User talk:Odder

From Wikimedia Commons, the free media repository
Jump to: navigation, search
Busy desk.svg I am busy in real life and might not respond swiftly to queries.

For urgent oversight matters, please write to oversight-commons@lists.wikimedia.org.

If you require the assistance of a bureaucrat, please leave a message at the bureaucrats' noticeboard.

If you seek the help of an administrator, please leave a message at the administrators' noticeboard.

Archives: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11

Access to non-public Wikis[edit]

Hi Odder,

I noticed two edits of yours, [1] and [2], that suggest you do have access to OTRS Wiki. OTRS Wiki, as you know, is a closed, non-public Wiki, and, according to the logs, your OTRS Wiki account was closed on July 3, 2014. As you also know, content on OTRS Wiki is to be treated confidential per the General disclaimer (otrswiki:Project:General disclaimer) and may not be shared with third parties. It is for that reason astonishing to see you be able to quote verbatim from OTRS Wiki discussions and provide information about a user's contributions on a Wiki that, technically, you shouldn't be able to access. Following your posts, a number of users turned contacted me or, from what I hear, other members of the OTRS admin team, expressing their fear that other information, including personal information about themselves, could also potentially be accessible by third parties (real names, email addresses etc.), and two have expressed concerns about their personal safety as a result of such breach of privacy.

There are many possibilities on the table how you could have gained access to the contents. It may be possible that an OTRS Wiki user provided you with the information, though [3] rather suggests said user(s) provide(s) you with confidential information at least on a constant basis or that you have direct access to the Wiki. This may be, for instance, due to a current OTRS user sharing their account with you; due to you compromising a current OTRS agent's account, or due to you compromising WMF server systems in an effort to gain access to private Wikis. As you are probably aware, regardless of which option it is, it is a grave violation of OTRS Wiki's privacy policies. I am nonetheless confident that, as a Commons bureaucrat entrusted with oversight rights, you are also interested in identifying the user(s) responsible for that violation of privacy and confidentiality rules, so that OTRS agents no longer need to fear a third party releasing information that may potentially cause harm or considerable trouble to them or customers -- after all, OTRS Wiki is commonly used as a platform to discuss the handling of difficult BLP cases or similarly sensitive matters. Therefore, I ask you to disclose how you got hold of the information. You may, of course, do so in private by emailing the OTRS admin team at volunteers-otrs@wikimedia.org (in the interest of transparency, I will suggest to the admin team to disclose relevant details in public if they do not place agents or third parties in danger). I would also like to know whether you provided other individuals with confidential information that has, at some point, been obtained in breach of privacy and confidentiality rules of OTRS Wiki.

Many thanks in advance for your help in investigating this, — Pajz (talk) 17:22, 8 February 2015 (UTC)

