Hosta

The following discussion is an archived record of a request for comment. Please do not modify it. No further edits should be made to this discussion. A summary of the conclusions reached follows.

Should WP:BLOCKEVIDENCE be updated to explicitly allow administrators to consider off-wiki evidence when making blocks for on-wiki misconduct, as long as that evidence will be made available to all uninvolved administrators and recorded with the Arbitration Committee? 21:52, 6 September 2022 (UTC)

It is well-established that blocks for off-wiki conduct fall outside of individual administrators' blocking authority. However, the situation is less clear when off-wiki evidence contributes to a decision to block a user for on-wiki misconduct: for instance, a user who denies a COI on-wiki, while a LinkedIn profile tells a different story. Currently, WP:BLOCKEVIDENCE, WP:ADMIN § Special situations, de facto community practice, and ArbCom's recent statement on Special Circumstances blocks provide guidance to administrators in inconsistent ways, open to varying interpretations. This disagreement recently received significant attention at the arbitration noticeboard talk page. The proposers of this RfC disagree on the current meaning of BLOCKEVIDENCE, but agree that it is both ambiguous and out-of-date with respect to current practices.

This proposed change to BLOCKEVIDENCE would explicitly allow administrators to block based on off-wiki evidence as long as that evidence will be made available to any uninvolved administrator upon request. In order to ensure the retention of evidence supporting these blocks, administrators would be required to record the evidence supporting these blocks with the Arbitration Committee when making these blocks. The intent of this proposal is to allow administrators to continue to make blocks for spam and undisclosed paid editing, while establishing safeguards for evidence retention.

Proposed new text

If an administrator blocks a user based on information to which not all administrators have access, that information should be submitted to the Arbitration Committee before the block to ensure that the information is recorded in the event of any appeal.^[1] Evidence supporting these blocks must be made privately available by the blocking administrator to any uninvolved administrator upon request (for the purpose of peer review or appeal). In the event that the blocking administrator is unavailable to transmit the evidence, the Arbitration Committee will do so. These blocks typically should not be marked as "appealable only to ArbCom" and are reviewable by any uninvolved administrator.

If the blocking administrator is unwilling to share this evidence with any uninvolved administrator upon request, the administrator may not issue a block. The community has rejected the idea of individual administrators acting on evidence that cannot be peer-reviewed. Instead, the administrator should request action from the Arbitration Committee, or from the Checkuser or Oversight team, as appropriate. These editors are qualified to handle non-public evidence, and they operate under strict controls.

A separate set of requirements apply to administrators holding checkuser or oversight privileges. Those administrators may block users based on non-public information accessible only to checkusers and oversighters without emailing the Arbitration Committee. This may include information revealed through the CheckUser tool, edits that have been suppressed ("oversighted"), and information recorded in the checkuser-en-wp or paid-en-wp VRTS queues. These blocks are considered to be Checkuser or Oversight actions, as appropriate, although the technical action to issue a block is an administrative one. All such blocks are subject to direct review by the Arbitration Committee.

If this proposal is successful, the change would be communicated to all administrators via MassMessage, as has been done with past changes to blocking procedure. Wikipedia:Appealing a block would also be updated to reflect this change to blocking policy. Finally, the Arbitration Committee would be recommended to establish a new unmonitored VRTS queue to receive evidence supporting these blocks (distinct from its handling of "appeal only to ArbCom" blocks), with ticket numbers that can be included in the block log.

Co-signed 21:52, 6 September 2022 (UTC):
-- Tamzin^{[cetacean needed]} (she|they|xe)
KevinL (aka L235 · t · c)

Discussion (BLOCKEVIDENCE)

• Support as proposer. I thank L235 for suggesting creating this RfC, in light of our disagreement about the policy's current meaning, one that sees multiple experienced administrators on both sides. It's clear to me that BLOCKEVIDENCE is not in keeping with current practices, and creates a dangerous dead letter of essentially unenforced wording amidst a very important policy. As a new administrator, I have already run into scenarios several times that fall into this ambiguity. To highlight a few examples:
  1. A user recreated an article on a non-notable person, which had been deleted several times in the past. Past versions appeared autobiographical, but the new account seemed to be someone different. I Googled the username and found that someone with that exact name worked in marketing for a company affiliated with the article's subject. I blocked for meatpuppetry, directing other admins to contact me for evidence.
  2. A user was reported to SPI for AfD !votestacking. At issue was whether they knew another user off-wiki, so I Googled their username and found a LinkedIn profile where someone with that name claims to be a Wikipedia editor and claims to work for a company that the user had edited about extensively. I asked the user if they were affiliated with the company. They denied it, and I blocked for UPE, directing other admins to contact me for evidence.
  3. The other day, GoodPhone2022 (talk · contribs) emailed me, (mostly-)^[1]confessing to being a sock of AlfredoEditor. In this case, given the username similarity to past sock GoodPhone2020 (talk · contribs), I was comfortable blocking, but if not for that, I would be in an area of policy ambiguity.
• In each of these cases, ArbCom's current prescription is that I would have had to forward the email to a CU-staffed queue, in two out of three cases for a routine sockpuppet. In all three cases, the reason for blocking is on-wiki misconduct, most of the evidence is on-wiki, and the off-wiki evidence was straightforward.^[2]
  We have four conflicting rulesets here: BLOCKEVIDENCE, if interpreted to forbid all blocks based on private evidence, forbids these three blocks, even the routine sockblock. If interpreted to forbid only blocks based on evidence that cannot be shared off-wiki with other admins, it allows this (since under WP:OUTING admins can discuss such evidence by email). ADMIN § Special situations, meanwhile, complicates this, in that it could be interpreted to allow these blocks but require making them "appeal only to ArbCom". ArbCom's recent statement, however, forbids that designation for the most part, and, depending on how literally one sentence is taken,^[3] forbids making the block at all. And finally, de facto current practice is that administrators do make such blocks and either explicitly or implicitly direct other admins to contact them off-wiki for evidence.
  Since ArbCom has sent no admin-wide bulletin, I suspect that the upshot of ArbCom's recent statement is that it will be ignored and business will continue as normal until someday it doesn't and we get some drama-filled desysop or admonishment that pits admins saying "But we all do this!" against arbs saying "But we said you can't!" I don't like that outcome, and I don't like the status quo of a policy that is both ambiguous and ignored. Critically, even if BLOCKEVIDENCE does allow these blocks, we have the problem that it's not a very good system. Admins resign or get for-caused or die. Admins forget why they blocked someone. LinkedIn profiles get taken down, Upwork contracts get closed. By both formalizing the permissibility of blocks like these and creating a system for admins to store evidence (mandatory when off-wiki evidence is involved, optional but encouraged for complex interpretation of on-wiki evidence), we solve that problem while clarifying the situations under which admins can and can't make blocks like these. -- Tamzin^{[cetacean needed]} (she|they|xe) 21:57, 6 September 2022 (UTC)Reply[reply]

  @Tamzin: I would be very surprised if it is "current practice" for admins to make blocks based on nonpublic evidence without having signed the confidentiality agreement for nonpublic information. Do you have any examples of anyone other than yourself doing it? Historically as a project we are very careful about private information and, while I have no doubt that your different interpretation of WP:BLOCKEVIDENCE was reached in good faith, in the subsequent discussion on ARBN, the majority of admins, including functionaries with years of experience in actually handling these kind of blocks within the established processes, agreed with ArbCom's interpretation. – Joe (talk) 09:17, 7 September 2022 (UTC)Reply[reply]

  @Joe Roe: Just sent a brief email. Best, KevinL (aka L235 · t · c) 15:52, 7 September 2022 (UTC)Reply[reply]

• Support as proposer. In my view, policy currently prohibits many blocks that are frequently made by administrators (e.g., low-level UPE blocks based on Upwork profiles). But those blocks seem to have become accepted by the community and the administrative corps. This proposal catches policy up to reality while adding a safeguard: the evidence will be recorded in case it’s needed in the future. I therefore support the change.
  Also, because there’s disagreement about what policy currently requires, I’d ask any folks who oppose this proposal to indicate what they think the current policy says. (Are blocks based on info with an “email me for the evidence” note permissible? Does that count as information that will [] be made available to all administrators?) With thanks to Tamzin and everyone who discussed and ideated on this, KevinL (aka L235 · t · c) 21:58, 6 September 2022 (UTC)Reply[reply]
• Support - currently we are caught between the former status quo, with the risk of block evidence being lost putting appellants and unblocking admins in an unenviable position and the Arbcom created new rules that simply would put too many tasks on CU-only where they don't need to be. This proposal offers a solution to that, especially in the "low-hanging fruit" part of off-wiki evidence. Tamzin's reasoning is detailed and the examples are a good set of those frequently seen. Nosebagbear (talk) 22:04, 6 September 2022 (UTC)Reply[reply]
• Support. Seems pretty straightforward to me. –MJL ‐Talk‐^☖ 22:24, 6 September 2022 (UTC)Reply[reply]
• Support. We shouldn't prohibit good blocks just because policy doesn't allow the evidence to go public. I do have one quibble with the proposed text. It says the info will be recorded by arbcom and can be retrieved there by admins, but it also says the blocking admin MUST supply the info to other admins on request. That implies all admins using this policy must retain a permanent duplicate record of the info. That seems pointless. I'd drop the unreliable requirement for admins to supply the evidence. Alsee (talk) 22:26, 6 September 2022 (UTC)Reply[reply]
• Support, with thanks to both proposers. The problem of UPE is a significant one, and I'm pretty sure there is community consensus that we need to allow some degree of "research" about users suspected of UPE or even just COI, regardless of the WP:HARASS prohibition of "opposition research". This proposal makes it clear how admins can be effective while still protecting private evidence, and solves problems with forgotten evidence. --Tryptofish (talk) 22:30, 6 September 2022 (UTC)Reply[reply]

  @Tryptofish: We already allow this kind of research, by anyone, just with the caveat that only functionaries can make a block based on it. The evidence for these blocks is then logged in one of various VRT queues or private wikis (depending on the kind of block). For example, if you find evidence that a user is making undisclosed paid edits, you can email it to paid-en-wp@wikimedia.org for recording and action. – Joe (talk) 09:02, 7 September 2022 (UTC)Reply[reply]

  I think it's pretty obvious from subsequent discussion below, that the community is divided over whether or not that is, or should be, true. --Tryptofish (talk) 18:35, 7 September 2022 (UTC)Reply[reply]

  As I read comments by other editors, I want to add to my original comment. As much as I consider doxxing to be appalling, I think there are shades of gray when it comes to people who are openly engaging offsite in for-profit abuse of the community's trust. Deceiving other editors by hiding one's actual agenda in order to slant our content to serve a corporate or political purpose is not OK. And anyone who thinks it's not happening on a large and growing scale is kidding themselves. Wikipedia is a very attractive target for self-promotion. That's nowhere near to regular good-faith contributors who want to be able to edit anonymously (like me). Our policies should not be suicide pacts, and we should not make our belief in the right to anonymity into a cultish Thing-That-May-Not-Be-Questioned. --Tryptofish (talk) 23:11, 7 September 2022 (UTC)Reply[reply]

• I support the idea behind this proposal. However, I'm unsure about the following sentence: "In the event that the blocking administrator is unavailable to transmit the evidence, the Arbitration Committee will do so." Can we really require them to do so? This seems to convert ArbCom into a marketplace for off-wiki outing. I guess "will do so if possible" or "may do so" would be more precise. ~ ToBeFree (talk) 22:39, 6 September 2022 (UTC)Reply[reply]

  I'm definitely OK with "if possible" or "may do so" if people feel very strongly, but my first thought is that it seems like this is an edge case that doesn't need to be spelled out – presumably we can trust ArbCom not to engage in impermissible OUTING, as they handle all sorts of private information normally. Best, KevinL (aka L235 · t · c) 22:52, 6 September 2022 (UTC)Reply[reply]

  Well, as mentioned in Tamzin's support comment, the harassment policy does contain an outing exception specifically for emailing, so it's less of a concern than it looked to me first anyway. Formalizing the existing way for all administrators to access the evidence behind such blocks is a positive development.

  I have reviewed paid-editing blocks based on admin-only evidence (and requests for them) a few times and found it difficult to come to a clear conclusion whether the blocked user was actually lying into our faces or genuinely pointing out a case of mistaken identity. I guess those active at WP:SPI got used to this feeling. Transparency, as far as possible, increases the number of eyes that need to make the same mistake for an incorrect block to happen/stay. I can't really complain about that. ~ ToBeFree (talk) 23:14, 6 September 2022 (UTC)Reply[reply]

• Support. This is a reasonable way out of the current conflicting-norms problem. Unlike ToBeFree, I have no issue with the fact that the en.WP community can require its own ArbCom to do something. ArbCom answers to us, not the other way around.  — SMcCandlish ☏ ¢ 😼  23:11, 6 September 2022 (UTC)Reply[reply]

  (Now that might be oversimplified as ArbCom consists of volunteers... somehow... within the boundaries of WP:ADMINACCT and similar principles. And, although probably not applicable to the type of evidence we're discussing, there are of course even additional restrictions on what we can require them to do, described in their NDAs.) ~ ToBeFree (talk) 23:20, 6 September 2022 (UTC) Reply[reply]

  I agree the community can compel arbcom to do something through Arbpol. This is not that. However if this passes I will absolutely be in favor of setting up an email queue for things to be sent to. Best, Barkeep49 (talk) 06:14, 7 September 2022 (UTC)Reply[reply]

• Support This is a good solution for a difficult problem and is necessary to reduce disruption. Johnuniq (talk) 23:26, 6 September 2022 (UTC)Reply[reply]
• Support makes sense and clears up an ambiguity/conflict in policies/procedures/best practices. I don't see any reason not to make this change. --TheSandDoctor ^Talk 23:46, 6 September 2022 (UTC)Reply[reply]
• Absolute and unequivocal Oppose. While clearly a good-faith proposal, I think this may be the single worst idea I've seen advanced to the community in quite some time, full of ill-considered potential knock-on effects that aren't even contemplated within the proposition, let alone addressed. With due respect to Tamzin, I think they have seriously misinterpreted both the wording of relevant policy and the established community consensus on which it is based.
  For example, the first scenario that they use as evidence for why this system is needed (in their support !vote)... I'm sorry Tamzin, but that's just not the kind of investigation I want you to be undertaking under any circumstances, nor do I think it is properly within your remit as an admin: in fact, I think it is a brightline violation of the wording of WP:OUTING. The exception contemplated in that policy is that a user might utilize information relating to a generic posting by a company seeking COI editors--not the notion that users (admins included) would be tracking down potentially doxxing information regarding specific editors, just so long as they have socking concerns to justify it. That clearly goes against the spirit of the policy and longstanding community consensus.
  I suppose it's true that nothing currently prohibits any community member from acting as a non-sanctioned investigator and submitting such information to VRTS--whom I hope routinely ignore it in the (probable majority) of problematic cases and focus on on-project information and technical assets. But I am deeply concerned about how enabled similarly-thinking admins as Tamzin (again, no personal offense intended, but I feel strongly about this issue) might feel if they perceive a further institutional greenlight on such activities. And note that the outing policy would also need to be rewritten here in order to facilitate this new system, since it currently expressly forbids some of the activity that would be involved, and expresses a very different philosophy with how off-wiki information (and linking it to on-project accounts) is meant to be handled.
  Whats more, in order to facilitate this new and highly problematic role for admins, there is to now be a new log of sorts containing any amount of potentially sensitive personal information on any number of community members (and indeed, where the admin-inspector's instincts are off, personal information of people who may have nothing to do with the project whatsoever), creating one of the greatest systematic doxing risks generated by the project? All it would take is one bad actor getting access to that system, through legitimate or illegitimate means to create a world of harm. Nor should we expect any potential disruption to be limited to just a handful of overzealous admins, since this new system would encourage anyone of such a mindset, and on good terms with an admin who views their authority in this new area as broad, to seek out potentially damning information on other editors to relay it to said admins.
  I'm sorry, but our current policies with regard to the collection, dissemination, and storing of off-project personal information (which may or may not relate to community members) did not evolve in a vacuum: they are meant to place a premium on the protection of anonymity on a project that presents a massive risk of real world harm for many of its members. This proposal would be a significant erosion of that framework, which would invite all manner of potential problems. Far from being a "constitutional overreach", the rules promulgated by ArbCom (which have in any event been status quo for a long time), are, by comparison, much more in conformance with the traditional principles and concerns regarding privacy on this project, and it is (in my opinion) this proposal which would violate existing community norms and important checks and balances.
  In short, very much a case of the cure being much worse than the disease it proposes to address (and which is already effectively controlled by an existing treatment, if one that moves a little slower. I'm sorry, but we cannot, in the name of combating paid editing, vitiate some of our most important privacy policies. It just is not remotely a balanced reaction to that situation. SnowRise ^{let's rap} 01:50, 7 September 2022 (UTC)Reply[reply]

  The outing policy, a section of the harassment policy, does not prevent administrators (or anyone for that matter) from investigating users' off-wiki activities, and explicitly notes Nothing in this policy prohibits the emailing of personal information about editors to individual administrators, functionaries, or arbitrators, or to the Wikimedia Foundation, when doing so is necessary to report violations of confidentiality-sensitive policies. If you think it ought to prohibit these things, you should propose a change to that policy. But the status quo is that such investigations and discussions are allowed; the question we're discussing here is who should block based on them, and how. -- Tamzin^{[cetacean needed]} (she|they|xe) 03:02, 7 September 2022 (UTC)Reply[reply]

  I find that quoting of the policy incredibly selective, considering the very next two sentences read: "Only the minimum information necessary should be conveyed and the minimum number of people contacted. Editors are warned, however, that the community has rejected the idea that editors should "investigate" each other."(emphasis added). The expansion of an administrator's permitted activities that you are proposing (and at least one of the examples of conduct which you seem to already engage in) are clearly not in keeping with that principle. You are just fundamentally wrong about what the kind of behavior the community has long proscribed with that rule: no, neither admins nor rank-and-file community members are meant to be tracking eachother off-project--that is quite simply a very foolish (and for some, expressly dangerous) notion, and the outing policy is the first and perhaps most fundamental layer in a firewall that exists to protect the privacy (and in many cases even the safety) of our volunteers.

  There is already a system in place for users (admins included) to act on off-project information suggestive of on-project disruption: WP:VRTS. That system seems to aggrieve you because you perceive it as ArbCom somehow dictating the purview of administrators, but there's clearly a lot of important policy rationale for why the system is set up like that in the first place: that information is simply not meant to become part of the record on contributors here, even in cases of disruption. Nor are our community members meant to be openly policing eachother in the manner you would have use normalize.

  What's more, you would have us log all the information thus collected in some fashion broadly available to at least editors of a certain class of permissions--and all that would need to happen in order for such doxxing data to be collected and retained for a user is that any one of our admins thought that maybe it was possible that they were socking... I'm sorry, but do you really not see all the ways that any such system would be vulnerable to exploitation or penetration, deeply undermining our traditional commitment to prioritizing the privacy and safety of our volunteers? I'm afraid that neither allowing for slightly speedier responses to a small subset of COI cases, nor giving a particularly defensive segment of the administrative corps an opportunity to thumb their nose at ArbCom are sufficiently good reasons to abrogate the principle of user anonymity so significantly. SnowRise ^{let's rap} 06:15, 7 September 2022 (UTC)Reply[reply]

  (edit conflict)There's a clause in the outing policy that Editors are warned, however, that the community has rejected the idea that editors should "investigate" each other. My reading of the proposal is that this policy is complimentary with WP:OUTING and that both the public meaning and intent of this proposed policy maintain respect for the principle that editors should not investigate each others' private lives. @Tamzin and L235: Yes or no, is this reading of policy yours as well? — Red-tailed hawk _(nest) 06:20, 7 September 2022 (UTC)Reply[reply]

  Kevin and I are not suggesting any change to WP:OUTING. My reading of that clause in OUTING—taken in context alongside other language that, as noted, explicitly allows reports of sensitive information—is that editors should not try to "dig up dirt" on one another, especially not speculatively or vindictively. OUTING is not a blanket ban on ever looking at anything anyone does off-wiki, and the community has repeatedly rejected attempts to make it one, something reflected in its current wording. Give that functionaries and ArbCom are bound by OUTING too, any stricter reading of that clause would mean that they commit blockable/desysoppable offenses anytime they block someone for off-wiki harassment—a block that by necessity involves some level of looking at what someone has been doing off-wiki. -- Tamzin^{[cetacean needed]} (she|they|xe) 06:43, 7 September 2022 (UTC)Reply[reply]

  That's clearly a non-sequitor: no one (that I have seen anyway) is suggesting that an admin who in good faith comes into possession of evidence of off-wiki harassment should refuse to act to protect the harassed party. And in fact, that's the very reason we have the system that we presently have, which balances user privacy with the possibility of administrative action in the fashion it does (with appropriate non-public oversight). But that is a very different animal from permitting admins (and potentially cohorts working in close collaboration with them) to unilaterally (and on their own onus) begin digging into the off-project identities of users. That is an exception that just cannot do anything but ultimately swallow the rule. It's very clearly the exact bridge too far that inspired the very plainly worded prohibition on investigating your fellow editors in the outing policy. Acting on information brought to you about an especially harmful and chilling class of harassment is one thing; every admin having the power to self-appoint themselves an inspector-general, in any random case of any user they can say they genuinely thought might be a sock, is a very different thing, and something I pray the community will have the good sense to reject here. SnowRise ^{let's rap} 07:11, 7 September 2022 (UTC)Reply[reply]

  @Red-tailed hawk: Yes, I believe that the proposal here is consistent with and should be read together with WP:OUTING, and that no changes to OUTING are implied by this proposal. Best, KevinL (aka L235 · t · c) 17:05, 7 September 2022 (UTC)Reply[reply]

  Even though I still support the proposal, I actually think that it contradicts the current understanding by the community of what the outing policy says. This proposal, taken along with the harassment policy, is basically saying that a non-admin can be sanctioned for doing opposition research, but it's OK for admins to do it, so long as they are simply doing it to enforce policy, rather than to push a personal grudge. That said, I believe this to be the actual existing practice of how things are done, but we continue to have policies that say something different, and some very strong sentiment in the community that we need to keep hands and eyes off of off-wiki everything. --Tryptofish (talk) 18:42, 7 September 2022 (UTC)Reply[reply]

• Support, obviously. If you organized a gang of vandals off-wiki, you should be blocked. Not blocking due to the coms being off-wiki is just taking advantage of a technicality to me. CactiStaccingCrane (talk) 02:10, 7 September 2022 (UTC)Reply[reply]

  As for the potential for a power-grab/privacy concerns raised by SnowRise, I agree that the proposal should be flushed out before being implemented. But you need to propose your idea first. CactiStaccingCrane (talk) 02:11, 7 September 2022 (UTC)Reply[reply]

• Support admins need more help and more tools to prevent bad editing and problematic accounts. Andre🚐 03:56, 7 September 2022 (UTC)Reply[reply]
• Support in principle. The particular part of the policy that states that the information has to be submitted strictly before the block seems to be a bit arbitrary and might delay an admin taking action against actively coordinated off-wiki vandalism organized on something like Twitter. Giving the admin some time after making the block (i.e. within 24 hours or something to that effect) would be superior to strictly requiring administrators to submit evidence before a block is made. — Red-tailed hawk _(nest) 06:20, 7 September 2022 (UTC)Reply[reply]
• Oppose largely per SnowRise. I find Tamzin's examples bizarre; they seem to me to be right on the line of desysopable offences (even blockable ones), if not over it. Blocking someone because you googled their user name and found apparent connections to their editing is not okay. Sharing personal information of other editors by email (as proposed here) with any admin who asks for it is not okay. We have teams of people who deal with off-wiki evidence precisely to avoid this situation - those people have to have signed an agreement with the WMF to protect the confidentiality of data they use. Normal admins have not. GoldenRing (talk) 08:45, 7 September 2022 (UTC)Reply[reply]

  Also, I really think WMF Legal need to be involved here, as I can see potential implications for the site ToU and privacy policy. IANAL but if admins are sharing editors' personal information at will for the purposes of maintaining the site, does this not expose the foundation to a degree of legal risk? GoldenRing (talk) 08:50, 7 September 2022 (UTC)Reply[reply]

  I agree that this should be run past WMF Legal if implemented. Especially the part where ArbCom is supposed to act as a sort of information broker that provides personal information on editors to any admin that asks. – Joe (talk) 12:04, 7 September 2022 (UTC)Reply[reply]

  WP:Wikimedia Foundation statement on paid editing and outing exists. ~ ToBeFree (talk) 18:23, 7 September 2022 (UTC)Reply[reply]

  I'm well aware of that, thanks. It also doesn't say anything at all that would be relevant to the Arbitration Committee, whose members are all signatories to the WMF's confidentiality agreement, sharing personal information on third parties with people who are not. – Joe (talk) 18:55, 7 September 2022 (UTC)Reply[reply]

  Which part of the WMF's confidentiality agreement prevents an arbitrator from saying "When X blocked Y, they said it was because if you Google Y's username, you get a Twitter profile for the director of marketing at the company Y was making promotional edits about"? Genuine question. -- Tamzin^{[cetacean needed]} (she|they|xe) 19:25, 7 September 2022 (UTC)Reply[reply]

  All arbitrators have agreed to refrain from disclosing nonpublic personal data to anyone. If they have access to the identity of Y because of their role, e.g. they got it from the WMF-hosted VRTS you've suggested setting up, that could be nonpublic personal data covered by the access policy. In the specific example you've chosen, you could probably argue that the Twitter profile was excepted because it is or was public (but off-wiki) information, but that isn't the case for all off-wiki blocks by any means. Also, importantly, IANAL, which is why I said I supported checking this with Legal – I'm not saying I have all the answers. That, generally, is another good reason to continue leaving this kind of work to functionaries: we tend to be a cautious bunch that will err on the side of privacy unless told otherwise. I can't say the same of the admin body at large. – Joe (talk) 20:07, 7 September 2022 (UTC)Reply[reply]

  The quote above seems to come from [1]. It should perhaps be noted that the sentence continues with "except as permitted under those policies" ("the Privacy Policy; the Access to nonpublic personal data Policy; and any other applicable and nonconflicting community policy relating to nonpublic information"), and that "Nonpublic Personal Data" (capitalized in [2]) refers to a term defined earlier on the page. ~ ToBeFree (talk) 20:36, 7 September 2022 (UTC)Reply[reply]

• Oppose. This is a terrible idea. as long as that evidence will be made available to any uninvolved administrator upon request – what if the blocking administrator isn't available? Or has left the project? Or lost the evidence? Or died? Just as the evidence for regular blocks are documented on-wiki, blocks for private evidence need to be documented somewhere so that no one person is a bottleneck for an appeal or unblock request, which could (and regularly does) come years after the initial block. ArbCom set up processes for doing precisely that years ago, using secure, WMF-maintained software, staffed by experienced and vetted functionaries who have signed the confidentiality agreement for handling nonpublic information, and it has been working perfectly fine for years. I don't see what problem this is supposed to solve and frankly it seems to stem entirely from one of our newest admins misunderstanding WP:BLOCKEVIDENCE. – Joe (talk) 08:51, 7 September 2022 (UTC)Reply[reply]

  I'm also a bit worried that good number of the supporters so far seem to be supporting because the opening text of this RfC gives the impression that we currently don't block people based on non-public information (e.g. of UPE). This is not correct. Users are regularly blocked based on non-public information, but policy restricts these blocks only to CheckUsers, Oversighters, or Arbitrators who have signed the confidentiality agreement. The proposal here is to alter WP:BLOCKEVIDENCE so that all administrators are permitted to make these type of blocks. – Joe (talk) 08:59, 7 September 2022 (UTC)Reply[reply]

  @Joe Roe: I'm a bit confused by your reasoning here, with respect to admin resignation/death/etc. The entire "send evidence to ArbCom" portion of this proposal is meant to address that scenario, filling a gap that currently occurs any time an admin makes a block like this. Which is a fairly common occurrence, particularly for admins who do a lot of anti-UPE work; the fact that you were unaware of that is a good example of the disconnect between different groups of admins that prompted me and Kevin to start this RfC. (FWIW, of the 1,015 blocks I've made since becoming "one of our newest admins", I reckon there's 5 or fewer that fall under the scope of this RfC. In all cases I have said I was willing to share evidence with inquiring admins, in line with my and many other admins' interpretation of BLOCKEVIDENCE's current meaning.) -- Tamzin^{[cetacean needed]} (she|they|xe) 16:54, 7 September 2022 (UTC)Reply[reply]

  Sorry, I was in a hurry and wasn't clear. The thing is that that gap only exists if you are making blocks against policy, hence this is a proposal that only solves a 'problem' of its own creation. If we stick to current policy, there are already robust processes that don't make one person the bottleneck and don't involve passing nonpublic personal information around a group of over a thousand people. I've yet to see any evidence that the latter is a "common occurrence" or that "many other admins" have the same misunderstanding about BLOCKEVIDENCE that you did. If I'm wrong, then as Thryduulf says below, they need to stop now and start following policy as it's currently written, not how they'd like it to be, before this ends up with ArbCom. – Joe (talk) 18:26, 7 September 2022 (UTC)Reply[reply]

  @Joe Roe: The whole point of this RfC is that policy as it's currently written is ambiguous. I and many other admins interpret will [ ] be made available to all administrators to require admins to be willing to share evidence privately when asked, but not to require them to present it on-wiki. That is not a "misunderstanding". It is a good-faith interpretation of an unclear clause. If you want to change BLOCKEVIDENCE to be more clear in your proposed direction, you should make a counter-proposal; but acting like the current meaning is crystal-clear is disingenuous. -- Tamzin^{[cetacean needed]} (she|they|xe) 19:22, 7 September 2022 (UTC)Reply[reply]

  I look forward to hearing from these many other admins. So far it seems there is a unanimous consensus amongst functionaries (who have been dealing with these kind of blocks day-in-day-out for years), that will not be made available to all administrators means will not be made available to all administrators, not just to individuals on request. I can't see why I would need to make a "counter-proposal" to keep a policy as it has been for fifteen years, apparently without any problems. – Joe (talk) 20:22, 7 September 2022 (UTC)Reply[reply]

  You've already heard from several, both here and at WT:ACN. It's not exactly surprising that many functionaries, who are allowed to make these blocks under either interpretation, don't care about the distinction. Incidentally, your and several other functionaries' statements squarely at odd with multiple policies, including WP:OUTING (RoySmith, Thryduulf), the m:ANPDP (you, Thryduulf) and WP:UPE (Thryduulf), does not exactly bode well for the premise that functionaries (who need only finish in the top ~8 out of ~10/12 in an ACE to have that status for life) are somehow a more responsible body than their fellow administrators. Your attitude here reeks of superiority. You are not better than me or any of my ~1,000 non-funct admin peers just because 71% of voters 4 years ago thought that you should be on ArbCom. -- Tamzin^{[cetacean needed]} (she|they|xe) 20:35, 7 September 2022 (UTC)Reply[reply]

  Read the threads again Tamzin, it's pretty much just you. Nobody is saying they're superior to you, but knowledge of how policy operates comes from experience in applying it. The functionary team (who are not all former arbs, by the way) have a collective experience of handling nonpublic data stretching back decades. They are vetted by the community and the WMF at a higher standard than RfA, and work within an established system of documentation and oversight (inc. ArbCom, OmCom and WMF T&S). It's astounding to me that, less than six months after you got the bit, when the Arbitration Committee told you that you'd misunderstood a part of the blocking policy that they originated, and posted a formal statement clarifying what to do in similar situations in future, you decided it must be they and/or the policy that was wrong. – Joe (talk) 06:11, 8 September 2022 (UTC)Reply[reply]

• Comment The more I think about it, the less comfortable I am with this solution. I like it in principle, but I do think it needs a bit more consideration regarding the personal information. In Europe, we are governed by GDPR with regards to data protection, how long data can be kept, what purposes it can be kept for. Legally, the servers may be in the USA, if a user is accessing the data from Europe I'm not sure how that falls - and that's assuming the data is all held on the servers in the US. At present, the suggestion is that data is sent to the arbcom list, which is then immediately disseminated to Arbitrators mail boxes, which they have full control over. It's hard to argue the "US servers" point of view there, an arbitrator is clearly a data controller.
  Then there's the technical side of things. Based only on information that the user chooses to share - username they created, information they've given etc, you are investigating the individual online. That opens up a lot of risk - of mistakes, of joe jobs, of abuse. We shouldn't be encouraging this sort of behaviour, especially in our administrators.
  I still need to think more about it, so won't outright oppose, but I'm certainly uncomfortable. Worm^TT(talk) 09:01, 7 September 2022 (UTC)Reply[reply]
• Strong oppose per GoldenRing, Joe and SnowRise. This is not something administrators should be doing at all, if you are doing it you need to stop it now. Use the existing channels to report any off-wiki coordination you stumble across. Thryduulf (talk) 10:11, 7 September 2022 (UTC)Reply[reply]
• Strong oppose Run-on-the-mill admin blocks should be for stopping sustained atrociously poor editing that cannot be solved by attempts at communication, and should be held accountable by the community at large. This entire proposal throws out a basic principle of adminship, public accountability, out the window. In the proposal's scenarios with dishonest COI editors, I fail to see any benefits to blocking users just because of their IRL jobs, instead of concretely visible on-wiki activity like actually writing promotional articles, actually posting spam, vexatious restoration of deleted content, and the like. — Ceso femmuin mbolgaig mbung, mellohi! (投稿) 12:53, 7 September 2022 (UTC)Reply[reply]

  To be clear, in both UPE examples given, the editor had edited about their employer or someone affiliated therewith and then denied having any COI, a violation of enwiki policy and the Terms of Use. In one case there were blatant spam issues, and in the other there was meatpuppetry to keep a COI article at AfD. -- Tamzin^{[cetacean needed]} (she|they|xe) 17:03, 7 September 2022 (UTC)Reply[reply]

  If there are spam issues then there is ample on-wiki evidence for a block, you don't need anything else. If someone is engaging in sockpuppetry then give the evidence to checkusers who are explicitly empowered by the WMF to deal with that information. If they are engaged in meatpuppetry then there will be ample on-wiki evidence of this behaviour and they can be blocked without needing any non-public information. If they are edit warring to keep an article then block them for edit warring, again you don't need anything else. If you believe they are violating the terms of use then you need to make the WMF aware of that, as they are the only ones empowered to enforce that. Thryduulf (talk) 19:11, 7 September 2022 (UTC)Reply[reply]

  There are many situations where the existence of a COI tips the balance of AGF toward blocking. That was the case in both examples I gave. Admins are often fairly patient with users who might be, for instance, just an over-eager fan of a TV show; while someone known to work for the show's production company will get blocked. As to the final sentence of your comment, that is dramatically out of step with current policy. There have been 212 blocks so far this year mentioning the ToU in the block summary, exercising the authority given to admins under WP:UPE. -- Tamzin^{[cetacean needed]} (she|they|xe) 19:33, 7 September 2022 (UTC)Reply[reply]

  A list of 1228 such blocks, forked from the above-linked SQL query. ~ ToBeFree (talk) 04:57, 8 September 2022 (UTC)Reply[reply]

  The last sentence is incorrect. "The Wikimedia community and its members may also take action when so allowed by the community or Foundation policies applicable to the specific Project edition, including but not limited to warning, investigating, blocking, or banning users who violate those policies." ~ ToBeFree (talk) 19:36, 7 September 2022 (UTC)Reply[reply]

• In general, I think that we should only block people on the basis of on-wiki evidence. With few exceptions, whatever happens off-wiki should be irrelevant. The first exception that springs to mind if off-wiki harassment, but there are also other cases, such as UPE etc. However, those should remain just that: exceptions. After all, opposition research is strongly discouraged even when it is based on information that may be publicly available on-wiki (see WP:OUTING and Wikipedia:Harassment#How to deal with personal information). This policy change, in my opinion, normalises blocks based on off-wiki evidence too much, for my tastes, and risks encouraging opposition research. In addition, it runs counter to two fundamental principles of the project: transparency and the idea that all editors are equal regardless of their user rights. In fact, when an editor is blocked on the basis of off-wiki evidence that is only made available to administrators, we are preventing non-administrators from evaluating whether the block was appropriate, without a good reason. We should not forget that administrators are not really qualified to handle non-public information, since they have not signed the WMF confidentiality agreement and have not been vetted for those responsibilities. On the other hand functionaries and arbitrators have been vetted and have signed the confidentiality agreement and policy already recognises that they are qualified to make blocks based on non-public information. I don't think the policy should be changed, I don't find the change necessary or wise. If it seems complicated to have someone blocked on the basis of off-wiki evidence, in my opinion it's because that's how it should be. Salvio 13:34, 7 September 2022 (UTC)Reply[reply]

  @Salvio giuliano: I think it's a valid outcome of this RfC for the community to clarify that it is unacceptable for admins to make many blocks they already make: I know administrators other than Tamzin make those blocks frequently. If the community does so, I would like it to speak clearly – as I wrote above, Also, because there’s disagreement about what policy currently requires, I’d ask any folks who oppose this proposal to indicate what they think the current policy says. (Are blocks based on info with an “email me for the evidence” note permissible? Does that count as information that will [] be made available to all administrators?) If the community says "no", we ought to update BLOCKEVIDENCE to say so. Best, KevinL (aka L235 · t · c) 15:49, 7 September 2022 (UTC)Reply[reply]

  @L235: Are blocks based on info with an “email me for the evidence” note permissible? Does that count as information that will [] be made available to all administrators?) in my opinion no, those blocks are not permissible unless the admin in question can guarantee that they will always be available to promptly respond to requests for that information for the next 5-10 years (possibly longer) in the event of an appeal or other legitimate reason for needing the information and never give it out in other situations. If the information cannot be shared on-wiki then it must be shared, at approximately the same time as the block, with the arbitration committee. Thryduulf (talk) 16:41, 7 September 2022 (UTC)Reply[reply]

  If the information cannot be shared on-wiki then it must be shared, at approximately the same time as the block, with the arbitration committee.
  This is pretty much what the proposal says, though, right? I'm not trying to be obtuse – I just am not quite getting it. Best, KevinL (aka L235 · t · c) 16:55, 7 September 2022 (UTC)Reply[reply]

  @L235 I was answering your question in the quote about whether admin's saying "email me for the evidence" is acceptable. And to reiterate, it absolutely is not. The proposal mitigates that aspect, but that's one part of my opposition. Thryduulf (talk) 19:05, 7 September 2022 (UTC)Reply[reply]

  I agree that it can be useful for the community to reiterate its position, so that everyone is aware of what is and is not proper. However, I've got to say that, the way I interpret policy, blocks with an "e-mail me" note are already inappropriate. The relevant clause of WP:BLOCKEVIDENCE may be argued to be less than clear, but, if we consider the body of relevant policies and their spirit, it's clear to me that admins are supposed to be blocking only when the information the block is based on is available to all administrators, such as when a block is based on deleted edits. When it's not, it's not appropriate for an administrator to impose a block, unless it's one of those "appealable only to ArbCom" blocks (or is based on CU or OS data). Salvio 19:18, 7 September 2022 (UTC)Reply[reply]

  I don't know if it's been mentioned, but the sentence in question initially read [...] based on information that cannot be made public, so the original intent was quite clear and, in the fifteen years since, it doesn't look like anyone else has found the reworded version confusing enough to bring it up. – Joe (talk) 20:12, 7 September 2022 (UTC)Reply[reply]

• Wrong question. Before we figure out how to handle the record keeping for non-CU blocks involving off-wiki evidence, we should figure out if we even want that to be happening at all. If we're going to officially condone people poking around in LinkedIn, UpWork, etc, looking for evidence for blocks, then we need a wholesale rewrite of WP:OUTING. I know it goes on, so I guess it's good that this RfC got started because it brings the practice out in the open for discussion. Only after we figure out if we want admins (or anybody) doing that, then it's time to figure out how we want to handle the record keeping. -- RoySmith (talk) 13:41, 7 September 2022 (UTC)Reply[reply]

  Prodded by Tamzin's comment elsewhere in this thread, I've put in some quality time re-reading WP:OUTING and the documents it references. I'll walk back my "wholesale rewrite of WP:OUTING" partly as an overstatement, but more because it's a non-sequitur. The key point I was trying to make above is that there's two quite distinct issues here:

  • Does the community want admins doing these kinds of off-wiki investigations?
  • If the answer is yes, then what documentation process do we want to build around that?

  It seems to me that this RfC presupposes that the answer to the first question is "yes". Based on what I'm seeing here, I'm unconvinced that's correct. Until we're sure we know the answer to the first question, considering the second one just confuses things. -- RoySmith (talk) 15:12, 8 September 2022 (UTC)Reply[reply]

• I am a bit surprised to see so many editors suggest that combatting professional, some of it very sophisticated, attempts to manipulate our content through paid editing is not a top flight concern. Our social policies are not a suicide pact and OUTING is a social policy. It is designed to protect good faith and bad faith editors alike. But that doesn't mean we should say to those administrators who wish to stop bad faith editors "oh sorry, you're not fit to do so until you get Checkuser and/or Oversight". L235 makes a crucial point that in actual practice these efforts seem to be accepted. What we are talking about here are efforts to ensure our readers are met with content that matches core policies and pillars like "Wikipedia is written from a neutral point of view". I'm a bit ambivalent on this proposal on the whole - hence why I'm not supporting - but I actually expected to be here with some of my concerns (some of which are capture above) rather than with what I see as the merits of this proposal. Best, Barkeep49 (talk) 14:39, 7 September 2022 (UTC)Reply[reply]

  I'm surprised, disappointed (and frankly a little horrified) to find that so many editors are supporting the principal (and even practice!) of permitting random editors to undertake privacy-violating research into other editors based only on a suspicion that they may, or may not, have done something that may, or may not, have broken a policy an editor may, or may not, know about. What matters is that our articles are neutral, whether something is or is not neutral is not something that is determined by whether an editor received money for an edit, it is based solely on the words on the wikipage and the coverage of the topic in (reliable) sources. Even aside from that, not a single one of us has the right to authorise any other of us to invade the privacy of another human being just because we don't like something they might have done on a website. Thryduulf (talk) 16:53, 7 September 2022 (UTC)Reply[reply]

  @Thryduulf I'm not suggesting we allow random editors. I am suggesting that it is current practice to allow administrators to make such blocks. But I certainly can understand why that's not a trade-off you'd be willing to make, even if it is currently common in the community. Some feelings along those lines are a minor reason why I'm here as a commentator rather than !voter. Best, Barkeep49 (talk) 17:35, 7 September 2022 (UTC)Reply[reply]

  I think this line of argument is a bit of a red herring. The question here is not whether we fight spam coordinated off-wiki—of course we should, and we do—but whether enforcement should be open to all admins or restricted to functionaries. I've been fairly deeply involved in the UPE area since before I became an admin and I don't think the former is a common practice or ever has been, so I'm rather surprised to see more than one arb now say that it is. If you guys are aware of admins making blocks that are against current policy, shouldn't you, you know... stop them? – Joe (talk) 17:55, 7 September 2022 (UTC)Reply[reply]

  Exactly what Joe says. If you haven't signed the foundation's agreement related to non-public information then you have absolutely no business dealing with non-public information (and that's the minium requirement imo). If anybody is currently doing that, and you know about it, then (1) why have you not stopped them? and (2) please make sure WMF legal is aware of it so they can take any appropriate action to mitigate the consequences. Thryduulf (talk) 19:01, 7 September 2022 (UTC)Reply[reply]

  The term "non-public information", when used in the context of WMF policy, refers to non-public information held by the Wikimedia Foundation, such as IP addresses. The m:ANPDP does not in any way regulate how community members interact with non-public information that they did not get from the WMF. Similarly, Legal has explicitly said that the m:Privacy policy does not apply to information gleaned from non-WMF sources. -- Tamzin^{[cetacean needed]} (she|they|xe) 19:12, 7 September 2022 (UTC)Reply[reply]

  @Barkeep49: TBH my first thought on seeing this RFC was to file a request for arbitration, requesting that User:Tamzin be desysopped for cause as blocking based on similarity of names between an on-wiki account and a Google search result seems so blatantly wrong. I don't think, given my recent history, that I'm the person to do it but I'm still not sure it would be the wrong move. So I'm rather stunned to see a current arb here treating it as business as usual. WP:OUTING is crystal clear that posting personal information on-wiki unless that user themselves has revealed the information on-wiki - regardless of how really available the information might be offhwiki - is harassment which always merits a block; posting on-wiki "I have this guy's personal information, just email me and I'll provide it" might arguably avoid technically violating that policy but IMO it is a clear attempt at an end-run around it. GoldenRing (talk) 21:22, 7 September 2022 (UTC)Reply[reply]

  @GoldenRing:. So, User:JohnUncommonsurname creates Acme Corp. It's a G11, but not on its own a G11-and-block. I delete it and ask JohnUncommonsurname if he has any connection to Acme Corp., telling him that he's required to answer honestly. He says no. I then Google "John Uncommonsurname." The top result is a LinkedIn profile for the director of marketing at Acme Corp. Your position is that it is "blatantly wrong" for anyone—not just me, but even a functionary—to block based on that? The chance of coincidence in such a situation is considerably lower than the chance of coincidence we see as acceptable in sockblocks, for context. -- Tamzin^{[cetacean needed]} (she|they|xe) 21:32, 7 September 2022 (UTC)Reply[reply]

  Tamzin, while I agree with you that this might be the best thing to do to protect the encyclopedia from bad people, the community has traditionally, AFAIK, frowned on such things, even if communications remained off-wiki. Checkusers, oversight and arbitrators probably have community mandate to do this, but there are 400+ admins and so far, I don't believe this kind of off-wiki investigation used for blocking was explicitly allowed, and it only takes place by WP:IAR. Obviously, you haven't shared this information on-wiki, so it isn't by-the-letter WP:OUTING, but the community has tended to frown on it, and I think it's a fair point that while we like and trust Tamzin, we might not like and trust every administrator. Also, what about unreliable information from a fake social media profile, then getting someone blocked that they deny connection to? If we open the door to Linkedin searches, can I get blocked for an unpaid parking ticket? Joking aside, I supported changing the policy, above, but I also can see why the position is defensible not to permit such things. Andre🚐 21:42, 7 September 2022 (UTC)Reply[reply]

  @Tamzin: I did not say so. As others have repeatedly pointed out to you here, functionaries are in a different position to admins because they have the option to make blocks where evidence is only available to other functionaries and all functionaries must establish their real-world identities with the WMF and sign the non-disclosure agreement. You, as a non-functionary admin, are not in that position and so your only options in this situation are to make the evidence available to all admins (and I question whether a note in the block log meets this requirement anyway - I've been desysopped after disappearing for two and a half years so God help anyone I blocked on non-public evidence who wanted to appeal in that time - but that's beside the point here) or to mark the block appealable only to arbcom and immediately forward the evidence to them. I still don't get how you think what you've done is okay. GoldenRing (talk) 22:00, 7 September 2022 (UTC)Reply[reply]

  @GoldenRing: "all functionaries must establish their real-world identities with the WMF" — this hasn't been the case for a long time (way back when I first got access to OTRS I had to send in a scan of my passport, but that was years ago...), "and sign the non-disclosure agreement" — this is the access to nonpublic personal data policy (the same thing the VRT folx sign), a topic which I muse on below — TheresNoTime (talk • she/her) 22:12, 7 September 2022 (UTC)Reply[reply]

  No, you aren't the best person to be doing so, and it would be the wrong move regardless. Black Kite (talk) 21:35, 7 September 2022 (UTC)Reply[reply]

  @GoldenRing first what I can/have to say as an editor and what I can/have to say as an arb are not the same. So playing the "stunned to see a current arb" card in a non-arb context is not my favorite and contributes to me feeling unable to be a part of the community in ways that are unpleasant for me - such as being able to participate in an RfC about policy that I care deeply about.

  But putting on my arb hat, the background here, which you may or may not be aware of, is Tamzin following the blocking policy, leveled an "appeal only to arbcom" block, and reported the evidence to ArbCom as the policy dictated. I had long been aware of the discrepancy Moneytree notes below between Admin and Blocking policies and that block spurred ArbCom to audit "appeal only to arbcom" blocks. Based on that audit, after consulting with functionaries, we updated previous guidance - written before there were OS blocks and before the Foundation had taken over child protection, in other words in a time where a lot of more "private evidence" blocks made sense that had lead to that appeal only to arbcom language being added to the blocking policy. That updated guidance spurred discussion between Tamzin and myself but mainly between Tamzin and L235 who ended up here. As an Arb I stand by everything in that updated guidance and reflects my current approach to any case requests we might get about the topic.

  But yes I also am respectful of the fact that the blocks so many find troubling are very common and have never resulted in a case request or other substantial issue raising suggesting, because policy is practice, and that regardless of my preference the community seems to have been OK with it despite what ADMIN said. Bottomline: I would love to get rid of the idea of those blocks and I would love for the discrepancy in what is allowed between the BLOCKing and ADMIN policies to be reconciled. Best, Barkeep49 (talk) 23:22, 7 September 2022 (UTC)Reply[reply]

  @Barkeep49: I'm sorry to put you in that position but I think it's unavoidable. We are talking here about what is apparently a widespread breach of very longstanding policy by a large group of admins (at least, one admin says it's widespread and a large group of admins) and it is your job as an arbitrator to reign that in. You are the only recourse the community has to stop administrators doing this. You issued guidance which you've linked above which explicitly says this is wrong. I don't see how you can realistically discuss this while pretending you're not an arbitrator; if arbcom is not willing to enforce policy against administrators here then where does that leave us? Why is the approach being taken here to propose a change to policy that would retrospectively make this policy breach okay rather than enforcing policy as written and your own guidance on that policy? I'm not usually one of the ones to moan about arbcom but I just don't get the approach here. GoldenRing (talk) 09:07, 8 September 2022 (UTC)Reply[reply]

  I think we have very different conceptions of what an arb can do. My belief is that the community has intentionally put a check on ArbCom's powers by making it a reactive rather than proactive body. So if I see something that is, in my view, a policy violation I can either file a case request, the same as any other editor, or I can hold that opinion and wait until the community decides to raise it with us. And yet in this very specific situation ArbCom did exactly what you wished for here and tried to get the community aligned on policy. We issued a statement about how private information should be handled which was directly based on 2 previous statements arbcom had done (in other words there was clear precedent). And what feedback did we receive? significantly exceeded its authority, an overreach of authority, and an unexpected, significant change to give examples of quotes from three different editors. There were also a couple supportive comments as well. But that statement is my current view, as an arb, about what is allowed under policy today. This, however, is a discussion of what policy should be. And so I feel entitled as a member of this community to comment the same as anyone else. And, as I keep having to point out, not even comment that I think it should pass which is why I haven't voted in favor of it. I'm not opposing it because I would love to get rid of the idea of those blocks and I would love for the discrepancy in what is allowed between the BLOCKing and ADMIN policies to be reconciled. and at minimum this does that even if it's not in my preferred way. But again that's me as an editor. If you want to know what I think as an arb about policy today, I already did what you asked, to criticism. Critism I'm willing to handle because that's what I volunteered for. I didn't volunteer to be told I no longer get to have opinions on how to improve our community. Best, Barkeep49 (talk) 13:39, 8 September 2022 (UTC)Reply[reply]

  @Barkeep49: Okay, I think I've been reading more into your comments than was there and I'm sorry for it. I'm afraid arbs could put their socks on in the morning and some would consider it an overreach of authority; I think that statement hits exactly the right note, FWIW. GoldenRing (talk) 16:34, 8 September 2022 (UTC)Reply[reply]

• Support and question why anything easily google-able is being considered private information for purposes of OUTING. If any editor can enter the article subject, connected parties or editors handle into a search engine and find the connection, it's not private. UPE is only getting worse and we need every tool available to shut them down quickly. Slywriter (talk) 14:49, 7 September 2022 (UTC)Reply[reply]

  Because OUTING is rightly very clear that only information an editor has voluntarily shared or linked to on-wiki is considered public. Every editor, even those suspected of undisclosed paid editing, is entitled to their privacy and we absolutely must not erode that. Thryduulf (talk) 16:45, 7 September 2022 (UTC)Reply[reply]

  The "voluntarily shared" part is the key here. Most people edit under a pseudonym. That's a public declaration that they have an on-wiki identify and an off-wiki identify and they desire the two to be kept separate. The fact that we may be able to pierce that veil with little trouble doesn't make it right to do so.

  In the real world, I have a cheap padlock on my garage door. Nobody intent on theft would need more than a moment to pop it open with tools available at any hardware store. The real purpose it serves is an unmistakable declaration that "The things behind this door belong to me and you're not allowed to enter without my permission". If somebody cut the lock and stole my bicycle, they wouldn't get very far in their criminal defense with, "It was a crappy lock; it hardly took any effort at all to get past it". -- RoySmith (talk) 19:40, 8 September 2022 (UTC)Reply[reply]

  Slywriter, to answer your question of why "easily google-able" things are considered private information for purposes of OUTING policy: We don't want routine wiki squabbles bleeding over into off-wiki harassment, because we don't want people's off-wiki lives being used as cannon fodder on wiki in routine squabbles, because editors in some parts of the world could be in danger of arrest or death for their on wiki work, and because we tend to highly value privacy as a general principal. So when some sanction or other official action involved off-wiki info, we require it to be handled in a confidential manner. The question here, as I understand it, is basically whether admins are permitted to act on the info or whether they need to pass it to a checkuser/oversighter/arb for possible action. Alsee (talk) 19:19, 8 September 2022 (UTC)Reply[reply]

  The point of "public" in Wikipedia is what is on Wikipedia, not the one on Google. Yes, what is on Google is public, but the Internet is limitless. While you think that it is okay for an admin to look up your username, is it okay to look up your email? Is it okay for an admin to look up Reddit and try to find similar username, and see what kind of subreddit you had subscribed? Is it okay for an admin to look at hacked databases (available in online as well!) to try to find a connection? The potential for overreach is endless. I don't want admins running amok doing fishing expeditions just to catch some paid editors. ✠ SunDawn ✠ (contact) 12:30, 16 September 2022 (UTC)Reply[reply]

• I'm a bit confused by the proposal and several support and oppose votes above; there seems to be a pretty fractured understanding of outing vs. pursuing UPE cases vs. disruptive offwiki behavior vs. public and non-public information vs. NDAs vs. etc. above. My main question, though, is the text at Wikipedia:Administrators#Special_situations that appears to approve these sort of blocks and contradicts BLOCKEVIDENCE per my reasoning here going to be changed as a result of this? Or will this just create more policy headaches? Or does this proposal and the text and ADMIN actually align in some way I'm not noticing? Moneytrees🏝️(Talk) 14:57, 7 September 2022 (UTC)Reply[reply]

  @Moneytrees: In answer to your ACN talk message, when I voted for the statement, I did so because the text at Wikipedia:Administrators#Special_situations appeared to be derived from ArbCom's prior statement, not as an independent expression of community policy/consensus. I therefore understood it to be within ArbCom's authority to change it. If this proposal passes, ADMIN will be harmonized to be consistent with it. Best, KevinL (aka L235 · t · c) 15:59, 7 September 2022 (UTC)Reply[reply]

  My thining behind the scenes is that I don't think ArbCom can directly change ADMIN policy. But it absolutely could update its statement and the community could decide how/if to incorporate that into ADMIN. And that's what happened in this situation and now here - this RfC is a reaction to that statement. Best, Barkeep49 (talk) 18:11, 7 September 2022 (UTC)Reply[reply]

• Oppose. Jayron32 nicely summed up my thoughts. Functionaries are supposed to handle nonpublic information, not admins. Strong oppose until legal is consulted: I agree with the above that this needs to be run through legal before we make this change. Better safe than sorry. Not sure where I land on the merits of the proposal. If/when legal gives the okay, I will strike my oppose. HouseBlaster^talk 16:33, 7 September 2022 (UTC) struck and replaced 01:19, 10 September 2022 (UTC)Reply[reply]

  See above ("WP:Wikimedia Foundation statement on paid editing and outing exists") ~ ToBeFree (talk) 18:26, 7 September 2022 (UTC)Reply[reply]

• I have the same feeling I get whenever there's a major proposal or change (on Wikipedia or in the rest of the world) involving a significant trade-off of privacy for security. There would be a lot of harm that could be prevented if we could connect an abusive user to their off-wiki identities, but there's also harm in removing those protections. Basically nothing to hide argument. I'd tend to oppose based on the reasons articulated in that article. — Rhododendrites ^talk \\ 17:27, 7 September 2022 (UTC)Reply[reply]
• Oppose for several reasons. First, I am also leary to advise any editor, including admins, to act as real-life investigators to try to dig up information about the real-life identity of Wikipedia users. The kind of un-intended consequences and knock-on effects of such advics is frankly scary; and where policies come into conflict (and policies always will) I tend to grant supremacy to WP:OUTING and privacy concerns over any other policy. On-wiki behavior should be (in most cases) all we should be basing our blocking decisions on; if off-wiki evidence is necessary, it should be turned over to Arbcom or T&S or someone else with advanced positions of trust. There is no way I expect the hundreds of admins to deal with such concerns adequately. I know that WP:UPE exists; but such concerns do not trump privacy concerns, which we should hold as sacrosanct. I am also against the deputizing of other admins to "handle" private information. Some functionaries are vetted and have approval to handle such information. Admins are not and I am not comfortable with that. If a private information must be used as evidence, pass it on to Arbcom or T&S and let them handle it. --Jayron32 17:34, 7 September 2022 (UTC)Reply[reply]
• Oppose on legal grounds, and this seems to be a massive overreach of Wikipedia's powers. Doesn't seem right to allow Wikipedia to pry into the personal life of users and use that information to interact with the user in any way.--Ortizesp (talk) 18:20, 7 September 2022 (UTC)Reply[reply]

  This doesn't change anything legally or otherwise wrt private evidence being used to block anyone or sanction them - it's just about who is privy to it. And until the foundation itself takes charge of their own legal terms and prohibitions (particularly UPE), that's how it will remain. PICKLEDICAE🥒 19:28, 7 September 2022 (UTC)Reply[reply]

  I'm sorry but that is just factually incorrect: under current rules no admins (who have not also been vetted for particular functionary roles reserved for this exact purpose, and signed agreements on the handling of such private information) are meant to be issuing blocks on the basis of off-project information. They are meant to exclusively forward that information to the Trust and Safety team, to ArbCom, or to the VTRS queue, not take direct action on it. That is precisely the reason Tamzin forwarded the proposal: because they think admins should have that ability. As is expressly stated in the prompt.. And yes, that system is very much entangled with the legal implications of the handling of such of information, as expressed by WMF legal and tghe Trust and Safety team, ArbCom, and other bodies with heightened authority, tools, and concerns in this area. So, without meaning offense, your statement is just plain wrong: this would be a radical departure from the existing community consensus, the existing framework for handling such information and legal considerations and interests for parties on all sides. SnowRise ^{let's rap} 20:42, 7 September 2022 (UTC)Reply[reply]

  re-read what I said. Nothing has changed legally or otherwise. PICKLEDICAE🥒 20:57, 7 September 2022 (UTC)Reply[reply]

  Well I guess its possible we are in fact talking past eachother here. But if you're saying that the proposal wouldn't change anything "legal or otherwise", that is quite clearly and massively incorrect. And if that's not what you mean, I'm not sure what you were trying to say in your response to the Ortizesp that would have been accurate. SnowRise ^{let's rap} 21:16, 7 September 2022 (UTC)Reply[reply]

  No; there is a disagreement about what "information that will not be made available to all administrators" means, and this is a proposal to clarify it in one specific direction. As a minimum result of this discussion, the wording should be changed to match the actual consensus in a less ambiguous way. Interestingly, even those opposed to the proposal could perhaps agree on the proposed term "information to which not all administrators have access", which is much clearer. ~ ToBeFree (talk) 20:58, 7 September 2022 (UTC)Reply[reply]

  I do tend to agree that any clarity resulting from the discussion can be viewed as good cause for having it. That said: a) this discussion is clearly about more than just how the information would be shared, as it also proposes to allow admins to make blocks in circumstances they are currently proscribed from, and would either tacitly or expressly allow them more latitude in tracking down editor identities off project in a manner they (like all other community members) are presently not meant to be doing; and b) even putting all of that aside, the system of logging such personal information as proposed would itself be a change of truly staggering policy and legal implications for the project and the WMF. SnowRise ^{let's rap} 21:16, 7 September 2022 (UTC)Reply[reply]

  "in circumstances they are currently proscribed from", according to your interpretation of the current wording. Not according to others'. This is because some interpret "information that will not be made available to all administrators" as meaning "information that will not be made available to any requesting administrator via e-mail request". You don't, some do. ~ ToBeFree (talk) 21:33, 7 September 2022 (UTC)rReply[reply]

  I don't think there is much ambiguity at all, when we consider that the other hald of that sentence, which follows the highly selectively-quoted clause that keeps getting foessed around here says "that information should be sent to the Arbitration Committee or a checkuser or oversighter for action. These editors are qualified to handle non-public evidence, and they operate under strict controls. The community has rejected the idea of individual administrators acting on evidence that cannot be peer-reviewed." That pretty much says it all: blocks based on non-public evidence are specifically and expressly meant to be handled by particular functionaries operating under a higher standard of controls and safety protocols, and this system exists expressly to foreground the privacy and security of our volunteers. I just simply do not see the flex in that wording you suggest is there.

  The WP:OUTING policy also converges on this wording, and there is absolutely no question what ArbCom thinks on the matter. But even if we were to confine ourselves to looking at the exact wording of that one sentence in WP:BLOCKEVIDENCE in isolation, I don't see how any reasonable reading could hold that the major concern is that there was until now not a system for logging that information, since clearly that has always been a trivial technical hurdle. The overwhelming concern meant to be voiced by that language (which becomes clear when you quote the entire sentence and not just five fragmentary words from it), is for the protection of the privacy and safety of our volunteers. It's so obvious in how it is framed when read in full that I don't think anyone can really reasonably take another meaning unless they went looking for it from the outset.

  Which is clearly also what is going on with the supposed "open to interpretation" argument of the ArbCom ruling, since, if the OP really wanted to get to the bottom of that question, a simple request to the committee would have sufficed. It's pretty clear the answer is taken for obvious, hence the strategy here of instead trying to drum up community opposition to ArbCom's read on the issue, which (yes, in my opinion here) is much more consistent with policy, existing community consensus, and common sense, since the knock-on effects of the altenartive proposed here would be nothing short of vitiating of our current privacy standards. SnowRise ^{let's rap} 22:30, 7 September 2022 (UTC)Reply[reply]

  Hi @Snow Rise. I am a co-proposer of this RfC and am also on ArbCom and voted for the statement you're quoting from. Speaking personally, I think policy as written does not currently allow these blocks, but I absolutely think the community has come to accept them – it is the prevailing practice. I think you overstate it when you say that It's so obvious and one can't reasonably take another meaning. You may not agree with the interpretation, as I don't, but it's certainly not unreasonable. Best, KevinL (aka L235 · t · c) 22:35, 7 September 2022 (UTC)Reply[reply]

  @L235 I agree that there's been no objection (well, previous to this discussion), but I'm not sure that's the same as acceptance. It may simply be that most people are unaware that these kinds of off-wiki investigations are going on. -- RoySmith (talk) 23:39, 7 September 2022 (UTC)Reply[reply]

  Fair enough--I don't want to seem to be begging the question here. And insofar as the proposal was co-drafted in the fashion it was, it supports a "reasonable minds may differ" take on this. But I do think the argument in advance of the proposition in support of such acitivity does lean awfully heavily on selective quoting (and to some extent perhaps even willfully missing the forest for the trees), in order to validate a behavior/self-assumed authority that is already being engaged in. Obviously any admin already undetaking such blocks and wanting to persist in that habit has a vested interest in a certain interpretation here, whatever policy actually says.

  And even making all possible caveats for good faith differences of opinion, I still feel it is pretty clear from both the express wording of the relevant policies (and the long course of community discussion surrounding them) that the primary concern voiced in BLOCKEVIDENCE is the protection of volunteer privacy and safety. The lack of an existing system to store personal information in order to facilitate blocks by admins in cases of off-project evidence is not just some highly improbable failure of the community to realize that a log could be created for this purpose: the current system exists (and eschews the collection of personal information in this way) expressly and specifically to avoid having the typical admin (or more precisely, anyone who does not operate under the heightened protection and accountability scheme for dealing with private information) behaving in such a fashion--with regard to both the block and the personally-impelled investigations.

  And I don't think I'm the only non-mop veteran community member here who is rather shocked to learn how presumptuos certain admins have become with regard to this kind of thing. If they have in fact been engaging in this activity, I feel not the least bit conflicted in saying it is not because the community has ever greenlit such activity or in any way has voiced support for such a role as part and parcel of the administrative tools. Quite the contrary: this is a major overeeach in defiance of longstanding community principles, and I feel it needs to be made to stop with regard to any admin who thinks it is within their purview. But then, I assume that is precisely the reason you co-endorsed the RfC itself and that I am preaching to the choir on this. SnowRise ^{let's rap} 00:26, 8 September 2022 (UTC)Reply[reply]

  I'm a mop-holder and I'm shocked to learn that these sorts of blocks are being made. My understanding is that they are not allowed - the fact that we've site banned folks in the past for doing opposition research or doxxing kinda made me understand that doing that was not allowed, so I never would have considered that an admin would be doing blocks based on behavior that we've site banned folks for. I'm .. rather shocked at the people saying that it's common - and that there aren't ArbCom cases happening because of these blocks. Ealdgyth (talk) 13:05, 8 September 2022 (UTC)Reply[reply]

• Comment: There's a lot of mentions here of VRT (in regards to "admins shouldn't deal with personal data, but VRT can") — it may be worth noting that the barrier for entry to VRT is much much much lower than our RfA standards. I'm fairly sure any en.wiki admin making a request for VRT access would likely be granted it, which seems to suggest the issues being raised here are more due to the fact that admins have not signed something like the VRTS Users Confidentiality Agreement - Nonpublic Information (which, I believe, anyone can just go and sign?) and less a question of trust/over-reach. Would those opposing this change their mind if we asked admins who wished to do these sorts of blocks to sign such a document? — TheresNoTime (talk • she/her) 21:53, 7 September 2022 (UTC)Reply[reply]

  @TheresNoTime: There are VRT queues only accessible to functionaries (e.g. paid-en-wp@wikimedia.org and checkuser-en-wpwikipedia.org), which is where nonpublic evidence of misconduct is currently supposed to be sent. If I understand the proposal correctly, the new queue for off-wiki block evidence would be similarly restricted. Regular VRT users do sign the same agreements that functionaries do, but it's not the agreement alone that makes someone 'trusted' to handle nonpublic data. It's the prior vetting, peer review, oversight from ArbCom/OmCom/T&S, etc. – Joe (talk) 06:18, 8 September 2022 (UTC)Reply[reply]

  Everyone using the VRT system handles nonpublic data. You can't really run an e-mail-based system without trusting people to handle the nonpublic e-mail addresses that the messages come from. WhatamIdoing (talk) 19:53, 12 September 2022 (UTC)Reply[reply]

• Oppose per SnowRise, GoldenRing, and JoeRoe. I do not want admins to go playing Private Investigator and am vehemently opposed to the idea that we start keeping data on the folks doxxed in this manner (because, frankly, that's what's happening - the editors are being investigated and then their information is being shared with others ... doxxing.) I am trying to AGF that those supporting this don't really support holding secret files of evidence on editors that get shared around but... Ealdgyth (talk) 22:46, 7 September 2022 (UTC)Reply[reply]
• Oppose Having witnessed off-site material be used to improperly block users under alternative pretenses, this will only embolden admins with good intentions to make unfortunate mistakes. That said, I appreciate the general concept of this proposal. ~ Pbritti (talk) 23:56, 7 September 2022 (UTC)Reply[reply]
• