Commons:Oversighters/Requests/Revent

From Wikimedia Commons, the free media repository
Jump to navigation Jump to search
 Bureaucrat note: 25 support, 3 oppose, 1 invalid, successful (86%). --Krd 10:20, 4 December 2016 (UTC)[reply]

Revent

Vote

Note: Scheduled to end no earlier than 04:26, 4 December 2016 (UTC)

Links for Revent: Revent (talk · contributions (views) · deleted user contributions · recent activity (talk · project · deletion requests) · logs · block log · global contribs · CentralAuth)

The need for actual oversight is, frankly, rather rare on Commons... most deletions are simply due to the regular copyright issues. However, when people do need material to actually be oversighted, it is not infrequent for them to show up on IRC... such cases, that deserve oversight, are not uncommonly handled as a regular deletion by one of the admins present. Due to the nature of Commons, and the massive number of things deleted on a daily basis, that is typically not problematic... but, having one of the people frequently available on IRC able to actually apply 'oversight' deletion to such material would be a good thing... I think that the community is likely to trust that I would not apply the 'higher level' of deletion to material that was not in accordance with the specific criteria defined in the policy... the most common cases being that someone 'accidentally' uploaded a file that included something like a SSN.

Basically, the rationale for this request is that it is not (on Commons) a level of trust much beyond that of a regular admin, and that being more responsive to 'urgent' requests from random people would be a good thing. Reventtalk 04:26, 20 November 2016 (UTC)[reply]