Hi @Pajz, thank you for the questions and the detailed background information. Please note that as I do not have an account on the OTRS wiki, I am not bound by any policies that are in effect there. I understand that I am bound by the general Terms of Use and, as a Wikimedia Commons oversighter, by the access to nonpublic data policy; however, I am not aware of having broken either of them. I sincerely hope this answers your questions. Yours cordially, odder (talk) 21:55, 8 February 2015 (UTC)
Hi Odder, don't you think that it would be appropriate per the nonpublic data policy point one to keep nonpublic texts covered by this policy private even if you received this from someone else? As oversighter you are bound to this policy, aren't you? Regards, AFBorchert (talk) 22:42, 8 February 2015 (UTC)
@AFBorchert: No, I don't think so. The access to nonpublic data policy does not apply to the text of the OTRS wiki (as opposed to any private data included there) as it is not covered by the privacy policy. odder (talk) 23:31, 8 February 2015 (UTC)
Odder is completely correct, the policy is being read improperly. Point 1 restricts access to "nonpublic data" to persons whose identity is known, but is clear that "nonpublic data" is referring to what is covered by the Privacy policy, and that is personally identifying information. Merely that some data is not generally released to the public is not enough to create coverage by the policy. If a policy is going to be considered to be "binding," it had better be explicit and clear. This isn't even close.
In fact, it looks to me like OTRS discussions, aside from certain personally-identifying information, are excluded from the Privacy policy. See wmf:Privacy_policy#What This Privacy Policy Does & Doesn't Cover
Other users. We provide several tools that allow users to communicate with each other. The communications may be covered by this Policy while they pass through our systems, but the users who receive these communications, and what they do with the communications once they receive them, are not covered by this Policy. Examples include:
  • posting to Foundation-hosted email lists;
  • requesting support from volunteers through our online ticketing system (email sent to info[at]wikimedia.org goes to this system);
  • emailing other users through the Wikimedia Sites (for example, by using the "Email this user" feature); and
  • chatting on IRC (such as on the #wikipedia channel).
The WMF Privacy policy does not cover disclosure of discussions between volunteers on mailing lists, IRC, or OTRS. --Abd (talk) 02:59, 9 February 2015 (UTC)
There exist a special policy for the otrs-wiki which declares everything there to be strictly confidential. I expect Odder to be familiar with that as he was an OTRS member. And I certainly would expect from any functionary (CUs, oversighter, OTRS member) to respect these special privacy policies regardless if there is direct access or if it comes through someone else. --AFBorchert (talk) 06:00, 9 February 2015 (UTC)
I assume that Odder would have an obligation with respect to any information he received while a member, if he received information under his consent to that policy, but that such an obligation would not extend beyond that, to information received outside of his membership. Nothing so far has been alleged that would be a violation of WMF policy. By far the most likely occurrence here is that an OTRS member decided that it was important to disclose the behavior of an OTRS member to Odder or others, as it related to Commons, and from what we have seen, I would agree. I also assume that Odder, as a 'crat and oversighter, and 'crats and oversighters often receive information confidentially, would not reveal the source of any information provided to him with an expectation of privacy, and therefore cannot reveal more. The badgering here is inappropriate and uncivil.
It seems that some are surprised that information like what Odder noted might leak from a body of about 400 volunteers. The privacy of OTRS discussions is not guaranteed by the WMF, explicitly, as to communication between members, and this applies to email lists and IRC. --Abd (talk) 01:33, 14 February 2015 (UTC)
  • Please clarify: Have you onwardly distributed any information obtained from the OTRS wiki (or any other source) where there is a constraint in place on at least some people who have recognised access to that source, such that they would not (by policies applicable to them) distribute that information any further?
From your comments above, I understand that 1) you have gained access to such information 2) you have distributed that information and 3) you regard such as acceptable because (as someone who shouldn't even have had access to that information in the first place) you don't feel bound to respect the confidentiality and non-distribution restrictions that are imposed upon those who do rightly have access to it. Is this a correct summary?
You might obviously realise that your behaviour in such a way would raise concerns! Andy Dingley (talk) 00:35, 9 February 2015 (UTC)
"Objection, your honor! The prosecuting attorney is badgering the witness!"
  1. Odder wrote: "...the recent discussions on the OTRS wiki, which luckily have been leaked, make it plainly clear that at least some OTRS agents have a different view on the matter." This was linked above and misrepresented as "you have access." It implies the opposite, that discussions have been leaked. And he shows that what has been leaked is worrying, as it would be to anyone who imagines that the communities run the wikis.
  2. Odder revealed some snippets of what had been leaked.
  3. Odder has not stated his position. People encounter situations where there are conflicts of obligations. Whistle-blowers in general run into this. They may reveal confidential information in pursuit of public welfare. Most people recognize that one may need to break a minor obligation in order to fulfill a major one. The choice of leaking information was not Odder's, and he is not responsible for it. I watched the Wikipedia ArbComm use and enshrine, as copies, hacked emails from the Eastern European Mailing List, clearly provided to them in violation of an expectation of privacy on a private mailing list. The situation is quite analogous. It is obvious, then, that much of the community thinks it's fine to use data obtained in violation of naive privacy rights. Unless it is their ox being gored. (Oh, did they scream when, later, it was the ArbComm mailing list that was hacked and spread all over Wikipedia Review.)
Odder had no obligation to keep that information private. If posting it here was harmful, that's another issue, as would be any harmful action. Odder has absolutely no obligation to reveal how he obtained the information. He may, indeed, have confidentiality agreements that he made. People in his position ('crat and oversighter) are often fed information by people who request anonymity. It is highly offensive to hector Odder, to attempt to bully him into disclosure. By the way, the response here validates what he passed on. Brilliant. Was that authorized by the OTRS community, or are the users who came here vigilantes? If an inquiry was going to be made like this, wouldn't it be private? I guess it's hard to find good help. --Abd (talk) 02:59, 9 February 2015 (UTC)
I have never claimed he has an "obligation to reveal how he obtained the information" under any policy. I have asked him to reveal how he obtained the information, because, while you may think it's a joke, there is confidential data on OTRS Wiki, including the real names of agents and details about BLP issues that are anything but public. If you're on the position is that it's not "relevant" whether random third parties have access to that and spread the information as they like, and that nobody should worry about that because, hey, who cares, they are not bound by any policy (why bother? Good people have nothing to hide!), then I shall only point out that such a careless attitude towards privacy and confidentiality rules is not shared by me. Also, it's revealing how you put what happened under your no. 2: He has "revealed some snippets of what had been leaked" -- oh, how comforting. So, do you have details of just what exactly "had been leaked"? A full copy of OTRS Wiki? An account password? It's a bit as if someone publishes excerpts from a company's customer database, and you tell customers "Don't worry. Well, someone apparently does or did have access to your data, dunno, but surely your data is safe! What, you want us to investigate that? Oh, nah, we don't really want to do that, gotta protect the whistleblower, so let's better not ask questions. You know, everyone knows it's sometimes necessary to 'break a minor obligation in order to fulfill a major one' and overstep your 'naive privacy rights.' Don't worry! Hope you understand!" Finally, no, my questions to odder were not "authorized by the OTRS community" -- these are my questions, and I don't need anyone's approval for asking them. I did expressly say, however, that Odder may turn to the OTRS admin team in private and provide his answers to them as opposed to doing so on a public page. — Pajz (talk) 07:35, 9 February 2015 (UTC)
Not a joke. There is confidential data covered by privacy policy on OTRS. There is no information that it has been revealed to Odder. No, I have no details, only this discussion here, evidence provided here, plus review of policy. It is not as if hacked customer information was revealed. You are using inflammatory examples. What Odder revealed was something that I think we all should know. And it is very possible that a majority of the OTRS team does not want us to know that. But the OTRS team is volunteer. Any member of the team could reveal confidential information. If harm were caused, the harmed person could have a cause of action against the leaker.
The issue here is not "customer information" at all. OTRS is given privileges, by the community, because we have trusted it. We see, from what Odder revealed, that OTRS may be acting contrary to the interests of the community. That's a guess, not a fact, but seeing the attempt to attack the revelation of fact, the guess is strengthened. Thanks for saying you were not acting on behalf of OTRS. "Revealed snippets" was just fact, not an argument deprecating revelation.
The basic issue here is trust, and a protection against secret fora being used contrary to the interests of the community is that it might be revealed. An expectation that comments on OTRS will not become known to the community is an unrealistic expectation. These are volunteers, many of them loyal to the community.
Pajz, You are not demonstrating sound judgment. Notice: I have read the evidence provided here. I only knew that these leaks existed because of this discussion. I know, on other wikis, when I see a privacy problem, never to raise it on-wiki. It's not uncommon that I request revision-deletion by email, it's handled quickly. Basically, if making OTRS activity public violates policy, the inquiry here violates policy, more seriously. --Abd (talk) 17:30, 9 February 2015 (UTC)
Dear Abd, I'll be brief since the premise itself is wrong; you are incorrect insofar as you assert that there is "no information that it [confidential data covered by privacy policy] has been revealed to Odder." The reason is that you are, apparently, referring solely to the wmf:Privacy Policy. That makes no sense (of course) because at least emails stored in OTRS itself, as you emphasize correctly, aren't even directly covered by that policy. However, OTRS Wiki (by virtue of being a non-public Wiki) has its own policies governing the transmission of content to third parties; the very first sentence of the confidentiality notice/general disclaimer reads, in bold, "PLEASE READ THIS AGREEMENT CAREFULLY, BY YOUR USE OF THIS WEB SITE OF THE WIKIMEDIA FOUNDATION, INC. YOU AGREE TO KEEP ALL PERTINENT INFORMATION OBTAINED HEREIN STRICTLY CONFIDENTIAL" (uppercase in original). It is undeniable, as a matter of principle, that somebody at some point has violated said policy, be it Odder (by gaining access to the Wiki) or someone else providing information to Odder. Now, as to your other suggestions, I shall point out that, unfortunately, you fail to see the problem at hand. The problem is not necessarily Odder quoting these two passages, but the fact that he has access to the content in first place. I refer you to my above analogy. If some hacker (X) releases parts of a company's confidential customer database, and let's even assume for the sake of the argument that the released parts are not particularly problematic, the company's customers would nonetheless -- and justifiably so -- all be freaking worried because the very fact that X could release parts of the database (no matter if they are in itself problematic or not) reveals that X can either access the database or that someone in the company is transmitting confidential data to X. Applying your logic, of course, it's all easy -- business as usual, nothing to worry about. Here's where we differ. Coming back to our issue here, I think we have a responsibility to third parties who messaged OTRS and whose confidential requests have in the past been discussed on Wiki and we cannot ignore the possibility that other people may have access to that. You don't want to dig deeper here, and that's ok. It's just important someone does. — Pajz (talk) 13:58, 10 February 2015 (UTC)
  • Abd, your world of "judges" and the rest of us as mere "flies" is a strange one, that I do not recognise from Commons.
If Odder wished to BEADWINDOW that OTRS was leaking, then he could do that without repeating such information in a public forum. I do not believe it demonstrates good judgement to do so. Odder is required to show good judgement, if he is to retain the extra powers granted to him here. As this is now the third time (just to my recent knowledge) that he has demonstrated what appears to be very bad judgement, I have to question whether he should retain those powers. Andy Dingley (talk) 10:54, 9 February 2015 (UTC)
The comments above ("flies" taken out of context to create incivility) and the entire attitude shown, of tendentious hostility, are reasons why I made a choice years ago to abandon Wikipedia activity. It involves dealing with this, over and over. Odder is a volunteer here. His actions have been reasonable, within his discretion. The situation he wrote about is utterly outrageous, an email that should never have been sent,[4] it should have taken less than a day for OTRS to get it together to disavow the mail, because, on the face of it, this email could expose the WMF to liability, in addition to damaging the relationship between the WMF and the community. I very much doubt that WMF legal was consulted. The matter is of high interest to some major Commons volunteers. --Abd (talk) 18:08, 9 February 2015 (UTC)
Reading further in the Village Pump, Ktr101 did retract the email and apologized.[5]. He said "these things are in the past." Not for some, apparently. --Abd (talk) 18:23, 9 February 2015 (UTC)

Dear Odder, four days have passed, unfortunately without any response to the questions asked. Let me briefly sum this up: You, a bureaucrat and oversighter, obtained, in some way, access to contents of a closed, non-public Wikimedia Wiki, hosting all sorts of confidential information about fellow Wikimedia users and uninvolved third parties; it was, after all, created for the very purpose of enabling OTRS agents to have confidential discussions, such as about how to deal with an individual's request to remove the names of their children from a Wikipedia article following threats against their family. Anyway -- you, and perhaps others as well, have found a way to access content on OTRS Wiki. You're not telling us whether someone is sharing their account with you, you hacked into someone's account, someone provides you and/or others with confidential information from the Wiki etc. You're also not telling us whether you yourself transmit confidential information from OTRS Wiki to third parties. In fact, the only thing you can come up with is that you're not violating a policy because you do not have a legitimate account on OTRS Wiki(?!). This is somewhat reminicient of one of the GCHQ's favorite defenses of mass surveillance which boils down to "it's ok because unfortunately, we can't tell you how we got the information in first place, but now that we have it, we're not bound by other countries' privacy and data protection laws, ha ha ha." You or someone else is putting the security of many people at risk, you know very well that you do that, and yet remain unwilling to support any investigation. I find that somewhat surprising as well, given that, normally, you're very demanding yourself when it comes to investigating potential leaks ([6], [7]). — Pajz (talk) 17:12, 12 February 2015 (UTC)

Dear @Pajz, thank you for your message. Contrary to your statement above, I have provided a concise but, hopefully, a satisfying answer to your questions. As I wrote in my response, I totally reject any accusations of me having violated any policies that are applicable to me. As an oversighter, I have very carefully studied both the privacy policy and the access to nonpublic information policy multiple times over the past three years, and it is my sincere belief that my having quoted @Ktr101's message on the OTRS wiki does not violate any of them (as they did not include any nonpublic information as defined by the privacy policy, as mentioned by Abd above). As for your likening of my actions to those of the GCHQ and your mention of the "think of the children" argument, these are good rhetorical tricks, but unfortunately, they will not work, so I'll just save both us time by not responding to them. odder (talk) 18:06, 12 February 2015 (UTC)
If only, dear Odder, this were a rhetorical trick -- everyone with experience in BLP issues discussed in OTRS knows it isn't. And, unfortunately, you haven't answered the questions -- you have answered another question, one I haven't even asked. The questions were how you got hold of the information in first place and whether you provided other individuals with confidential information that has, at some point, been obtained in breach of privacy and confidentiality rules of OTRS Wiki. — Pajz (talk) 18:17, 12 February 2015 (UTC)
@Pajz: Let me get this straight, then. What is known is that a person or persons unknown have leaked a part (or parts) of a discussion on the OTRS Wiki, and that I quoted a part of that discussion on Commons (here). What you are asking me, however, is whether I have ever provided anyone else with confidential information obtained in breach of privacy and confidentiality rules of OTRS Wiki. Could you explain to me how these two issues are connected, because my understanding of this situation is that you are just trying to accuse me of doing things you cannot prove in the hope that some of the dirt thrown at me will stick (pardon the brutal honesty). odder (talk) 18:55, 12 February 2015 (UTC)
I feel I repeat myself, but first of all, you are again carefully dodging the first question -- how you got hold of the information in first place. What you just said is a perfect example of evading it as you are referring to what is "known," while of course my question aimed at an unknown, namely how far your access to OTRS Wiki contents extends (also, "leaked a part (or parts)"? "Or parts"? Which parts? How large are these parts? When? How often? On some internet forum? To you via email? etc.). // Second, to answer your question, these two issues -- you quoting from confidential contents and me asking you if you have provided confidential contents to third parties -- can be readily connected through the fact that we have reason to believe that other users, including a globally banned user, have access to OTRS Wiki contents as well. Even aside from that, it is an obvious question really since you have already provided the public with contents from OTRS Wiki, so how can you be surprised at someone asking you if you have provided additional content to third parties? So, for both reasons, it's just a logical next step that I'm asking you if you have provided another non-privileged user with access and/or content from OTRS Wiki. I haven't claimed you do, I have asked if you do. I think, but that's just my personal opinion, you are spending way too much time finding reasons why you don't have to provide answers to said questions instead of just answering them. — Pajz (talk) 20:28, 12 February 2015 (UTC)
@Pajz: So basically, we have two facts in this situation. #1: A person or persons unknown have leaked a part or parts of a certain discussion from OTRS Wiki. #2: I have quoted a part of that discussion. Your conclusion is, evidently, that I might have somehow been involved in that leak, as otherwise you would not have asked me whether I have ever shared any confidential information available at OTRS wiki — and I note that our understanding of the word confidential might differ. That conclusion is, of course, not supported by any facts at all; it's just your assumptions, and I have no intent to admit to anything or to correct your assumptions in any way. Obviously, you don't have to actually claim anything; merely asking a question is enough of a move to vilify me and my actions (rather than focus on the real issue here, which is the OTRS community deciding matters directly influencing Commons without our knowledge). As for your last sentence: I think I am quite capable of deciding whether I spend too much time of anything, thank you very much. Have a good evening, odder (talk) 20:59, 12 February 2015 (UTC)
I do believe that, with all due respect, there seems to some misunderstanding on your part of the concept of a question. What you're trying to "prove" in your last message is essentially that my question refers to information that is unknown and that I can merely speculate on. I'm not quite sure why you do that, since I readily admit to it; the very reason I'm asking you is that I don't know. It's like I'm asking you "Is it raining outside?," and you respond "There's no reason to conclude it's raining outside, so I see no reason to tell you if it is." The point is, and I have explicitely told you above, that I do not want to draw premature conclusions. The only assertion I made is that you have been involved in publishing information that you have either been provided in breach of privacy and confidentiality policies or that you have obtained in breach of said policies. That is a fact. What I am asking you is to cooperate on identifying how privileged content makes its way into your hands. This may or may not help us, in addition, understand how privileged content makes its way into the hands of a globally banned user. What you're doing right now is, unfortunately, to react in the most uncooperative way imaginable, repeatedly dodging the two extremely simple questions that I posed to you. Given you do have oversight rights, and have, by way of that, access to confidential information as well, I would have assumed--apparently in error--that you show some particular understanding of safeguarding confidential data. — Pajz (talk) 01:24, 15 February 2015 (UTC)
@Pajz: With all due respect, I believe there is some misunderstanding on your part of the concept of fact. The only fact here is that I have quoted parts of a discussion from OTRS wiki here on Commons. I claim that a person or persons unknown have leaked a part or parts of that discussion — but this is not a fact, just a claim which you do not have to believe. You, on the other hand, claim that I have been involved in publishing information that I have either been provided in breach of privacy and confidentiality policies or that I have obtained in breach of said policies — but this is not a fact, either, especially because you do not have any information regarding the method in which I obtained that information. As for your last sentence, this is exactly what I meant when saying that you don't have to claim anything, just pretend to be asking questions: by mentioning my oversight rights in this context, you imply that I might not perform my oversight duties with necessary care. Such insinuations are deplorable, and I would be more than happy to have all of my oversight actions (all ~800 of them), mailing list correspondence, etc. investigated by my peers, Wikimedia stewards, the Ombudsman Commission or the Wikimedia Foundation to show that I take my responsibilities with grave seriousness and extreme care. odder (talk) 20:38, 15 February 2015 (UTC)
I am not authorized to answer for Odder, but I believe I understand the situation and will say what I'd say if I were him. There is no misunderstanding on Odder's part, though I think that politeness may have led him to answer less directly than he might have.
  • Material posted on OTRSwiki, or in a private OTRS IRC channel or email list, was revealed to a non-member.
  • Odder received this material, however, he received it, and referred to it in several posts here.
  • None of the material revealed was "private data" as defined by WMF privacy policy.
  • However, that a non-member had access to OTRS *conversations* is a security concern. Odder understands that, I'm sure.
  • You, as an OTRS member, acting on your own and without authorization from the OTRS community, nor from the WMF, are investigating the security concern. You want to know how the leak occurred. In so doing, you have confirmed that the material included "verbatim quotations," thus taking a rumor into confirmed fact. A professional investigator would never do this, but you are, like almost all of us, a volunteer.
  • That there was a leak was stated at the beginning of this, by Odder.
  • The normal meaning for "leak" is that someone with access reveals the information. This, then, is, by far, the most likely possibility here, though there are others. Odder, for example, in theory, might have hacked the OTRSwiki, which would be a violation not only of WMF policy, but of law as well. It would even be such a violation if a member gave him their password and he accessed it directly. I'm confident that Odder understands this, and would understand the risks if he did that. It is totally useless to even ask him about it. If he didn't do it, he will decline to answer (as he has) or would deny it, and if he did do it, he would decline to answer or deny it. You learn nothing.
  • So, taking the central road, an OTRS member revealed information which, by OTRS policy, is to be private among OTRS members. My guess is that, given 400 members, this happens all the time. I know clear examples from WMF history where checkusers have revealed information on the checkuser wiki that was supposed to be private -- or not even revealed there -- with consequences, taken out into the community. It happens that functionaries, and especially volunteers, violate policy. They gossip. Mostly, though, the community never finds out about it.
  • I conclude that Odder understands why you would ask, but has, himself, an obligation to keep information private. He is declining to answer your question. He considers it likely that you would use such information to attack or expose the leaker, thus he could be harming one who trusted him.
  • In so doing, he is making a judgment or assessment, that revealing what he knows would be more harmful than continuing to keep it private. He is doing what WMF staff are doing, refusing to answer questions because of possible harm from answering.
There are a number of organizations in symbiosis here, that normally serve each other. The WMF, Commons, all the wikis, OTRSwiki, etc. However, each organization is also distinct, and conflicts of interest may arise. In such, for continued system health, it is essential that each organization have its own process, its own "defenders," and that they seek communication, collaboration, and cooperation both within their own organization and with the other players. In such systems, disagreements will predictably arise over the respective roles and rights. It is essential to system health that independence be respected, just as it is essential to system health that the 3 Cs be sought.
