Wikinews:Requests for CheckUser/Archive 1

CheckUser Archive: Beginning 10 June 2005

Confirmed: User:Redman is User:Yrtsihpos, a blocked user previously determined to be User:Neutralizer. --Chiacomo (talk) 05:56, 10 June 2006 (UTC)[reply]
Confirmed: User:Redman is User:Yrtsihpos (Checked again as request by Chiacomo)--Cspurrier 14:17, 10 June 2006 (UTC)[reply]
Amgine, IMHO, this falls under the "obvious sock puppet" guidline above, and could have simply been blocked first. Yrtsihpos may have been a non-obvious sock puppet, not sure, I didn't pay attention. But this one seemed pretty clear to even to clueless little ol' me. Maybe checkuser shouldn't be used if no other admin is likely to disagree. Nyarlathotep 22:03, 11 June 2006 (UTC)[reply]
The use of sock puppets almost always results in a long block, therefore we owe our users as close 100% certainty before we block them. Also even though it looked to be a pretty sure thing PVJ and I am sure other editors were unconvinced. I am sure even in the most blatant cases, you will still have people who remain unconvinced.--Cspurrier 13:51, 12 June 2006 (UTC)[reply]

Multiple account/IP check

edit

Neutralizer appears to have decided to go on a vandalism spree, or someone is using Neutralizer as a foil to make it look like he is on a vandalism spree. To determine which is the case, I request a CheckUser on all of the following accounts and IPs used recently to harrass, vandalise, or circumvent a block:

- Amgine 17:44, 11 June 2006 (UTC) (editing not logged in)[reply]

  • A SockpuppetOfNeutralizer, ASockpuppetOfNeutralizer, Whockey-Chockey, CowicideReturnsAgain, CowicideReturns!!!, use the same ip, along with a few other WoW like editors. They are almost definitly not Neutralizer, the owner of the ip is Telewest Broadband I am still working on checking the ips --Cspurrier 18:26, 11 June 2006 (UTC)[reply]
Forgive me if it is inappropriate to comment here, but in this particlar case of "froggery" and abuse can't we raise it with Telewest? Or is Cowicide proxy-aware? --Brian McNeil / talk 18:30, 11 June 2006 (UTC)[reply]
I oppose the use of checkuser on such a large set of users/IPs. Checkuser request should be argued for individually and not in lumps. Moreover, I don't see the benefit of requesting checkuser on such a large set of user/IP. What problem is this supposed to fix? --vonbergm 18:37, 11 June 2006 (UTC)[reply]
I think we should definately raise a complain with the abuse department of Telewest. This is a clear case of vandalism. It's probably a proxy since I believe Cowicide almost certainly lives in the U.S., but still worth a shot. --Deprifry|+T+ 18:39, 11 June 2006 (UTC)[reply]
  • Four of the IPs have been used by Yrtsihpos or Redman, these ips have also reposted the "What Amgine said about Australians" thing, so based on this it would be fair to say that all of the ips above, probably have been used by Neutralizer. --Cspurrier 18:40, 11 June 2006 (UTC)[reply]
  • Also of interest is User:Factchecker whose IP is one of the ones listed above, based upon his ip he is in the same city and use the same isp as Neutralizer. The strongest evidence is he posted the "What Amgine said about Australians" thing, 13 mins after, and 2 mins before a logged in edit. It would be almost completely impossible for an ip to be reassigned to a completely different user in that short of time. It is logical to conclude Factchecker posted the "What Amgine said about Australians" thing, and is therefore a sock of Neutralizer.--Cspurrier 18:48, 11 June 2006 (UTC)[reply]
Where was the request made to use checkuser on User:Factchecker? On how many other users that are not listed here was checkuser used?--vonbergm 18:54, 11 June 2006 (UTC)[reply]
When you run a checkuser on an ip, it gives you a list of all contributions of anybody using that ip. One of the ips above matched an ip used by User:Factchecker --Cspurrier 19:07, 11 June 2006 (UTC)[reply]
A request was made to determine which of the above are socks of Neutralizer. Nothing more. While I already oppose using such a large set of users/IPs for checkuser, I strongly oppose the dragnet getting widened to include other users. Even if checkuser comes back linking other users to the above IPs, you should not report on these. This does not constitute acceptable use of checkuser. --vonbergm 19:17, 11 June 2006 (UTC)[reply]
  • This does appear to be fishing. If there is a serious vandalism problem it should be referred to the abuse department of the ISP. They have been, in the past, glad to deal with problem vandals (when you can finally get to a live person in the abuse department). --Chiacomo (talk) 22:04, 11 June 2006 (UTC)[reply]
A random check of dozens of ips would be fishing and would/should be prohibited. If I had any real doubt about what the results would be, I would never have run them. I already recognized one of the ips from the checkuser on Redman. I suspected Factchecker was a Neut sock since his editing style and user page matched very closely to the others. I had no where near enough evidence to actually run a checkuser but I am not very surprised he turned out to be a sock.--Cspurrier 22:24, 11 June 2006 (UTC)[reply]
Sorry, What exactly is the "Vandalism" accusation based upon? 64.229.28.158 22:38, 11 June 2006 (UTC)[reply]
CSpurrier; your edit above is confusing; did you run all of the ips as Amgine requested? Would you do that for any editor who requests you to? If not; what are your paramaters? You say that "A SockpuppetOfNeutralizer, ASockpuppetOfNeutralizer, Whockey-Chockey, CowicideReturnsAgain, CowicideReturns!!!" are not Neutralizer so please, tell us how that was not "fishing"? You say; "If I had any real doubt"..if you had no doubt, then why run Checkuser? Please report exactly what you checked and didn't check and what was the necessity for doing so? Was there any vandalism? Did you try to contact Neut. to ask him about any of this (Checkuser is supposed to be a last resort apparently). Please tell the community what you did and why it was a "last" resort.? Also, You say above "I suspected Factchecker was a Neut sock since his ... user page matched very closely to the others." I just looked atUser:Factchecker and User:Neutralizer; what is this similarity you refer to which raised your level of suspicion? Also, please advise the appropriate way in which I may register a complaint as to how I ,an anon, am subject to this type of dragnet use of checkuser. Please advise the link as to where I may complain about your past or potential invasion of my privacy and your reporting such to this broad and public community for seemingly very litle if any justification. I have reviewed User:Factchecker's edits and find absolutely nothing whatsoever to justify your exposing whatever infromation you happened upon about that user during your expedition. 70.50.76.209 23:34, 11 June 2006 (UTC) Comment by blocked user circumventing a block.[reply]
Sorry, that my comments were unclear. I will try to make this one clearer. I ran checkuser on everyone of the usernames and IPs listed by Amgine above except Yrtsihpos (we already know he is a sock, so I have no need to know his ips). I will run checkuser for any user who request it, provided they have a good reason to believe the users are the same, the above case was one of the clearest we are likely to see. Some of the confusion seems to be with people not knowing how it works. When you use the checkuser tool, you have the option of giving it a username or an ip. For example to see if Neutralizer and AsockpuppetOfNeutralizer are the same user, I put in AsockpuppetOfNeutralizer in the user box. It then returns a list of ips that user has logged in with. I then run the ip in the other part of the tool and it lists all contributions anyone using that ip has made. Running the ip AsockpuppetOfNeutralizer used returned a list of contributions made with several different usernames, including the ones listed above.
I checked the ips even though I had no real doubt, because of basic fairness, every one of those ips listed above have been blocked, primarily because they were believed to be Neutralizer evading a block. If these edits were in fact not made by Neutralizer, they should be unblocked
It is not actually User:Factchecker and User:Neutralizer userpages where I found similarity but User:Factchecker and the other socks of Neutralizer.
I so not think contacting Neutralizer would have done any good, there is not much that he can say that would help the matter. Neutralizer is well aware that socks used to evade blocks are prohibited, his first long block was inpart for the use of a sock in a prohibited manner. I believe the last resort guideline is designed to refer to idea that checkuser is to be used only after the user has become a problem, not just because you think they may and also to cut down on request that are a waste of time, as checkuser can be very time consuming. If you have a different interpretation of this, I would be interested in hearing it, along with what steps you believe should have been taken first.
If you wish to you can register a complaint on the talk page of this page, the Water cooler or WN:ALERT. I would recommend that you pick one and link to it from the others, so as to avoid confusion.--Cspurrier 00:16, 12 June 2006 (UTC)[reply]

