to oversight. As to vetting, if I remember correctly, I had to provide my real name either when I was signing the two access to confidential information agreements but did not have to go through the whole "prove to WMF I am me" process. I think that in the case of the COI queue it would be a good idea to require proof of identity to the WMF. Jbh^Talk 22:35, 5 July 2016 (UTC)

As I mentioned in my comments below, I have in the past been opposed to ArbCom taking on the paid editing issue, but I see either us or the larger oversight team doing so as a considerably better option than trying to handle these issues onwiki. My personal preference would be for these issues to go to the oversight team, with ArbCom as my second choice. I would generally oppose the dedicated OTRS queue unless it was restricted to the same folks who have access to the oversight queues. Otherwise we will find ourselves with a group of folks with the same trust level as the oversighters, but without the technical ability to actually perform suppressions. GorillaWarfare (talk) 03:34, 7 July 2016 (UTC)

Still have to disagree with this. I don't see that the oversighters as a group have any more resources, investigative capacity, or legal support than arbcom does; it's just more people. IMO if the WMF wants to be serious about rooting out undisclosed paid editing, then they need to invest paid staff time to do the investigations and they need to assume the resulting risks. If they don't have the resources or don't choose to invest their resources in this particular venture, then the ToU will just have to make do with what can reasonably be done on a volunteer basis. "Reasonably" necessarily means "without intrusive opposition research or outing". A great deal of the problem could be solved without any reference to anyone's identity just by raising notability requirements for the most common categories of paid (and COI, and just plain bad) editing, like people, products, and organizations. Opabinia regalis (talk) 04:39, 7 July 2016 (UTC)

Per GorillaWarfare, if ArbCom feels comfortable taking this on, I am OK with that. Although per Opabinia, I'm not exactly hearing unanimous consent from the Arbs. Perhaps one option would be the Functionaries email address, rather than either ArbCom or the Oversighters. It may come down to whatever group of people will agree to do the work. About OTRS, perhaps GW's concern could be addressed by appointing members of the queue the same way that Oversighters are appointed, as I described above. In effect, that could be a subset of Oversighters and Arbs who have decided to volunteer to do it.

But I want to disagree as strongly as possible with Opabinia's demand that the WMF take it on. In principle, of course, I agree with you. But in practice, don't hold your breath. We have a clear and present problem here at Wikipedia. If you disagree with me about that, please make a coherent proposal about what to do when a good faith editor believes that they see a pattern of COI editing, but the COI editor demands evidence and says it's just a personal attack. We cannot pass up a good solution simply because the WMF keeps passing the buck. --Tryptofish (talk) 14:42, 7 July 2016 (UTC)

OK, here, how about this? Either a new mailing list or a new OTRS queue (would effectively be the same things), made up of those Arbs and Oversighters (and anyone else with Oversight permissions) who choose to be members of it? Obviously, it needs to have enough members, but it will pretty much never be dealing with urgent matters (not needing to oversight edits, for example, just responding to requests to review private evidence), so rapid response will not be critical. And the responsibility would pretty much be to post "confirmed" or "not confirmed" in COI discussions, not unlike Checkusers at SPI. Thus, never a need to post private information on-site. Just post that the editor has a COI in a topic area and evidence has been submitted privately, followed by a "confirmed". --Tryptofish (talk) 15:13, 7 July 2016 (UTC)

Thinking about it further, it occurs to me that Checkusers could also participate in this if they want to, because they are also trusted with private information.

I believe that this idea has gotten enough traction that I will probably start a formal proposal in the near future. In the mean time, and further comments would of course be helpful. I would be particularly interested in hearing from any Functionaries and Arbs who are watching the discussion. --Tryptofish (talk) 19:06, 10 July 2016 (UTC)

• I've started a preliminary draft about these ideas at User:Tryptofish/Drafts/COI List Draft. Feedback about it is welcome at User talk:Tryptofish/Drafts/COI List Draft. Thanks. --Tryptofish (talk) 18:49, 3 August 2016 (UTC)

Proposal

There is now a formal proposal at Wikipedia:Village pump (proposals)#Proposal for a confidential COI mailing list. --Tryptofish (talk) 21:37, 16 August 2016 (UTC)

I've just closed that discussion as being against the proposal. Please see my opinion about the consensus: [1]. --Tryptofish (talk) 00:36, 12 September 2016 (UTC)