The stated purpose of the WMF is to empower the community. Notice: "empower," not "control," or "direct," or "manage." The WMF has responsibilities as legal owner of the wikis. Technically, the responsibilities are to the state of incorporation (and secured by WMF assets). The WMF avoids most liability by the claim that it is the community that manages content, not the WMF. For example, if an OTRS user reveals private data, violating privacy policy, the WMF is not legally responsible unless it protects that user, refusing to turn over private data as to the user's identity, or has otherwise encouraged that revelation. For that reason, probably, the WMF discards the identifying data it receives as part of validating compliance with access rules, so that, if subpoenaed, they can truthfully say that they don't have the information. That, my opinion, is legally shaky, but I'm not a lawyer. To my knowledge, this has never been tested at law. I assume they would turn over checkuser information if subpoenaed timely (or would not discard it while contesting a subpoena). That, by the way, is probably why checkuser information is routinely dumped after a delay.
Pajz, do not expect Odder to answer your questions, and your continuing to ask is disruptive. It was a bad idea to ask in public in the first place, because, in so doing, you confirmed the information, thus, effectively, abusing your own access. Having abused your own access, you probably should resign, but that is up to you and the OTRS community, and you don't have to answer me. --Abd (talk) 13:57, 15 February 2015 (UTC)
Your defence of Odder is misguided, Abd. You seem to be focusing on technicalities; this is not an adversarial legal process in which one side attempts to convict Odder and the other tries to show that he didn't quite violate the letter of the law. The simple fact is that a banned editor—an editor notorious for their harassment of other editors (which is probably why he was banned)—came into possession of information from a private wiki, which as a matter of practice and policy should have remained private. That the information leaked was not of great sensitivity misses the point. There is a great deal of information on the wiki which is sensitive, so Pajz (as an OTRS admin, representing the OTRS community) is informally trying to find out whether banned users also have access to the sensitive information and how they came to know of the contents of a private wiki in the first place, so that future leaks (which might not be so judicious) can be prevented for the protection of all the clients whose information is discussed on that wiki and all the agents whose personal information is on there. Thus, Pajz is trying to find out how Odder came to be privy to this information and whether he was responsible for the leak or the information was simply leaked through him, or it came to his attention in another way altogether. Moreover, Odder is an oversighter, and thus (of oversighters deal with the same sort of thing on Commons as they do on enwiki) privy to all sorts of extremely sensitive material that should never have been posted on the wiki in the first place, so it's understandable that the community would be concerned that he has come into contact with information which he knows to be confidential and not only hasn't kept it confidential, but has refused to explain how he came into contact with it. The justification for this (and please correct me if I'm wrong) seems to be that a group of people seem to think that OTRS was plotting against the community by trying to determine a process for dealing with emails from banned editors (which is as absurd a conspiracy theory as the oversight team plotting against the community), a scenario we had never had before. That begs the question of what Odder et al would do if they thought some other part of the community which relies on confidentiality in order to fulfil their role was plotting against the Commons community. These are not academic questions and, unlike most things on Wikimedia projects, there actually are real-life issues at stake, so I for one find Odder's evasiveness extremely concerning and would very much appreciate it if he could give a straight answer to Pajz's questions, even if he does so to OTRS admins privately rather than to the community publicly. HJ Mitchell | Penny for your thoughts? 16:21, 15 February 2015 (UTC)
@HJ Mitchell: I have no knowledge regarding any ways in which banned editors might have come into possession of any information from any private wiki — none at all. This is actually the first time I have ever heard of it; I was not made aware at any point that this is the true issue here, and if my understanding of your message is correct, then I am eager to report that I cannot help you in any way for the simple fact that I have no information on the issue in question. I very much hope that this will put an end to the incessant badgering that I have been subject to over the past few days. Thanks, odder (talk) 19:56, 15 February 2015 (UTC)
(ec with above) Thanks, HJ, for attempting to help me understand, but you seem to want to have it both ways: on the one hand, this is not a trial of Odder, this is only an attempt to gain information about a leak and to be assured that there is no privacy policy violation, and, on the other hand, "the community would be concerned," i.e., Odder is on trial, a concern is being made public about him, with insistent and tendentious argument (and a filing on an admin noticeboard referring to this discussion).
You also impute motives that you invented, about "plotting." Of course, we do not know what information Odder has been given privately. My comments here have been about this public and insistent inquiry, which itself involved revealing (confirming) allegedly confidential information.
Odder received information about OTRS discussions, and revealed this fact. He revealed content that was not covered by privacy policy. He has not stated, AFAIK, that he did not receive covered information. However, even if he had, he is a known and trusted user, routinely allowed access to such private information, as an oversighter. If a leaker decided to reveal that to him, the leaker could reasonably expect him to follow policy. Odder used his discretion as to what he revealed, and he did not violate policy. But some think he did something reprehensible.
If the purpose were simply protection of OTRS wiki, and users of that wiki, the inquiry would sanely have been made privately. Rather, it was made publicly. Why?
I would think that this was done in an effort to force Odder to disclose, by exposing him to criticism over his "refusal to answer." In other words, this is not exactly a trial, but the threat of a trial (probably rights removal process) if he does not comply with demands that he violate his own possible agreement of confidentiality, with a leaker.
Of course, perhaps this request was merely unskillful. In that case, I'd have expected Pajz to quickly apologize and drop the topic here, and pursue the matter, if it were to be pursued, privately. Instead, we have a few users showing up to continue to insist.
This is what OTRS users need to know: what they write on the OTRS wiki cannot be fully protected. It is not covered by WMF privacy policy (except as it reveals certain kinds of private information). With 400 volunteer users, leaks can be expected. Going after those who repeat linked information is not going to work. If there were privacy policy violation in that information, pointing to it, as was done here, would not be a way to handle it. Any oversighter would know that, and most administrators know that.
The WMF has elected to entrust certain legally necessary functions to volunteers. That is OTRS. A consequence of this is that there are roughly 400 persons with access to privacy information who have nothing to lose except continued access. It is, then, predictable that OTRS wiki will not be secure against leaks, and attempts to make it fully secure can damage community trust in OTRS. OTRS volunteers, some of them, maybe even most of them, may feel more responsibility toward the community than to OTRS as such, since they come from the community. Others may feel more responsibility to the WMF, thinking of the WMF as the "boss," or what we serve. The community is not united on this sense of structural priority. "The community" is also not well-defined. There can be large gap between the stand of those who congregate around central process, and the full community. To see the difference, take a look at m:Requests for comment/Remove Founder flag. First look at [8]. This was an RfC to remove Founder rights from Jimbo Wales, based on actions he had taken on en.wikiversity, bypassing local community process. Wikiversity is small and the RfC may not have been widely noticed. On May 5, it was running 23:36:4, i.e., against removal. It is possible that Jimbo thought, "whew! dodged that bullet." He might have noticed that some long-term users were supporting removal, or not. But on May 7, Commons erupted over Jimbo again bypassing local process to delete many files, and removal votes poured in. The ultimate vote when it was finally closed was 405:125:9. Jimbo requested the intrusive tools be removed from the Founder toolset, i.e., the tools that allowed him to delete and block and assign/remove rights. Oversight was left because it was not technically possible to leave him with read-only oversight, but, as I recall, he committed to not using it to delete pages.
The RfC at first reflected those who pay close attention to meta RfCs and the like. Then it reflected the more general WMF community and Commons in particular.
I am not claiming here that Odder represents the "silent majority," but he does still seem to have majority support, and is being attacked by a vocal minority. It is a small discussion, but this is recent, a filing over what is being pursued here. There is the filer, highly involved, and one immediate agreement. Then four rejections of the position, and opinion that the filing is disruptive. I highly recommend that those pursuing Odder here drop the cudgel. The community is not supporting this. --Abd (talk) 20:15, 15 February 2015 (UTC)
Abd, I have no interest in witch-hunts or trials or cudgels. I find the politics all rather distasteful and would rather get on with something useful. I'm certainly not qualified to try Odder, who has put far more energy into Commons than I have of late. I would just like to get to the bottom of how the contents of a private wiki came to the knowledge of somebody not officially privy to them. I agree that it's unwise to do these things in public as a rule, but in public we are; there's little I can do about that now. Also, OTRS is part of the community, just like checkusers or oversighters are part of the community. OTRS supports Commons by (inter alia) verifying permissions tickets. We work in private because we don't people's personal information littered around a public wiki, not because it makes us feel important or because we want to work counter to the interests of the very community we represent and are a part of.