*Maybe you could answer 4 questions if you do not mind; *1;Amgine's accuses the ips above of being "vandals"; is that true and what was the vandalism? *2;These user names were listed in Amgine's list"A SockpuppetOfNeutralizer, ASockpuppetOfNeutralizer, Whockey-Chockey, CowicideReturnsAgain, CowicideReturns!!!" You say you checked them because you had "no real doubt"; yet you also say they are in a different country and you do not hink they are Neut....so which is it? *3; You say above you will run Checkuser for anyone "provided they have a good reason to believe the users are the same" what was the good reason that Amgine gave showing "A SockpuppetOfNeutralizer, ASockpuppetOfNeutralizer, Whockey-Chockey, CowicideReturnsAgain, CowicideReturns!!!" was the same as Neutralizer? *4; We all know that many people can share computers; why did you report to the community your Checkuser results and suspicions regarding Factchecker when he was not even on the list? What was the point of reporting that to the community? Isn't that a clear invasion of privacy? 70.50.76.209 00:31, 12 June 2006 (UTC) Comment by blocked user circumventing a block.[reply]

1. Amgine labeling them as vandals is not a 100% accurate label in the way it is normally used, regardless a case can be made that the repeated reposting of the same thing by a blocked user fits a definition of vandalism and definitely block avoidance.
2. I had no doubt the ips were Neutralizer, I was a bit unsure about the users A SockpuppetOfNeutralizer, ASockpuppetOfNeutralizer, Whockey-Chockey
3. The reasoning for running the first three is that there are only two possible outcomes, A. They come back to be Neutralizer showing he has resorted to blatant vandalism and should be perm banned or B. there is no match, and no one can accuse Neutralizer of the actions of the users claiming to be him. In case B, Neutralizer privacy is not violated, since I never see his ip. Including the Cowicide ones was to further eliminate any doubt that the three user names above were not Neutralizer.
4. I reported Factchecker because I knew he was a sock with 98% certainty, if I was any less sure I would not have posted it.--Cspurrier 03:45, 12 June 2006 (UTC)[reply]
Cspurrier, coming up with an additional name that is not mentioned in the initial checkuser request is fishing. Your comments show very poor understanding of the uses and misuses of checkuser. I would like someone from Wikipedia or Meta with longer experience in checkuser issues to take a look at this. I would like you to conifrm that you will refrain from using your checkuser privileges until until this is cleared up. --vonbergm 01:17, 12 June 2006 (UTC)[reply]
I disagree. If Fact's IP is listed, as he stated, then he a right to run the checkuser. Jason Safoutin 01:19, 12 June 2006 (UTC)[reply]