Votes

  1.  Support MCMLXXXIX 04:33, 20 November 2016 (UTC)[reply]
  2.  Support Christian Ferrer (talk) 05:39, 20 November 2016 (UTC)[reply]
  3.  Support DatGuy (talk) 12:05, 20 November 2016 (UTC)[reply]
  4.  Oppose As I don't have any trust whatsoever in this user as sysop; so it is just logical that I would have no trust in them as oversighter. --A.Savin 12:58, 20 November 2016 (UTC)[reply]
  5.  Support --Steinsplitter (talk) 14:27, 20 November 2016 (UTC)[reply]
  6.  Support. -- Geagea (talk) 14:31, 20 November 2016 (UTC)[reply]
  7.  Support - Trustworthy admin, I see no red flags here. Support. –Davey2010Talk 14:59, 20 November 2016 (UTC)[reply]
  8.  Support No concerns with Revent. Nick (talk) 16:09, 20 November 2016 (UTC)[reply]
  9.  Support Of course. Very trustworthy admin. Reguyla (talk) 00:04, 21 November 2016 (UTC)[reply]
  10.  Support Definitely. I nominated him for adminship previously and he has proven himself to be a good admin. I am happy to support this nomination. Trusted and capable user. Why not? Jianhui67 talkcontribs 00:13, 21 November 2016 (UTC)[reply]
  11.  Support Why not? He's active and he does not participate in any hassle. Taivo (talk) 08:07, 21 November 2016 (UTC)[reply]
  12.  Support We need an extra oversighter and well, Revent is active and trusted. Natuur12 (talk) 22:09, 21 November 2016 (UTC)[reply]
  13.  Support Good answers to questions below, trustworthy. Like those above said, why not? -- Poké95 10:50, 22 November 2016 (UTC)[reply]
  14.  Support has continually displayed exemplary judgment as far as I have seen. Storkk (talk) 13:53, 22 November 2016 (UTC)[reply]
  15.  Support Trijnsteltalk 00:40, 23 November 2016 (UTC)[reply]
  16.  Support Revent has a proven track record as an active, capable and trusted adminsitrator here on Commons. The answers provided show that he is as prepared for the role as one can possibly be, and I am happy to support his candidacy. I am convinced that Revent will make an excellent addition to the oversight team and that he will very quickly learn the tricks of the trade. Being an oversighter is a lone and thankless job, so enjoy the spotlight, and good luck :-) odder (talk) 09:06, 23 November 2016 (UTC)[reply]
  17.  Support Since there are only a total four oversighters, two of whose name I know, I trust Revent and the answers below are good. --Sebari – aka Srittau (talk) 23:38, 23 November 2016 (UTC)[reply]
  18.  Support 5 is a good number. Marcus Cyron (talk) 04:24, 24 November 2016 (UTC)[reply]
  19.  Support Raymond 07:33, 24 November 2016 (UTC)[reply]
  20.  Oppose Sorry. From my experience, this user is highly biased in handling cases. He prefer to keep his mouth closed when his friends make a mistake; jump in when even see some minor mistakes on the other end. So not even suitable to held an admin flag. (I had conflict of opinions with many users here holding higher rights here. But it doesn't matter; most of them are able to handle each cases neutrally.) Jee 03:45, 25 November 2016 (UTC)[reply]
  21.  Support Highly active and knows how to use the tools, always available on IRC where there is a need for people with oversight access to be "actually" present..--Stemoc 04:05, 25 November 2016 (UTC)[reply]
  22.  Support Trusted user. --Yann (talk) 10:37, 25 November 2016 (UTC)[reply]
  23.  Support --jdx Re: 11:36, 25 November 2016 (UTC)[reply]
  24.  Support -- Revent is one of the few admins I respect a lot and I have so much trust in them. Wikicology (talk) 07:14, 27 November 2016 (UTC)[reply]
  25.  Support satisfactory answers below --Zhuyifei1999 (talk) 07:55, 27 November 2016 (UTC)[reply]
  26.  Oppose Per A.Savin and Jee. While Revent gives good answers to the "interview questions" below, Oversight is an extension of Admin and I'm afraid I don't believe Revent should be an admin. Classic example of an RFA about seeking file/maintenance admin powers and not become involved in controversial people admin activities yet ends up doing so in a very biased way, and very much not being the "impartial voice of reason" he promised to be. I wish we had separation of file/maintenance admin abilities as very few people demonstrate the neutrality and wisdom needed for people admin. I can't support oversight for someone who I would not support being admin. -- Colin (talk) 15:04, 27 November 2016 (UTC)[reply]
  27.  Keep Within COM:SCOPE. -- とある白い猫 ちぃ? 23:29, 28 November 2016 (UTC)
    @とある白い猫: What do you mean? This isn't a DR --Zhuyifei1999 (talk) 02:45, 29 November 2016 (UTC)[reply]
  28.  Support Mostly due to availability in addition to the obvious capability and trust. Revent is online regularly for long lengths of time, so he'll be particularly useful handling any high-priority requests for oversight. ~ Rob13Talk 08:02, 29 November 2016 (UTC)[reply]
  29.  Support Always been sensible and reliable. Oversight is not a task that I would wish on anyone. Hopefully Revent will keep a light touch and walk away from the right if it becomes a burden. -- (talk) 22:01, 29 November 2016 (UTC)[reply]

