Check User Policy
The action of CheckUsers must follow the objective of combating fraud attempts and blocking bypasses. The CheckUser must place the protection and preservation of the privacy of contributors as a priority in his work.
General principles
CheckUsers act only after a reasoned request from a third party on the public page VD:RCU (except in the cases stipulated in the exceptions paragraph).
CheckUsers may include:
➔ On accounts, to look for a link with another specific account, in a case of proven suspicion.
➔ It is allowed to scan accounts in the verified contributor's IP range for matches. If the search is positive, any dormant accounts that may be detected can be revealed and blocked.
It is forbidden to:
➔ Perform a CheckUser on an IP address to find out the user account of the person contributing under IP, except in case of mass harmful actions.
➔ Use the tool to try to intimidate contributors.
➔ Perform a CheckUser that you have requested yourself.
➔ Disclose personal information if it is not strictly necessary and essential. If personal data is to be published, it must be kept to a strict minimum. It will be necessary to favor the pseudonymization of the data, indicating for example "same ISP, same geographical area" and not "the accounts have their IP at Orange and are located in Courbevoie".
➔ Perform a CheckUser without valid reason, or contrary to the rules.
Before processing the request, a CheckUser must:
➔ Verify that the request is justified by the demander, and that these justifications are good.
➔ Be sure that verification is necessary.
CheckUser is required if:
➔ Suspicions of circumvention of blocking a precisely identified account,
➔ Suspicions of fraud between several precisely identified accounts, use of abusive sockpuppets,
➔ Necessary for the fight against spam (to be able to block a spam IP).
➔ Justified suspicions of usurpation of an account, on various versions of the project. The contributor must have a reasonable time in order to be able to prove that it is not a usurpation, and avoid user verification. Nevertheless, the verification can be done quickly, if the data is about to be deleted automatically.
Any CheckUser who discovers an irregularity of another CheckUser in the application of these rules is required to report it to the Vikidia association as soon as possible.
CheckUser as part of password reset
When a user requests to recover his account, after having forgotten his password without being able to recover it by himself, a verification must be carried out to ensure that the technical data of the applicant corresponds to those of the account concerned. The verification should preferably be done from the account or ip saying he lost his account, to see if the lost account appears in the data.
CheckUser without query
The Vikidia association may, in case of necessity and at the request of one or more CheckUsers, grant derogations from this policy allowing verifications to be carried out without request. The list of these exceptions is public, and the reasons for presence specified.
Verifications are performed without request only if it is obvious that the account being checked belongs to the vandal on the list, and is used to directly and massively harm the encyclopedia. At a minimum, this list of exceptions shall be reviewed by the Board in order to remove items that are no longer needed.
Checks without a request are also allowed in emergency situations, when a user threatens to commit a crime or put himself in danger, in order to warn the competent authorities. In this case, the CheckUser shall be authorised to transmit the information to the competent authorities. He reports precisely on his actions after the emergency has passed. It is also allowed to perform such a check without request on bots clearly identified as spammers in order to be able to block its IPs.
This document is made public. It applies to all versions of Vikidia, and can be reinforced by local provisions.