Vonbergm: Each of the above IPs were blocked after use to circumvent a block by User:Neutralizer. The reason I requested this check was to prove conclusively that Neutralizer was not the person who committed more serious vandalism. The fact that these checks have found another sock puppet which Neutralizer is using was accidental, but not completely unexpected due to the repeated sockpuppeting by this user. - Amgine | talk en.WN 01:51, 12 June 2006 (UTC)[reply]

Amgine, we can argue about whether your checkuser request should have been granted or not some other time as I want to focus on my main concern. You specified a range of users and IPs. Factchecker is not one of them. His name came up "accidentally" and thus Cspurrier's choice to add his name to the list only because it happened to come up in his checkuser request constitutes fishing. There are good reasons that fishing is absolutely not acceptable.
Moreover, please be aware that checkuser can only give probabilistic information. As such, checkuser can only deliver sufficiently significant results if it is used to check a sock suspicion. If it is used to find socks, it looses much of its reliability. That is why the tool is called "checkuser" and not "findsock". This is why any scientist has to have a hypothesis before collecting data to test it (instead of mining the data to come up with a hypothesis and then using the very same data to test it). This is why information from dragnet searches are not admissible in court. Moreover, when you talk about a sock of a sock the statistical significance of your findings deterioate rapidly. I am sure I don't have to go over the basics of probablity and testing theory here to explain this further, and I expect that you modify your language appropriately. I am afraid that because of the nature of how Factcheck's name came up, checkuser information cannot be used to make valid statements about his sock-status. --vonbergm 03:33, 12 June 2006 (UTC)[reply]

I have not followed up on Craig's checkuser, but, it appears that all that can be said is that User:FactChecker used one of the IP addresses above -- without details (and I've not discussed this with Craig), it would be hard to say definitively that the "anonymous" IP edit and the Factchecker edit are made by the same person. If, for example, Factchecker and the IP edited within a few minutes of one another, it is very reasonable to conlude that they are the same person. If there is a great period of time between edits, it is possible that the edits are no related. --Chiacomo (talk) 03:42, 12 June 2006 (UTC)[reply]


Vonbergm: CheckUser is designed to find usernames which are being used as sockpuppets. In performing the checkuser check, a sockpuppet was found. What is your problem with this? In checking a series of IP addresses which were, in fact, used to perform a specific, characteristic vandalism (which is one of the criteria for a checkuser request), it was discovered that an IP was connected to a specific username in a way which would be almost impossible to be anything but a sockpuppet use. Why would this be a problem? - Amgine | talk en.WN 04:06, 12 June 2006 (UTC)[reply]
Amgine, don't pretend to be naive. Please provide evidence for your assertion that "CheckUser is designed to find usernames which are being used as sockpuppets." (my emphasis on the central word in your assertion), as this clearly contradicts Wikipedia checkuser policy (it even has a cute icon with text "Checkuser is not for fishing"). The reasons are obvious (assuming you have basic understanding of statistics) and I outlined them for you above. --vonbergm 05:07, 12 June 2006 (UTC)[reply]
Chiacomo, just to make sure. Do I understand checkuser correctly in that it only gives IP information? E.g. all computers sitting behind a wireless access point at a coffee shop will show up with the same IP? Or everytime someone uses a proxy, even if that person needs to log in to do so, the computer shows up with the same IP as all the other people that use that proxy? (I sometimes use such a proxy with tens of thousands other authorized users (university proxy to get online journal access). although I try to remember not to edit wikinews through the proxy, I sometimes forget to turn it off.) --vonbergm 05:07, 12 June 2006 (UTC)[reply]
If a CheckUser is run against an IP address, it will present all edits by that IP (including edits by logged in users). If a CheckUser is run against a Username, it will present all IPs used by that username -- handy links are provided with each IP to make it simple to in turn CheckUser those IP addresses (it is by this method that socks are most commonly detected). So yes, all editors behind a wireless access point with a single "outside" IP would show that single IP. All users of a proxy will show the proxy IP. After reading your message earlier and replying I did have a chance to talk with Craig about his checkuser results. It is obvious to me that he followed procedures and did not abuse the privilege. The only anomaly is the large number of IP addresses above, but they all do appear to have contributed vandalism to the project. I don't wish to reveal the exact method he used to detect the Factchecer sock (as it might tip off other vandals as to how to avoid being detected), but it was a very simple and straightforward process. If you have the opportunity, he can explain it to you and it will be completely obvious (as near 100% certainty as I can imagine) that Factchecker is a vandal and sockpuppet. I am amazed at the vandal's boldness and disappointed as I had hopes that the vandal/user concerned could rejoin the community and make constructive contributions. I still harbour some hope, but, as some of my critics have pointed out, I am probably to quick to assume good faith (if that's possible). It is possible that I have revealed too much about the way CheckUser works (technially) in this reply -- if so, I encourage someone to censor this message. --Chiacomo (talk) 05:30, 12 June 2006 (UTC)[reply]
Cspurrier, I challenge you to explain how you derived the number 98 in "98% certainty". Checkuser issues are too important to use this discussion to produce examples for Harry Frankfurt's recently republished essay. --vonbergm 05:07, 12 June 2006 (UTC)[reply]
Vonbergm: The evidence is in the Checkuser policy on Meta. To quote:
  • Determine from which IPs has a user edited the Wikimedia wiki
  • Determine the edits on the Wikimedia wiki of a specific IP (even when logged in)
Please note especially the words "even when logged in". It is not fishing to look at the edits from an IP who has engaged in user page vandalism, when there has been a rash of sock puppet vandalism on the site related to the user in question. You are now Wikilawyering without purpose or benefit to the site. - Amgine | talk en.WN 05:34, 12 June 2006 (UTC)[reply]
Amgine, you forgot to mention that your quotes are in a section describing the ability of the chcekuser utility and not its purpose, as the way you present the quotes suggest. If you read the checkuser pages on meta (or wikipedia) in context, you will find that the purpose of the tool is to check sockpuppet allegations and not to find new sockpuppet suspects (and use the same checkuser data to "confirm" their sock-status).
The latter is a textbook example of data fishing, and not acceptable.
Quote

A key point is that one should not formulate a hypothesis as a result of seeing the data, at least not if the data is then used as proof of the hypothesis.
Over time, this methodology is bound to produce false positives, which would be detrimental given the already low level of trust in this process.
As it has been suggested that I am a sockpuppet (in the very first edit on my talk page following the "hello"!) and as my travelling and computer life dictate that I edit from a large range of IPs that are often shared by many computers, I have some personal interest to curb abuses of checkuser. (Am I lucky that I have not been to Toronto lately!) I do not sense the neccessary sensitivity to checkuser issues in the above discussion, nor do I sense sufficient willingness to discuss issues honestly and openly (Chiacomo being the exception). At this point it seems to me that the only answer is clear policy that limits checkuser. --vonbergm 19:19, 12 June 2006 (UTC)[reply]
Vonbergm: I said it was designed to find sockpuppets. You asked for evidence. I gave you evidence from the policy: what the checkuser does. If you think this means it was designed for some other purpose, you are welcome to your beliefs. As has been repeatedly stated in this thread, and which you have failed to acknowledge, is that not one of the IPs or usernames examined did not have full justification for being examined. I believe you are not editing in this thread in good faith, and I believe your continued remonstance on this particular incident amounts to a disruption. - Amgine | talk en.WN 02:03, 13 June 2006 (UTC)[reply]
Amgine, you did not just say that "it was designed to find sockpuppets" in some casual sense that could be interpreted loosely. The words 'find' and 'check' received a very specific meaning in the conversation that you responded to. Your language abilities are good enough that you are well aware of this.
I acknowledged your assertion that the performing checkuser on the long list of names and IPs was valid only by saying that "we can argue about whether your checkuser request should have been granted or not some other time as I want to focus on my main concern." Fishing is simply far more serious. To satisfy your request that I address this less serious issue, I believe your request does not meet requirement 3 of the operation guidelines. Moreover it raises issues with point 1, in particular with "difficulty of interpretation of results" as this type of checkuser request encourages the engeneering of false positives. Moreover, while there are clear elements of vandalism in the edits (even amoung the ones of some from the suset of users/IPs listed below) the at this stage do not qualify for "ongoing serious pattern vandalism". --vonbergm 04:10, 13 June 2006 (UTC)[reply]

UofT (talk · contribs) User edits in style/topics of User:Neutralizer. Note the only edits are to this page, not a page likely to be found by a casual surfer from the University of Toronto (which is on a different backbone and *not* sympatico.) - Amgine | talk en.WN 01:54, 13 June 2006 (UTC)[reply]

Denied: While it is perfectly possible that this user is a sockpuppet of Neutralizer, there's no evidence of vandalism and certainly not a pattern of vandalism. It is unusual that the user discovered this very new page rather quickly, but it's possible that it was noticed in Recent Changes. Also, CheckUser should be used as a last resort. Several users appear to be confident that this user is a sockpuppet -- without CheckUser. Obvious sockpuppets can be blocked without the use of CheckUser. This denial does not preclude later requests with proper justification. --Chiacomo (talk) 03:50, 13 June 2006 (UTC)[reply]
So what? The user:UofT edit above is not vandalism. Does Wikinews allow for sockpuppets or not? WikiMediaFoundation policy does seem to allow for sockpuppets. If Wikinews is to stay within keeping of the foundation's policies, then it also should allow for sockpupputs, and not go on witch hunts. -Edbrown05 03:39, 13 June 2006 (UTC)[reply]
Edbrown05, sockpuppets are not prohibited -- the use of sockpuppets to evade a block is prohibited. This is Amgine's assertion -- that the above user is attempting to evade a block. --Chiacomo (talk) 03:50, 13 June 2006 (UTC)[reply]
right. WP:Sock puppetry says "Users who are banned from editing or temporarily subject to a legitimate block may not use sock puppets to circumvent this. Evading a ban in this manner causes the timer on the ban to restart, and may further lengthen the ban." Doldrums 03:51, 13 June 2006 (UTC)[reply]
Point 3 in the Operation Guidelines: 'Please do not list cases involving "throwaway" accounts that are only used for a few edits.' So far User:UofT is at three (3) edits. --vonbergm 03:44, 13 June 2006 (UTC)[reply]
I agree. --Chiacomo (talk) 03:50, 13 June 2006 (UTC)[reply]
yep. the reasonable thing to do, i think, is, having warned nuet, lengthen the ban on him on every instance of suspected sockpuppetry, but allow the suspect-puppet or neut to ask for a checkuser to clear their name, if the accounts are not indeed socks (this means that a clear message needs to be left on the sock's talk page instructing them on how to request such a thing.) and do not run checkusers for every suspected sock. Doldrums 03:51, 13 June 2006 (UTC)[reply]
Let alone the little detail Neutralizer's last edit under his name is not in the logs any more, and there are only few left in the logs for Yrtsihpos, so we will have to compare UofT's IPs with Redman's, or maybe with possible socks of Redman. Using checkuser to confirm that UofT is a sock of a sock of a sock of Neutralizer and use this to claim that Neutralizer is evading a block sure makes a lot of sense. Of course, if I look up the validity behind such a request for this in my gut instead of a statistics book, then... --vonbergm 04:18, 13 June 2006 (UTC)[reply]

This is really mushy policy --> you can sock puppet if nobody cares, but you can't sock puppet if somebody cares <-- it's instuction creep. Either sock puppets are okay, or they aren't. -Edbrown05 05:18, 13 June 2006 (UTC)[reply]

not really mushy. the (WP, meta) policy is simply, u can sockpuppet, but not misuse the sock(for multiple votes,psuedo-consensus,evading blocks). Doldrums 05:25, 13 June 2006 (UTC)[reply]

Huh? Are you or are you not a sock puppet? If you are, then get off of my cloud. -Edbrown05 06:18, 13 June 2006 (UTC)[reply]
This is current policy, you can act like you are somebody else except when it comes voting or disrupting community "processes". -Edbrown05 08:05, 13 June 2006 (UTC)[reply]
Crap policy when you see it. -Edbrown05 08:47, 13 June 2006 (UTC)[reply]
I'd like to know who is who... after that i thought I'd say more, but there really isn't much more to say. -Edbrown05 08:56, 13 June 2006 (UTC)[reply]
I have to agree with Doldrums, checkuser is supposed to be a last option, this user hasn't caused enough trouble to really be a first option (IMHO). Bawolff ☺☻  16:28, 17 June 2006 (UTC)[reply]

Briefs vandal

edit

Can anyone find out where the following vandals come from: Scheleswig (talkcontribs (logs)block (block log)) Milkyboy (talkcontribs (logs)block (block log)) Break Dancing (talkcontribs (logs)block (block log))

My talk page has been vandalised by these vandals.

It would be good to know. --Gold-Horn 18:59, 12 July 2006 (UTC)[reply]

They appear to originate in geographically different parts of the world -- I suspect they are open proxies. I will make an abuse complaint to the various ISPs. --Chiacomo (talk) 23:09, 12 July 2006 (UTC)[reply]
Add Johnny Solcocker (talkcontribs (logs)block (block log)) to the list - and see the edit summaries this user produced. --Gold-Horn 09:08, 14 July 2006 (UTC)[reply]

WoWs

edit

Kings ON WHEELS!!! IS COMMUNSM (talkcontribs (logs)block (block log))

Give up Deprify, enjoy being on wheels instead! (talkcontribs (logs)block (block log))

Willy is back, with ferrari wheels! (talkcontribs (logs)block (block log))

WILLY ON WHEELS! BLOCK ME IF YOU CAN! (talkcontribs (logs)block (block log))

August 20 2006, Two years of WHEELS! (talkcontribs (logs)block (block log))

Breaking news: WIlly on Wheels is back to vandalize Wikinews! (talkcontribs (logs)block (block log))

Nanny on Nails (talkcontribs (logs)block (block log))

Charlie on Chalk (talkcontribs (logs)block (block log))

Tony on Tags (talkcontribs (logs)block (block log))

Requesting check and release of the IPs of the aformentioned usernames per 3.1.5. of the privacy policy. Could lead to an abuse complaint to xyr ISP or at least to a few open proxy blocks. --Deprifry|+T+ 10:59, 4 July 2006 (UTC)[reply]

The ip is 195.188.152.16. This ip has not been used for anything but WoW. --Cspurrier 13:51, 4 July 2006 (UTC)[reply]
Thank you. --Deprifry|+T+ 15:07, 4 July 2006 (UTC)[reply]

Cspurrier, please explain how this request complies with checkuser policy, in particular

  • Obvious sock puppets may be treated as such without using checkuser and more importantly
  • Generally, do not reveal IPs.

--vonbergm 22:07, 4 July 2006 (UTC)[reply]

The goal was not to determine whether they are socks (this is indeed obvious) but to figure out whether they use a common IP so that a targeted block could be applied and a complaint with the vandal's ISP could be lodged. As I have already pointed out, this is permissible by per 3.1.5. of the privacy policy.
Quote

Where the user has been vandalising articles or persistently behaving in a disruptive way, data may be released to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers
--Deprifry|+T+ 22:14, 4 July 2006 (UTC)[reply]
Thanks, makes sense. --vonbergm 05:31, 5 July 2006 (UTC)[reply]
Sorry, it looks like I overlooked something, Nanny on Nails (talkcontribs (logs)block (block log))Charlie on Chalk (talkcontribs (logs)block (block log)) and Tony on Tags (talkcontribs (logs)block (block log)) are using the ip 82.32.39.101. Kings ON WHEELS!!! IS COMMUNSM is using 82.42.145.158.--Cspurrier 00:18, 6 July 2006 (UTC)[reply]
I don't necessarily support releasing IP information in this manner. It could be released to only one inidividual (the person wishing to make the complaint to the ISP), or the person performing the CheckUser could make the complaint himself... Based on my conversations with board members, I don't think the blanket release of IPs was their intention. I don't feel strongly about this, by the way. :D --Chiacomo (talk) 02:19, 6 July 2006 (UTC)[reply]
I am somewhat uncomfortable with the release of ips, but I believe the privacy policy does support it. I would never release the ip address of any user unless they are committing serious vandalism and even then only if the ip has not been used for legit edits. I do not see much of a problem with this particular case, because the ip has only been used for vandalism, the ip is already known as a WoW ip (see pedia) and anyone could figure it out from the block log. --Cspurrier 02:28, 6 July 2006 (UTC)[reply]
True, true, true. This is an obvious case where it's probably okay. :) --Chiacomo (talk) 03:06, 6 July 2006 (UTC)[reply]
Except I am a legit contributor from 82.42.145.158. --Gold-Horn 08:38, 6 July 2006 (UTC)[reply]
Ok, good to know. You did not show up in the checkuser because of the time since your last edit. --Cspurrier 15:08, 6 July 2006 (UTC)[reply]