Odder, you state you have no knowledge of how the information came into the possession of a banned editor; I have no reason to disbelieve you. Would you mind explaining how you were able to quote from a discussion being held on a private wiki? Did somebody with access provide that information to you? Was it posted publicly elsewhere? Did you somehow gain access to the OTRS wiki? Most importantly, do you have information from that wiki beyond that discussion, and (to the best of your knowledge) does anybody else? I imagine the most likely scenario is that it was provided to you, but if there's a security flaw in the private wiki or its contents are public elsewhere on the Internet, the powers that be (the OTRS admins and the WMF) need to know so they can remedy it and we might need to advise clients that they should no longer have an expectation of privacy when writing to us. HJ Mitchell | Penny for your thoughts? 22:19, 15 February 2015 (UTC)

@HJ Mitchell: I have no information regarding any security flaws in the MediaWiki software that would allow unprivileged users to access the OTRS wiki or the OTRS interface; similarly, I have no information regarding contents of either being publicly available on the Internet. Moreover, I have no information regarding the scope of anyone's possession of content from the OTRS wiki except my own, and I think that broad assumptions out of the blue will be of little help to anyone. As for your other questions, I fear that my answering them could endanger the person or persons involved in my obtaining of that content, and therefore would prefer to keep that to myself. Thank you, odder (talk) 20:06, 16 February 2015 (UTC)
HJ, I highly recommend that if you have questions for Odder, you ask him in confidence, by email. If he chooses to answer, he may be more free with you, he will decide. This is public, sure, but you are continuing to ask here. You seem to propose that because this has been asked here, that you must also ask here. I do not understand that.
The way you ask here is not designed to encourage response, if your concern is purely the future protection of OTRS data, particularly the sensitive data. Instead of focusing on that, you are asking for Odder to disclose his source, or so it could appear. You are asking Odder to violate confidence, probably. My suggestion: if you are concerned about ongoing damage, formulate questions for Odder that are specific, and that he could easily answer without violating any confidence. And don't ask them here, ask them by email. Go first for what is most important to you.
There are two specific areas of concern: one is the private information that is protected by privacy policy, which is available on OTRSwiki. The most extreme case would be private information, covered by privacy policy, possibly harmful to users who entrusted OTRS with it, that would be out there on the web somewhere. If that is your major concern, ask specifically about that, and you need not ask him how he got the information, you would ask him if there is that dangerous condition, trusting that he will not mislead you. Above, Odder makes a statement about a banned user, and that's because you thought that Odder might know if or how the banned user got private information. Odder said he didn't know. But the banned user question was not what was asked first, here, nor is it what you continue to ask. The "banned user" claim, given that there is no evidence of a banned user obtaining the truly sensitive information, is, I'd suggest, raised because it sounds really bad.
The other area of concern is user conversations or discussions, which might be on that wiki or on a mailing list or IRC channel. Suppose OTRS users are talking about Russavia, to be specific. Suppose someone thinks Russavia should know what claims are being made about him. It simply will not be surprising if someone with access tells Russavia. This is a natural consequence of an abrupt ban, without explanation, of a popular user. To be blunt, one may not be able to talk shit about him and have it remain private. If there is a mailing list archive, Russavia could, legally, subpoena it. It is not legally protected data. The ArbComm mailing list was hacked, and, for a time, the leaker put up posts on topics as requested by Wikipedia Review users. Last I looked, that is all still there. It's legal. The WMF will not protect that data. It *will* protect the privacy policy protected data, I'd expect. It would take powerful and effective legal action.
I am not expressing a political position here. This is not a support for Russavia, nor an encouragement for anyone to reveal OTRS data of either kind. It is real social politics, what can be predicted to happen. Whistleblowers often get fired, if they are caught. It's dangerous. On the other hand, this is a wiki, where the worst sanction, the banhammer, causes no pain at all, it is merely disconcerting to someone habituated to heavy editing. One of the just-globally-banned users, freed a bit from his Wikipedia obsession, is now in the Philippines having the time of his life with a beautiful young woman. An actual human being! Such exist, you know! The poor fellow! Just think, he could be writing about stuff he knows about on Wikipedia, providing reliable source for it, etc.! When I was banned on Wikipedia, it's not like the universe disappeared, it was the opposite. Life appeared. Real life, with real people. I have my first scientific paper coming out this month, in a peer-reviewed journal, I'm told by working scientists -- the best on the planet -- it's an important paper, and that study and work and connection with a real scientific community, all developed after I was banned on the same topic on Wikipedia.
w:WP:IAR is still policy on Wikipedia. There is a larger IAR, it's about life and people. Many Wikipedians and other WMF users still don't understand it, so they are shocked when a user chooses responsibility to people and community over "rules." --Abd (talk) 02:17, 16 February 2015 (UTC)
With respect, Abd, your responses are very lengthy but shed absolutely no light on the matter at hand. I'm not here for a debate about privacy or OTRS or Russavia (whom I wish would disappear, never to be heard from on WMF projects again, but apparently he gets his jollies from juvenile trolling). I asked a very very simple questions: Would you [Odder] mind explaining how you were able to quote from a discussion being held on a private wiki? Did somebody with access provide that information to you? Was it posted publicly elsewhere? Did you somehow gain access to the OTRS wiki? Most importantly, do you have information from that wiki beyond that discussion, and (to the best of your knowledge) does anybody else? A simple yes or no to each of the sub-questions would suffice. The rest is an ethical issue, and I won't say it fills me with confidence in Odder's judgement, but it is ultimately precisely that—his judgement. Odder is welcome to email me (Special:EmailUser/HJ Mitchell or hjmitchell at ymail dot com) or to email the OTRS admins instead. I can't force him to answer the questions—he would be within his rights to tell me to fuck off; I have no comeback that means anything in the real world—but your lengthy tangents are not helping the signal-to-noise ratio. HJ Mitchell | Penny for your thoughts? 15:53, 16 February 2015 (UTC)
  • I'm not seeing the slightest sign of respect, HJ, but the opposite.
  • Repeatedly asking the same question here, and buried in a long discussion, is definitely increasing noise with no benefit. I suggested you ask by email, you are apparently refusing.
  • If you are not here about Russavia, why, then, did you explicitly insult him? Classic way to encourage trolling: insult the alleged troll.
  • One man's noise is another man's signal. In the end, it's all signal, but some of us have stuffed our ears with cotton. Nobody is obligated to read what I write, except maybe Odder, whose consent to what I write here is intrinsic. Not that he'd need it, he has my permission to remove anything here; still, I'm responsible for this, not him.
  • I could answer several of your questions, but I won't. Unless someone rattles my cage some more, as has been done several times here, i.e., speak of the devil, or new issues are raised, I hope I'm done with this issue. --Abd (talk) 18:12, 16 February 2015 (UTC)
I think that, Abd, while I generally appreciate your attempts at clarifying Odder's position, and while I do take note that your Commons activity of the last month could lead an unitiated person to believe you strive for a job as his personal secretary, that this is a matter which is sufficiently serious it needs to be discussed with Odder in person. Your long post above is self-contradictory, as you may have noticed yourself, and I have repeatedly pointed out, even to you directly, that this is not necessarily about the information which has been released, but the fact that he has access to it in first place. However, this is not something I feel the need to elaborate on further; the purpose of my posts here is to get answers from a person in possession of an unknown amounts of privileged information who currently refuses to even provide information regarding the extent of his access to OTRS Wiki (or OTRS) material, not to win a rhetorical battle with you, in which I take no interest. — Pajz (talk) 15:43, 15 February 2015 (UTC)
No, I have not noticed self-contradictory content. You are repeating yourself. What you wanted to do here, it would have been essential, would be done privately, not publically. Hence my own conclusion: you are grandstanding, badgering, tendentiously insisting, demonstrating major lack of skill at investigation (likely alienating the person from whom you want information), and showing lack of understanding of policy. It is possible that you could, approaching this properly, have gained some information that would reassure you and the OTRS community, but by handling this publicly, you made that unlikely.
As to that the naive impression of an "unitiated [sic] person", I am following Meatball:DefendEachOther, as I have for years. The lack of such defense is a major factor in long-term loss of editors at all levels of responsibility. --Abd (talk) 16:15, 15 February 2015 (UTC)

Full unprotection of User talk:Russavia[edit]

[9] may be a bridge too far. Deletion nominations for Russavia files by IP should probably not be allowed, because of the volatile situation. Russavia, if he wants to nominate, has the ability (through other wikis) to request assistance of a local editor by IP, though that may be considered block/ban evasion. He has the ability to contact editors for assistance by email as well, because he has email addresses he can use. (And in spite of some extreme opinions, this would violate no policy.) I recommend restoring semiprotection. Thanks. --Abd (talk) 03:22, 10 February 2015 (UTC)

I disagree. Even if IPs cannot give notification for DR, DR process won't be stopped (and no reason to disallow IP filing a DR) and it will just prevent DRs from people's attention. — Revi 14:48, 10 February 2015 (UTC)
Otherwise we need to protect all uploads by him to prevent the IPs to make any DRs. :) Jee 15:04, 10 February 2015 (UTC)

AN/U discussion that you have been involved in[edit]

Hey Odder, you've probably seen it already, but I just wanted to let you know of a discussion on this page that you have been involved in. Best. Kevin Rutherford (talk) 17:55, 12 February 2015 (UTC)

@ Kevin Rutherford: I categorically deny being involved in that discussion; in fact, @Nick's passing mention of it on the #wikimedia-commons IRC channel is the first I've heard of it. But thanks for following the procedure, I will keep an eye on the discussion. Incidentally, now that we're in direct contact, are you planning to answer any of the questions that I posted on your talk page 9 days ago? Thanks, odder (talk) 18:10, 12 February 2015 (UTC)

RfCU[edit]

FYI: User talk:MichaelMaggs#RfCU. I guess it's hard for you to first inform people before reverting? Trijnsteltalk 18:41, 14 February 2015 (UTC)

@Trijnstel: No, I guess it's hard for you to discuss issues that you do not have all the information on. Your tone is not appreciated, so stay away. odder (talk) 18:43, 14 February 2015 (UTC)
Then tell me what information I miss. I see that MichaelMaggs closed it before the official closure date, that Mentifisto already granted the rights and and I see that you reverted MichaelMaggs before informing him. I guess that's pretty complete, but apparantly I'm wrong. BTW - and I agree. Trijnsteltalk 18:47, 14 February 2015 (UTC)
Make a guess. odder (talk) 18:48, 14 February 2015 (UTC)
I have no idea, otherwise I wouldn't ask. What do I miss? Trijnsteltalk 18:51, 14 February 2015 (UTC)
This has all been sorted out over IRC in the meantime, I'm sure @Trijnstel can confirm.  :-) odder (talk) 19:32, 14 February 2015 (UTC)
Yup, it was clearly a misunderstanding from both sides. Trijnsteltalk 19:44, 14 February 2015 (UTC)
  • This is quite simple. I've seen this kind of issue many times. The request, apparently standard, provides for a specific voting period, quoting the policy:
"For a request to succeed a minimum of 25 support votes and an 80% positive vote are required (subject to the normal bureaucrat discretion). Requests for checkuser run for two weeks."
The closure date given in the request is incorrect, my view. Instead of "no earlier than 14 February," it should be "no earlier than 15 February." A close early 15 Feb could still be less than two weeks elapsed. I would always add 14 days to the date of the request. It looks like the error was INeverCry's. Perhaps he drafted the request slightly earlier than when it was filed, hence he was figuring from January 31, not February 1. I don't know Commons standard procedure on this.
  • A snow closure (or "unlikely to be reversed") is inappropriate in that context. There are reasons for providing a minimum period. What if someone comes up, last minute, with a killer question? Notice: "subject to bureaucrat discretion." If a 'crat sees, for example, a turn that has a basis in a genuine community concern, the 'crat could delay closure. The two-week period is a minimum, not an absolute requirement, i.e., it can take longer, just not shorter. Closing a rights discussion like this is normally not an emergency. On the contrary, a premature close can create long-term disruption.
  • Odder, when you revert a close like that, I strongly suggest you convert the closing comment to a proposed close, do not simply revert it. You would also ping the closer in your comment introducing that proposed close, thus satisfying the "discussion" issue. You would have, here, added a note that you undid the close because it was premature, and that your reversal was not a stand on the issue of rights, only a matter of process. (So you could later close to clean up, though any crat could do that, including MichealMaggs, as long as they hadn't voted.)
  • Nevertheless, aside from the blanked comment, the reversion I see as procedurally correct, a premature close should be immediately reversed, if possible, it should not wait for discussion. (Anyone could do that, I've done it before, or certainly things like it.) The reason is that it does no harm, while premature close may cause harm. Obviously, it can then be discussed. What should be discussed first would be a close before the established and announced close date. Or a proposed delay, proposed by a 'crat, which should by default, delay close until agreement is found, if possible.
  • Because the rights have already been granted, and because the final and proper close is likely to confirm this, I'd assume that the user might be asked by a 'crat not to use the rights until the close is confirmed. So there is a pause for a day, and if no problem appears in the request, it is closed again with success. That is minimally disruptive and takes little effort. The deviation from policy, then, is slight. The user, presumably already approved for checkuser access, has the rights for a little longer, no problem.
  • I comment now because I'm concerned that a story is being woven, by some, that Odder takes rash actions without consultation. This is not an example of that. His action was proper, if not perfectly done. The idea that he should have consulted first is simply incorrect. --Abd (talk) 20:50, 14 February 2015 (UTC)
"Odder takes rash actions without consultation"
That much is beyond question, this now being merely the fourth recent one. A better question might be whether he takes any that aren't rash or first seeks consultation? Andy Dingley (talk) 23:19, 14 February 2015 (UTC)
This wasn't rash, so not the fourth. He saw an error, he corrected it. That is standard on wikis. However, the above shows what I'm talking about, a user consistently attacking Odder. I suggest another hobby. I'll warn him. --Abd (talk) 23:43, 14 February 2015 (UTC)
Warned.[10]. --Abd (talk) 00:53, 15 February 2015 (UTC)

Hi[edit]

Hello. You forgot to remove the top admin icon on some of the former admins user page. I helped remove them. 1989 00:35, 15 February 2015 (UTC)

Thanks, @1989. odder (talk) 04:17, 15 February 2015 (UTC)

DeAdm question[edit]

Hello!

Thanks for the deadminship notification. Could you please help me to see what was the reason, since I happened to sign the page requested and as far as I know I had the required number of admin tasks done? I see at least 10 moves in the log but I don't find the admin-action-counter right now. It's a pity since the bit usually comes really handy when I get help requests from local community or being asked to investigate who deleted what and why. Obviosuly these won't show up in the stats. :-/ TIA, --grin 18:40, 15 February 2015 (UTC)

Oh, I read that all admins were notified on talk and in email. But there wasn't any notification, please see my talk page. Could we start again? :-) Help appreciated. --grin 18:44, 15 February 2015 (UTC)

grin, your warning was posted on your talk page in accordance with the de-admin policy on 13 August last year. You can see it here. --MichaelMaggs (talk) 19:34, 15 February 2015 (UTC)
Hi @grin! According to our de-adminship policy, you were supposed to both add your signature to the last inactivity run page and perform at least 5 admin actions in the following six months (which you failed to do). In line with point 3 of the policy, your admin rights were therefore removed without any further notice at the start of the current inactivity run. Hope this helps, odder (talk) 19:39, 15 February 2015 (UTC)
  • There does appear to be an error here. The notice was placed on User talk:Grin 20:07, 13 August 2014. Grin responded immediately, with his signature, and then his actions, see the log. I count 18 logged actions that required admin tools. These involved five files, and these actions were completed by 22:04, 13 August 2014, i.e., within two hours of the notice.
  • I'm suspecting that someone used a search that missed those immediate actions, perhaps six months back from February 14? I do see only three edits requiring admin tools after that. --Abd (talk) 20:47, 15 February 2015 (UTC)
Thanks, Abd, that is what I have meant. --grin 08:56, 16 February 2015 (UTC)
@grin, @Abd: That's my fault. When I started the current admin inactivity run, I did a search with the admin activity tool for the past six months, ie. starting on 14 August 2014. As you can see, the tool only lists 2 actions for @grin (16 if you extend it to 13 August), and that's why I requested that his admin privileges be revoked on Meta. My apologies, I should have double-checked whether no admin actions were performed on 13 August (and now I think of it, we really do need some sort of manual to prevent similar mistakes from happening in the future). Now I'm unsure how to proceed further, because this is such a borderline case. Personally I would opt for restoring @grin's admin rights given that they want to remain active (and indeed performed the necessary number of admin actions) rather than stiffly stick to the rules requiring 5 admin actions in six months. @MichaelMaggs, @Dschwen, @User:99of9 and rest: comments welcome :-) odder (talk) 10:56, 16 February 2015 (UTC)
It was an easy mistake to make, but it seem to me that grin has indeed complied with the letter of the rules, in that the start of the 6 month period should have been 13 August rather than 14 August. So I would restore the bit. --MichaelMaggs (talk) 12:21, 16 February 2015 (UTC)
I agree with Michael. The stiff rules count the 6 months forwards from the notice, not backwards from some later date. Removal was simply an error. On a phone right now, so cannot implement, but I see sufficient consensus. --99of9 (talk) 13:01, 16 February 2015 (UTC)
Thanks, all. It is ironic that because Grin rushed to comply immediately, his compliance was missed. Odder, basic wiki rule: whatever you do, you may undo. At meta, when someone complains that stewards have not exercised due care in removing rights, the answer is always, "If it's an error, any 'crat can fix it." They don't investigate the details, usually. So the rule that 'crats don't assign the bit without consultation (which has always had exceptions on most wikis) is trumped in this case because you would simply be correcting your own error.
The notice provided is not totally clear:
"make at least five further admin actions in the following six months.
"Admin action" is not defined in the notice. That appears to have confused another admin, who worked on certain things that he thought of as administrative without creating a specific logged action requiring admin tools. The policy has the same.
If the admin responds to the notice as required but then fails to make five admin actions within the following six months, the rights will be removed without further notice.
However, above that, "admin action" is defined:
An "admin action" for this purpose is an action requiring use of the admin tools and which is logged as such in logs and histories. This tool can be used to check.
The problem is that the first part of the definition and the tool are in conflict. There is an action which requires admin tools, and which is logged, and that is a move without creating a redirect. The tool does not show these. For the future, either such actions should be included or the policy should be clarified. This is why I found 18 actions, but the tool found only 16.
The second problem is the "following six months." That must mean "within six months after the time of the notice." So the date to enter in the tool is the date of the notice, not the next day. The tool should then show all the actions. It might show extra actions, performed the same day but before the notice. I would interpret the last day of the period liberally, if that ever comes up. An automated tool would go to the same day and time as the notice, but six months later, or it might go to the next day.
It might be appropriate to give admins an extra warning. As well, they could be informed that the time may be extended per the policy about notice of absence. This would toll the clock until two months after their stated return date.
There is conflict about this on wikis because there is difference of opinion about handling inactivity, in part a philosophical difference about using threat of removal as an incentive to create actions. --Abd (talk) 13:14, 16 February 2015 (UTC)