Comments

  •  Question Let's assume I'm not convinced by your candidacy statement. Why do you think I should support your nomination? Have you got any experience in dealing with non-public personal information, both on-wiki and outside of it (also in the context of Wikimedia)? If so, what is it? What do you think you will bring to the role? odder (talk) 08:05, 20 November 2016 (UTC)[reply]
A several part question, so I'll answer it in several parts.
  • As far as dealing with 'private information' outside of the projects, I was a member of the US Navy with an SCI clearance. I also worked for a number of years as a income tax preparer for H&R Block, where I dealt with the personal financial information of hundreds of clients, was subject to financial privacy laws, and had access to large amounts of personal information. I was also an 'enumerator' for the 2010 US Census, where I was sworn to a confidentiality oath under the penalty of five years in federal prison if I disclosed personal information. This history of dealing with such material stretches back, now, for about 20 years.
  • I have been a member of the OTRS team for several months now, after being prompted repeatedly, a role that requires the agent to also be aware of, agree to, and comply with the WMF's privacy policies.
  • OS would not seem to be, generally, a 'deliberative' task, so other than an awareness of what 'is' non-public personal information, all that I can really honestly say I would bring to the role is an increase in the availability of 'oversight-level' deletion, for when 'random' members of the public appear on IRC in a panic about the exposure of their personal information. Other than cases where the material is a matter of either 'accidentally outing themselves', or 'accidentally giving the world the ability to steal their identity', oversight deletions are a matter of either egregious attack usernames or actions taken on the request of WMF legal.
  • I do think that I, however, have a good working relationship with both a couple of the current oversighters, and several of the stewards, and would have no trouble with discussing cases reasonably when needed. Reventtalk 23:24, 20 November 2016 (UTC)[reply]
  • The main duty of an oversighter is, obviously, to permanently suppress instances of 'non-public personal information' that were either inadvertently, or maliciously, published to the wiki. I have requested the use of oversight multiple times, over the years, and never been denied... the first time, as I recall, was where a FOIA request had resulted in the release of portions of a military record, then uploaded to the wiki, that included both the birthdate and SSN of the servicemember. After redacting the SSN, and uploading a new copy, I asked for revision deletion of the original. Another (recent) case was where an editor had accidentally uploaded the 'wrong file' that was, essentially, a financial document.
  • Outside of that, the other major task of an oversighter is to suppress material upon the request of WMF legal. Reventtalk 23:24, 20 November 2016 (UTC)[reply]
  • Yes, I have read the policies and signed both confidentiality agreements, long ago, and I submitted a copy of my ID when I requested OTRS access. Other than simply being aware of what information actually 'is' covered by the policies, the main affect on the work of an oversighter, or anyone with access to such information, is "You don't talk about Fight Club". You cannot keep personal records of such information, or discuss the information itself, or even it's nature, in anything but the most generic terms with anyone who does not personally have valid access to the same information due to a role that they currently hold. Reventtalk 23:24, 20 November 2016 (UTC)[reply]
  •  Question Have you enabled two-factor authorization on your account? If not, why not? Do you think two-factor authorization should be compulsory for all Commons functionaries (oversighters, checkusers and bureaucrats)? If not, why not, and if yes, why? odder (talk) 08:05, 20 November 2016 (UTC)[reply]
  • Yes, I enabled 2FA within a few hours of it being made available to administrators. Without going too in depth into the technical details, I do think that 2FA should be required for all functionaries, on all projects, and I think the recent security breaches make why fairly clear. When the security of an account is based upon only a single 'secret' (a password) the security is only as good as the quality of the password, and the security of the password file. It seems to be the case that the attackers have been able, through some means, to obtain the hashed passwords of at least some administrators, and subject them to an offline brute force attack. TOTP (what we are using for 2FA) is the current 'best practice' for account security, and does not rely on person who owns the account being aware of technical details of password security... it depends on a completely different paradigm, 'something you have', not 'something you know'. Reventtalk 23:24, 20 November 2016 (UTC)[reply]
  •  Question How much time do you think it takes to perform oversight tasks? How many requests do you think are dealt with every month? Is this information available publicly? And finally, do you think you have the spare time to actually do this job? odder (talk) 08:10, 20 November 2016 (UTC)[reply]
  • To answer the first part explicitly, I cannot imagine that in the vast majority of cases where oversight is needed it would be at all time consuming... it would just be a matter of seeing that it was needed, and then actually 'doing' it. As far as how many requests are dealt with... since I can't look at the suppression log (which is itself suppressed), I cannot answer that 'directly', but COM:OS/S indicates that one or two requests a day is typical. I think the real concern is, simply, that when a request for oversight is made, it is 'by it's nature' an urgent request, and so it's important that it can be dealt with quickly... I think I have a well-known history of being 'around', and available and willing to respond to issues, most of the time. Reventtalk 23:24, 20 November 2016 (UTC)[reply]