OakMokeRoke et al

edit

Recently there was page move vandalism from OakMokeRoke, as well as an article on a 144 year old man. I deleted this, then a series of users recreated it and advocated for it to be kept. I want to see if the following are the same person, or if some of them are, or if they're different.

this is messedr͏̈ocker (talk) 23:18, 5 July 2006 (UTC)[reply]

They are all the same user --Cspurrier 00:12, 6 July 2006 (UTC)[reply]
Heh. Thank you, Craig. —this is messedr͏̈ocker (talk) 00:19, 6 July 2006 (UTC)[reply]
That's weird, they created a hoax and then reported it?! 68.39.174.238 23:38, 25 July 2006 (UTC)[reply]
No they didn't, they kept creating them and I caught them in the act. I deleted the articles for being hoaxes and protected them from recreation. —this is messedr͏ocker (talk) 23:39, 25 July 2006 (UTC)[reply]

Doppelgangers

edit

There has been a rise in doppelgangers, so I want to see if they're all related or what.

this is messedr͏̈ocker (talk) 22:29, 6 July 2006 (UTC)[reply]

They all match, and they are also using the same ip as a few other vandals/trolls --Cspurrier 22:34, 6 July 2006 (UTC)[reply]
This is an interesting twist. First MyName maliciously impersonates other users and vandalises Wikinews and then he creates another troll account just to "help" them (or himself rather). Gutsy. --Deprifry|+T+ 22:41, 6 July 2006 (UTC)[reply]
How did you infer that the doppelgangers belonged to MyName? —this is messedr͏̈ocker (talk) 22:42, 6 July 2006 (UTC)[reply]
The IP that was just blocked belongs to him. --Deprifry|+T+ 22:44, 6 July 2006 (UTC)[reply]

The latest vandal attacks

edit

I've really had enough of these vandal attacks. I'd like a CheckUser on the following users and have their IPs indefinitely blocked until a complaint letter can be sent off to the ISP(s).

this is messedr͏̈ocker (talk) 00:13, 8 July 2006 (UTC)[reply]

The ip is the same as a few requests up 82.42.145.158. It however does have a legit user, so blocking should be avoided. It probably belongs to a school, library or other public access point. --Cspurrier 00:21, 8 July 2006 (UTC)[reply]
I'll traceroute the IP and see what I can do. —this is messedr͏̈ocker (talk) 00:23, 8 July 2006 (UTC)[reply]
Don't worry; the vandals are gone! Shouldn't happen again... --Gold-Horn 11:28, 8 July 2006 (UTC)[reply]

User:MyName reports that his account was hacked and used to vandalise my user page [1]. However, as you can see this was actually done from his IP, 216.164.203.90 (talkcontribs (logs)block (block log)), which has been consistent for this user on many wikis including those on which he is permanently banned for repeated vandalism. This would indicate that it was his computer which was hacked, and which has been used to vandalise.

In the interests of security, we should do a check user on his account and IP to determine if the person who used his computer has in fact hacked or created other accounts, which should then be blocked indefinitely as they could otherwise be a risk for further vandalism. - Amgine | talk en.WN 01:21, 24 July 2006 (UTC)[reply]

I completely agree with Amgine. If other accounts have been created out of my IP they should be infinitely blocked, because I in no way approve of them. Also, I approve of a block on my IP that prohibits account creation. MyName 01:27, 24 July 2006 (UTC)[reply]
Nothing useful from the checkuser other then what we already know--Cspurrier 03:02, 24 July 2006 (UTC)[reply]

I ran a checkuser on User:Tomos locked out! after learning that User:Tomos was not in fact locked out. User:Tomos locked out! used three ips, an open proxy to create the account (now blocked), a probable open proxy to leave messages on a few talk pages and the same ip (216.164.203.90) as user:MyName for two small edits. This ip should probably be indef blocked (as it is on most other Wikimedia projects)--Cspurrier 17:16, 30 July 2006 (UTC)[reply]

Agreed. --+Deprifry+ 17:31, 30 July 2006 (UTC)[reply]

Rezilartuen

edit

I highly suspect that Rezilartuen (talkcontribs (logs)block (block log)) is a sockpuppet of Neutralizer (talkcontribs (logs)block (block log)) because Rez nominated Neutralizer for adminship, is involved in the same discussion, and he seems to support Neutralizer's beliefs of enforcing a NPOV. The clincher, however, is that Rezilartuen is Neutralizer backwards. —this is messedrocker (talk) 22:30, 27 August 2006 (UTC)[reply]