I have now restored @grin's admin access based on the opinions voiced by @Michael and @99of9. My apologies for causing the trouble, and thanks all for your comments. As far as changes and clarifications in the policy are considered, that discussion should be taking place at the Village Pump so as to welcome more involvement from a wider portion of the community (even though I basically agree with @Abd's suggestions for possible refinements). Thanks, odder (talk) 16:18, 16 February 2015 (UTC)

I'm a little late to the party, but I endorse this decision :-) --Dschwen (talk) 16:43, 16 February 2015 (UTC)

First, thanks Odder for the readminship, it's good to see that mistakes are what they are and can be fixed just as easily. As for me I agree with @Abd's summary as well, and here's a few comments about my background story. I'm a backup-admin for Hungary which means that I usually only intervene when there's a need for a HU admin (usually due to a request to the huwp community) and there is no other active admins around, so I happen to carry flags on several projects. I often do maintenance work (like fixing things which require admbits) or investigative ones (like, most often on commons, to see what was deleted, when and why, and often fixing deletions based on misunderstanding or lack of language compatibility). Because of this method I usually don't have much logged admin actions and every time I get a message to be deadmin'd I am forced to go find some admin stuff to be logged and do it, just to make the logs happy (since, as far as I see, this doesn't make neither me nor anyone else happy). Generally I see automatic deadminship pointless, my opinion always has been that the flags do not ask for food or drinks and don't consume resources so there is little point to remove them; and generally I believe even if someone plans to remove bits from people it should be based on inaccessibility or unwillingness rather than some technical measurements about "actions". I am generally available on projects I haven't been active in the last 2 years and when I get a request to go there and ban someone I can do it on short notice; it's good for everyone since I understand the context and I have the time while the stewards would have none of these.

I agree that this is not the proper place for discussion and I honestly don't have much desire to debate this since most of the "reasoning" I've seen was completely emotional and I cannot debate with that. I am very thankful for the automated reminder to waste my time on a given number of visible actions, if that's what community wants from me in exchange of making it possible to do what the community requires. :-)

Thanks again for all of your replies and consideration. --grin 22:33, 24 February 2015 (UTC)

Template talk:Boxboxtop[edit]

Hi! I see you are the last editor of {{Boxboxtop}}. I requested an edit for that page about 10 days ago. It is a simple and minor edit to add Italian translation to the template. Can you help me please? Thanks in advance. --FRacco (talk) 14:15, 1 March 2015 (UTC)

@FRacco: I'll have a look at this in the evening; I seem to have forgotten about your request. odder (talk) 04:52, 9 March 2015 (UTC)
@FRacco: @Rillke was kind enough to fulfill your request. Thanks for providing the translation! odder (talk) 22:33, 9 March 2015 (UTC)
Perfect, thank you! --FRacco (talk) 15:34, 10 March 2015 (UTC)

OTRS application[edit]

Two weeks ago, I re-applied for OTRS access. Tonight, I received a (seemingly) boilerplate message, telling me that my offer was declined; among other things, it said: Considering the nature of the work, it requires that the OTRS admins be familiar with you and your work on Wikimedia projects before accepting you as a volunteer and We think there are currently better candidates for this task.

I have no intention to comment on that, I'm just leaving this here for the information of those friendly talk page stalkers who might be interested in learning more about how OTRS actually works. odder (talk) 05:03, 9 March 2015 (UTC)

[11]. It's obvious. You are not being told the reason. So new? Secrecy breeds secrecy, justifies itself, and grows as long as it is tolerated. There can be good reasons for privacy. However, this then becomes an excuse for all kinds of corruption to flourish. There are watchers, people who can see the discussions. And if any of them reveal it, no matter what the cause, they are then expelled, if they can be identified -- or even suspected. So, as to the watchers who remain silent, do we trust them? Do they act to ensure that private discussions stay within bounds? Are OTRS members who violate policy and common decency sanctioned?
The Ombudsman commission, which might theoretically review this, is not selected by the Community, so it does not represent the community, it represents the WMF. Does the WMF represent the community? Arguments could be made either way; but it has become very clear: as is common with nonprofit organizations formed by communities, the organization, once it has staff and money, once it has weight, runs away from the community. There is nothing unusual about the WMF doing this, it's predictable unless structure is in place to prevent it.
OTRS is not a community function, it is a WMF function, with its own structure. --Abd (talk) 17:17, 9 March 2015 (UTC)
The 'boilerplate' pretty much says it... "the OTRS admins be familiar with you and your work"... iow, it's not about knowledge or demonstrated good faith, but about if they know you and like you. Revent (talk) 19:42, 9 March 2015 (UTC)
FYI, the whole text of the e-mail I received is now at Pastebin.com. odder (talk) 19:44, 9 March 2015 (UTC)
I note the letter contains "Being an OTRS volunteer requires .... extraordinary discretion." Your publishing of the letter clearly demonstrates that is not among your top priorities, in continuation of your public referencing to things written on the OTRS wiki. Probably one of the least surprising declines in recent history IMO. -- Slaunger (talk) 20:59, 9 March 2015 (UTC)
I'll say that I consider Odder blessed that he doesn't have to deal, on OTRS, with the kind of thinking in the comment above, where "discretion" means hiding the truth, when revelation of the truth would cause no harm to any individual, just expose a situation to wider consideration. Publishing that e-mail was not a "reference to things written on the OTRS wiki," and violated no confidence, and what constantly amazes me is the low quality of understanding of so many of our volunteers. I suppose one gets what one pays for. Indeed, perhaps what is amazing is how many conscientious, thoughtful, knowledgeable, and basically decent people one finds on the wikis. --Abd (talk) 22:52, 9 March 2015 (UTC)
@Slaunger: I, on the other hand, consider this a really bad--but in no way surprising--decision. OTRS admins could have easily checked any of the 800+ OTRS tickets I processed during my over 5 years of being an OTRS agent to see whether I have the necessary experience to deal with the usual OTRS correspondence; two of them are also my fellow oversighters, and should have been capable of assessing my actions in that capacity to verify whether I demonstrate the required level of discretion needed for OTRS purposes (and if that assessment came out negative, not having OTRS access should be the least of the community's worries here). I also believe I have quite a good record dealing with copyright mattes here on Commons, having dealt with thousands of copyright issues in my role as an admin of almost 10 years. It is therefore quite clear to me that the refusal to re-open an OTRS account for me is political, and related to the disagreements around the role and functioning of OTRS that have, among other places, been demonstrated above, and has nothing to do with my capability to answer copyright-related queries and ensuring Commons' best interests. I know that @Fae and @Nick have spoken about OTRS in the past, so let's ping them to see what they think. (Also @RD, @Pajz, @Raymond and @Tiptoety who are all OTRS admins and active on Commons if they want to tell their side of this sad story.) odder (talk) 22:01, 9 March 2015 (UTC)
A majority of your post refer to your capabilities in handling copyright issues. I am not questioning you competences when it comes to handling copyright issues at all. You are undoubtedly very good at that. I am solely referring to the requirement regarding extraordinary discretion in relation to your recent referrings to what has been written on the OTRS wiki, and your evading answers to questions about that. -- Slaunger (talk) 22:17, 9 March 2015 (UTC)
I agree with Slaunger, it's not a surprising decline and I'm fairly evenly split between supporting the OTRS administrators on this matter and being completely outraged at their behaviour. Their task was somewhat unenviable.
The release of data from OTRS wiki is clearly going to be a red flag if you're again going to have access on the OTRS system and the OTRS wiki, it puts you and the OTRS team into a difficult position if further leaks of data were to occur (in that respect, it's probably for the best you were turned down).
We also want to portray a professional approach, and it would clearly be a bit of an unusual decision for the OTRS project to grant access to someone who had been leaking logs and undermining the project (rightly or wrongly).
That said, the refusal of the OTRS team to allow trusted parties access to that data so they may establish whether or not OTRS agents are engaged in sub-optimal behaviour, as was discovered through the leaking of data, is equally problematic. There would be no way of knowing about any of the secret discussions people thought they could make in complete privacy if it wasn't for those users on the OTRS system who were forwarding on data to you and others. There needs to be some significant governance changes on the OTRS system, and behaviour adjustments by some agents that I can think of, and there needs to be some urgent re-engagement between OTRS and Commons, because their refusal to allow a bureaucrat and oversighter access to the system looks just as bad as a bureaucrat and oversighter publicly posting leaked data.
TL;DR - there has been some pretty silly, unfortunate, and adversarial behaviour from both sides. There desperately needs to be a coming together and rapprochement between these two projects. Nick (talk) 00:41, 10 March 2015 (UTC)
I share the opinion of Nick. What more concerning me is your early reply to an OTRS admin: "Please note that as I do not have an account on the OTRS wiki, I am not bound by any policies that are in effect there." You were an OTRS volunteer earlier and not now. Suppose you become an volunteer now and later resign. What will be the safety of the non public data you will access as part of your volunteership as you will "no longer bound by any policies that are in effect there" after your resignation? If their is some loopholes in the existing policies, it needs to be fixed urgently.
When I see your request at Meta, it makes me smile as I don't feel it as a serious request. All I see is just an attempt to make fun at them? :)
Finally, I agree with Nick again; there must be some serous attempt to reduce the friction between the two teams. Jee 03:36, 10 March 2015 (UTC)
@Jkadavoor: The safety of any public data (not that I have ever shared any, which everyone seems to imply even though the discussion I leaked did not contain any non-public data at all) will be guaranteed by the same thing that guarantees that you don't share it: having entered into a legally binding contract (which I already have done as an oversighter here on Commons). Surely you cannot claim that I am bound by any OTRS secrecy policy with regards to discussions that have happened there since I resigned my access last year. odder (talk) 05:31, 10 March 2015 (UTC)
Odder; I didn't say you revealed any non public info. I didn't even doubt you as you are holding very trusted privileges than mere OTRS volunteers like me. My experience with you on oversight requests are very gentle and confidential. But I'm not happy with your attempt to merely relying on policies and allowing to publish private contents publicly. It is more of an ethical matter than legal. I agree POVs of different people are different; I'm talking based on my POV.
OTRS admins may also not happy with it. And, as far as I know, it is a private project much different from other WM projects like Commons or Wikipedia. So they can make their own decisions. Jee 06:08, 10 March 2015 (UTC)
This is getting into VP-ish territory, but I can definitely see Nick's point, in that the refusal is not surprising (as you basically gave them the perfect excuse), the problem as I see it is basically that the OTRS is setup as 'inherently' a clique, with no oversight or community input, so it basically comes down to what I said... do the OTRS admins like you, not an actual evaluation of trustworthiness. I think Odder is 'technically' correct, in that he is in no way obligated at this point in time to protect the 'privacy' of what was merely a discussion on the OTRS wiki that didn't involve a actual 'privacy' concern, but seemingly just a desire to have a 'private' discussion. He was apparently given the info by someone with access, deliberately intending to act as a whistleblower, and Odder posted nothing that actually violated the ethics I would expect of a CU, OS, or an OTRS agent.... he just broke the fallacy that the 'OTRS cabal' could have a private discussion on their personal wiki about a 'meta-issue' that should really have been discussed in public anyway. I find it disturbing that the WMF, and the OTRS community, seem to feel that theit obligation is to the WMF as a 'corporate entity', and not to the community of contributors to the various projects, and I personally think Odder did the right thing in 'exposing' that. It's an issue that is completely unrelated, however, to the actual 'intended function' of OTRS. I have never seen any indication that Odder is even slightly inclined to violate a person's personal privacy, which is what should be at issue. Revent (talk) 04:22, 10 March 2015 (UTC)
Are there any other plausible reasons than making this "VP-ish territory" for starting this thread? I'd like to note that as OTRS is just fundamentally different from that anyone can edit projects like Commons (in that it's a system that requires a defined team, otherwise there is no secrecy of correspondence), it's very much in its nature that if you can't get along with its administrators (discuss without insulting, …), you shouldn't be part of it. No conspiracies, no "WMF instead of Commons", just basic requirements of an eMail response team.    FDMS  4    04:43, 10 March 2015 (UTC)
@FDMS4: As an OTRS agent yourself, you should be aware that daily work on OTRS hardly ever requires you to contact OTRS admins (I think I only needed any help a handful of times in my 5 years of being on OTRS), so not getting along with its administrators -- rather than proper knowledge and experience -- is a pretty poor argument to refuse someone's application (in my opinion). Also, I don't see any reason to mention the WMF at this point; they're, as far as I am aware, completely unrelated to this situation. odder (talk) 05:25, 10 March 2015 (UTC)