@Odder: A closure time... isn't adding that your job? :P Reventtalk 23:24, 20 November 2016 (UTC)[reply]
  •  Question I am not an oversighter (not even an admin), but oversight is very sensitive, more sensitive than checkuser (IMO). I am not doubting your trustworthiness in handling personal information, I just want to be sure before I cast my !vote. Here are some cases that I think you may encounter when you are an oversighter. Would you use normal revision deletion (which admins can use) or oversight? Please explain for each case.
    1. Unintentionally published personal information (the easiest part, I'm sure you can answer this )
    2. Copyright violating content (whether that would be text or media)
    3. Published IRC logs of a channel not allowing public logging
    4. Personal information about a minor, intended
    5. Unintentional revealing of someone's IP address (this is mostly because of being accidentally logged-out while editing)
    6. Confidential documents, like DNA tests, medical tests, and information from intelligence agencies
  • Optional question: Why did you chose oversight instead of checkuser? Isn't checkuser is more needed than oversight?
  • Thanks, Poké95 11:59, 21 November 2016 (UTC)[reply]
The use of oversight is very limited by the policy, and most 'deletable' material shouldn't be oversighted. He's my answers, tho.
1. Obviously, oversight. Unintentional (or malicious) disclosure of non-public personal information is the main use of the tool.
2. Copyright violations are not oversighted, normally. There is a 'use case' in the policy that allows for oversight to be used for doing so 'on the advice of Wikimedia Foundation counsel', but I can't really imagine a circumstance where Legal would ask for such an oversight that wasn't done as an Office Action, and even material removed after a DMCA notice is normally not oversighted.
3. IRC logs, from 'non-publically-logged' channels, are simply a copyright issue, and would only be a matter for oversight if there was material in the log that 'itself' was oversightable.
4. Personal information 'intentionally made public' by a minor is a sticky one... when a person makes their own information public, it's normally their right to do so, but it's very easy to imagine cases of very young minors exercising extremely bad judgement about the type of material that they put online. If I felt that a specific case was so egregious that it was likely to place a minor in actual 'physical danger' (I'm thinking of geotagged pedophile bait, here) I would of course oversight it, report it to the WMF, and discuss it with the other oversighters.... even if it was decided that such an oversight was an overreaction, it's reversible, and if the safety of a minor is potentially involved it would be wiser to remove the material while it was discussed.
5. An editor's IP address, unless they intentionally make it public, is protected by the privacy policy, and can be oversighted if they ask. In my experience, however, people usually just ask that it be 'deleted', and it's handled by a 'regular' administrator. I would not 'on my own initiative' oversight an IP address if simple deletion was all that was requested, but I would mention that it could be if the person wanted.
6. You cross two different types of 'confidential' material here. "Medical records" are quite clearly oversightable unless it's definitively established that the affected person themselves consented to their publication. "Classified" material, like intelligence agency documents, is not itself 'inherently' oversightable, and in many cases not even deletable (I'm thinking of File:Prism slide 5.jpg), but it's easy to assume that such material could itself contain non-public personal info, and the correct answer would probably be to redact that information, and then oversight the unredacted version. We should not be used to disseminate material that would place identifiable people at physical risk.
Just to make it clear, that I held a US government security clearance does not mean that I am legally obligated to attempt to censor classified (or allegedly classified) material. I am only prohibited from disseminating material that I 'know' is classified because I myself learned it from a confidential source, and to be honest, 99% of that was incredibly boring and technical design details of naval nuclear reactors.
As far as 'why oversight vs checkuser', I really have no interest in being a CU... that job is a matter of 'investigating' people, really, and to be honest the tool is overrated (the level of technical knowledge needed to avoid CU is not especially high, as many people have demonstrated over time). CU is about, really, being able to 'look at' private information, while OS is about 'suppressing' private information. We've 'lost' two oversighters in the past year, moving us back down to just four people, and it seems like a good idea to reduce our 'bus factor' by training up at least one more before we have more attrition. Reventtalk 21:17, 21 November 2016 (UTC)[reply]
@Revent: In other words CU requires technical knowledge and interpretation skills where as OS is intended to merely suppress private information such as addresses, real names and other info that were added out of malice or in error? -- とある白い猫 ちぃ? 02:02, 4 December 2016 (UTC)
Suppressing private information linked out of malice or in error, unless the user linked it themselves or already declared it on their user page. Wikicology (talk) 09:26, 4 December 2016 (UTC)[reply]
Retrieved from "https://commons.wikimedia.org/w/index.php?title=Commons:Oversighters/Requests/Revent&oldid=225093758"