Neuty is now covering his ass. "I'm honoured but must reject the nomination. Thanks so much for the thought" Newsgather 22:31, 27 August 2006 (UTC)[reply]
Rezilartuen (talkcontribs (logs)block (block log)) and Newsgather (talkcontribs (logs)block (block log)) share an ip. There is however no match what so ever between Rezilartuen and Neutralizer.--Cspurrier 00:59, 28 August 2006 (UTC)[reply]
The Newsgather account came later, so is that a sockpupet? —this is messedrocker (talk) 01:05, 28 August 2006 (UTC)[reply]
I would just like to say that I doubt its a sock puppet of neut.He's done a lot of things that are stupid (including socks) but he's not that stupid. I think its someone just trying to cause confussion, or make neut look bad. Bawolff ☺☻  02:45, 28 August 2006 (UTC)[reply]
Did anyone else notice that "Rezilartuen" is "Neutralizer" spelt backwards? It appears to me that someone (who is probably familiar with the "Sophistry" "Yrtsihpos" episode is doing this to deliberately discredit Neutralizer, who, I believe, is not foolhardy enough to try the same trick again. PVJ(Talk)  05:00, 28 August 2006 (UTC)[reply]
This looks like another MyName game. The IP that was used now (User:216.164.203.122) is in the same range as his previous one (User:216.164.203.90). Looks like he's got himself a new address. But seeing that you just blocked him, I figure you already know that. --+Deprifry+ 07:33, 28 August 2006 (UTC)[reply]

The Nullifier

edit

After making some edits to an article, he then does a vandalism spree on User:Amgine. I warn him, then he replies "how can I be blocked if I'm banned?" I want to see if The Nullifier (talkcontribs (logs)block (block log)) is actually a sockpuppet of Neutralizer, who was banned. —this is messedrocker (talk) 04:23, 1 September 2006 (UTC)[reply]

User:The Nullifier and User:PUBLIC ENFORCER are the same person. I cannot confirm that these individuals are User:Neutralizer. --Chiacomo (talk) 04:28, 1 September 2006 (UTC)[reply]
User:Ban Lifted is the same as the above users. None appear to be Neutralizer. Different ISPs, totally. --Chiacomo (talk) 04:45, 1 September 2006 (UTC)[reply]
I have bannned Ban Lifted indefinately. Jason Safoutin 04:48, 1 September 2006 (UTC)[reply]
The ISP is RCN in Pennsylvania, the same one that MyName uses. --+Deprifry+ 07:59, 1 September 2006 (UTC)[reply]

Please determine whether this account is the sockpuppet of any established user. --+Deprifry+ 10:07, 6 October 2006 (UTC)[reply]

Same isp range as Neutralizer and also an exact match to new user user:Liberalcannuck--Cspurrier 13:36, 6 October 2006 (UTC)[reply]

This name is Amgine but spelled backwards. I was on Amgine's journowiki website for like a minute and noticed that the journowiki main page said: "Thanks to our founder Engima." Please determine whether this account is a sockpuppet of Amgine. FellowWikiNews (W) 23:22, 8 October 2006 (UTC)[reply]

Enigma last edit is to long ago for a checkuser, however there are a very strong odds that this is user:MyName --Cspurrier 23:45, 8 October 2006 (UTC)[reply]
Amgine was the one that put: "Thanks to our founder Engima" on the journowiki main page. Why would he do that? FellowWikiNews (W) 00:05, 9 October 2006 (UTC)[reply]
Enigma was a joke nickname for him (his name is Enigma backwords) --Cspurrier 01:30, 9 October 2006 (UTC)[reply]

Potential Neutralizers

edit

I would like to request a CheckUser of the following IP addresses, as they have been caught in the act of making comments either very similarly to the now-banned user Neutralizer or just plain immature and unacceptable.

Contingent that these IPs are indeed Neutralizer evading his ban, then I move that Neutralizer's ban be extended indefinitely. —this is messedrocker (talk) 22:00, 8 October 2006 (UTC)[reply]

No exact matches, however the ips are in the same range. It is extremely likely that the ips are User:Neutralizer. Neutralizer has already evaded his block by using 70.50.76.118 (talkcontribs (logs)block (block log)) a 100% match--Cspurrier 22:07, 8 October 2006 (UTC)[reply]
Probable sock puppet of Neutralizer. Jason Safoutin 02:16, 13 October 2006 (UTC)[reply]
ISP/City/Range match --Cspurrier 02:23, 13 October 2006 (UTC)[reply]

Suspected Neutralizer sockpuppet. Just so I can stick a pin in it and label it. --Brian McNeil / talk 18:38, 14 October 2006 (UTC)[reply]

Can't confirm that this is Neutralizer. ISP/City/Range match. --Chiacomo (talk) 19:03, 14 October 2006 (UTC)[reply]

This user voted against my RfDA, and is apparently a suspected sockpuppet of Neutralizer. However, I doubt whether Neutralizer would try the "lateral inversion" thing yet again (Tohstsalstuen spells Neutslastshot backward), and would certainly not mention that he lives in Canada on his userpage. I ask that Checkuser be applied to sort out this matter and clear Neut's name. PVJ(Talk)(Articles I have written)   17:52, 22 October 2006 (UTC)[reply]

User:الموت_على_الاسلام and Tohstsalstuen are using the same ip, an open proxy. It really does not matter whose sock it is, they are someone's sock and therefore not eligible to vote. It may be User:Myname or Neutralizer, because of the use of open proxy we can not be sure.--Cspurrier 17:58, 22 October 2006 (UTC)[reply]
user:Cowicide is also known to use open proxies as well...Mass amounts if I remember correctly. Jason Safoutin 22:40, 23 October 2006 (UTC)[reply]

Edits, attitude, beliefs and same kind of hostility as user: User:Neutralizer and User:Cowicide. Already made personal attacks on Rfda pages as well as telling users/Admins. on his talk page to "get lost." Jason Safoutin 22:43, 23 October 2006 (UTC)[reply]

I recommend not checkuser'ing. This contributor is well-known on Wikipedia, and has been known to get into hot water even there with allegations of incivility and personal attacks. I see no reason to assume that this user is either Neutralizer or Cowicide users. -- IlyaHaykinson 23:13, 23 October 2006 (UTC)[reply]
Also, Neutralizer liked PVJ. —this is messedrocker (talk) 23:15, 23 October 2006 (UTC)[reply]
Possibly, but the user has only contirbuted, if you want to call it that, to nothing but the Israel discussion, and the Rfdas. Jason Safoutin 23:18, 23 October 2006 (UTC)[reply]
Because he was lured over by this. —this is messedrocker (talk) 23:19, 23 October 2006 (UTC)[reply]
Many vandals or socks or whatever are lured over from off-Wiki sites. Remember IndyMedia? That was a while ago and will take some searching but if I recall it was about taking over the Admin on WN or sabotaging the project? Thats how most trouble makers get lured to WN. And then their contrbutions are anything but positive. Jason Safoutin 23:23, 23 October 2006 (UTC)[reply]
And what does this have to do with Dan being a sockpuppet? —this is messedrocker (talk) 23:37, 23 October 2006 (UTC)[reply]
Why come from one site to the next to cause intentional trouble? There is always a motive more than just a few words. Jason Safoutin 23:38, 23 October 2006 (UTC)[reply]
Daniel is a problematic user on the English Wikipedia (There is currently an ongoing RfC about his actions there) as well, but he is almost certainly not a sockpuppet of anyone. JoshuaZ 00:04, 24 October 2006 (UTC)[reply]
Another Personal Attack on WN:AAA Thunderhead(talk) 00:25, 24 October 2006 (UTC)[reply]
You can just checkuer any new confrontational user with all existing confrontational users. fyi, This is maybe one of the silliest checkuser requests i've seen. Nyarlathotep 13:08, 24 October 2006 (UTC)[reply]

archived 1 april

edit

Please determine whether this IP is used by any established user. --+Deprifry+ 15:48, 12 January 2007 (UTC)[reply]

Please determine whether these accounts were created by User:MyName. FellowWikiNews (W) (sign here!) 00:47, 2 March 2007 (UTC)[reply]

No match to the old MyName ips, but very well may be a match to MyName. The first three match and the forth is not a vaild username.--Cspurrier 00:58, 2 March 2007 (UTC)[reply]
I fixed the last one. [2] Please determine if he, which he probably is, MyName. Thanks for the quick responce :) FellowWikiNews (W) (sign here!) 01:01, 2 March 2007 (UTC)[reply]
The last one matches to the others. MyName edited long enough ago that I can not actually confirm it, but it is probably MyName. --Cspurrier 01:09, 2 March 2007 (UTC)[reply]

Please determine whether these accounts were created by User:84.45.219.185 or IPs from the same ISP. [3] [4] FellowWikiNewsie 16:58, 28 March 2007 (UTC)[reply]

Also check out user:Batman54 as he created the article "Sandra Ordonez" minutes after User:Colsser did. FellowWikiNewsie 18:04, 28 March 2007 (UTC)[reply]
All users share an ip address --Cspurrier 18:55, 1 April 2007 (UTC)[reply]
Thanks. FellowWikiNewsie 19:00, 1 April 2007 (UTC)[reply]

Please determine whether this IP is used by any established user on Wikinews. Thanks. FellowWikiNewsie 23:28, 24 April 2007 (UTC)[reply]

  Done Found no matching users Brian | (Talk) | New Zealand Portal 07:32, 25 April 2007 (UTC)[reply]

I'm suspecting sockpuppetry on this case, two poop related vandalisms. By Trev here and by Timberland here. Both within 15 minutes. —Zachary talk 04:18, 25 April 2007 (UTC)[reply]

  Done, you were correct, they a they are from the same user. I have found others as well Brian | (Talk) | New Zealand Portal 07:33, 25 April 2007 (UTC)[reply]

Please check to see if this user uses this IP. FellowWikiNewsie 22:41, 5 May 2007 (UTC)[reply]

A match, its also a 100% match to User:MyName. Also a match to new users Jaxl and Poetlister (more impersnation attempts) --Cspurrier 22:48, 5 May 2007 (UTC)[reply]

Would like this account to be checked against any existing Wikinews accounts for a possible sock puppet(s). DragonFire1024 17:58, 9 May 2007 (UTC)   Done Found nothing Brian | (Talk) | New Zealand Portal 19:40, 9 May 2007 (UTC)[reply]

Please check to see if these users are sockpuppets and/or have edited on Wikinews before. FellowWikiNewsie 17:27, 10 May 2007 (UTC)[reply]

He has. See here --+Deprifry+ 17:30, 10 May 2007 (UTC)[reply]
I was told by Brianmc that ิพรฟืทแ is him. It is the result of his keyboard set to Thai, and typing his username. —Zachary talk 17:37, 10 May 2007 (UTC)[reply]

  Done proved it is Brianmc sock :) (jks), and I cannot find any thing for the second user. Brian | (Talk) | New Zealand Portal 05:22, 11 May 2007 (UTC)[reply]