Could use your expertise[edit]

Please see Commons:Village_pump#President_Obama_Delivers_Remarks_on_the_50th_Anniversary_of_the_Selma_Marches.

Could use your expertise after seeing you uploaded some files larger than 100 MB somehow, example at File:2015-01-03 President Obama's Weekly Address.webm.

Thank you,

-- Cirt (talk) 04:30, 10 March 2015 (UTC)

@Cirt: Responded there. odder (talk) 05:18, 10 March 2015 (UTC)

Autopatrolled[edit]

Hi, I am "bothering" you because you changed my AP flag some time ago. I am and I was making some analysis of croos-wiki contributions and there are other users, mainly it-N. They usually have robust or long-term flags on other wikis, and enough edits here to evaluate their behaviours and to me it was a pity I wasn't sharing this information after a while, but I have noticed that I can't find a flag proposal page here... if you want I can write you here some of them.

I had the feeling that here on commons active it-N users have in proportion less autopatrolled flags than other language communities... i don't know the reason. Maybe there aren't a lot of users it-N with advanced flag that know them already, or maybe it is some copyright issue which are more frequent (I've moticed some discussion on itwiki where the commons threshold on some areas is considered too rigid.--Alexmar983 (talk) 12:20, 20 March 2015 (UTC)

@Alexmar983: I can't tell why Italian users would be proportionally underrepresented in the autopatrolled user group; I agree that them being relatively unknown to the largely English-speaking Commons community (and administrators) might be one of the reasons, but I can't make any guesses further than that. There is one way to fix this, though, and that is to get a list of long-term, experienced Italian Commons contributors, and just add them to that user group en masse, either in one go or over a period of time. If you know any such users, do feel free to mention them here; thanks! odder (talk) 19:35, 20 March 2015 (UTC)
with pleasure. I feel more confortable to give them to a non it-N profile, that sounds more "nuetral". If and when you are free, here is a list of good users with more than 1000-1500 edits: AlessioMela (sysop and usually a very formal/techical guy), Horcrux92 (like AlessioMela), Ranzag (another long-term sysop). Let's see if they are ok.--Alexmar983 (talk) 10:24, 21 March 2015 (UTC)
@Alexmar983: I added @AlessioMela and @Horcrux92 to the autopatrolled user group, but I feel quite uncomfortable about doing the same for @RanZag due to the significant number of copyright-related deletion warnings visible on their talk page and the fact that they are not very active on Commons anymore. I think that a little bit more activity on Commons might be required for RanZag to show that they have enough knowledge about Commons policies not to require their edits to be patrolled by other people. odder (talk) 13:34, 21 March 2015 (UTC)
ok, that's the feedback I needed. there is some basic misunderstanding on copyright with it-N users, but it is due to the superimposed and complicated laws in Italy, and sometimes we just can't provide the right information at right place, although we know from our practical experience that the situation is not as critical as it may look like. there is some attempt at the next wikimania in Italy to discuss the topic. In addiction, copyright-related pages on itwiki are difficult to be updated, and the transfer of file from local to global archive has been proved unefficient. It is really all in good faith, local it-N users are quite stressed about that, especially old ones... new ones try to upload very few files, in my experience. that's why is maybe easier to give the AP flag to more recent users, we just try to limit our activity. Almost noone of the recently elected it-N local sysop showed a great experience in image copyright. I've tried to select some name... that's why I was interest in the AP here on commons, if I can understand which users are really good on this platform, that's a good feature to consider if we support them as a sysop candidate on itwiki.
In any case, I will ask around to other active it-N users just to have a better idea, or additional feedbacks, it is just that i wanted to "break the circle" and see the problem form a different perspective, so thanks for your patience. I revise the activity of many users when I make statistics, or evaluate profile for additional flags on meta, so in 3-4 months I will have another "group" of candidate, not just it-N, and I will let you know, of course. I don't believe in massive insertion of flags, but after all it costs me nothing to find them.--Alexmar983 (talk) 14:27, 21 March 2015 (UTC)

Formal complaint re: Philippe Beaudette[edit]

This is just to let everyone know that I have just raised a formal complaint regarding the behaviour of Philippe Beaudette in relation to an oversight issue that occurred here on Commons with the head of the Community Engagement department at the Wikimedia Foundation, @Luis Villa. Sadly, I cannot discuss the issue in any more detail that I revealed on Philippe's talk page, but I am hopeful that it will be resolved promptly. odder (talk) 21:47, 25 March 2015 (UTC)

Community Engagement, Community Advocacy, Legal Counsel, LCA, CA... too many complicated/confusing terms. Could somebody summarize what all these means and where we contact for a particular purpose, please. Otherwise all these are useless for a layman like me and will prefer to contact Rory (WMF) as a single window for all cases. Jee 03:06, 26 March 2015 (UTC)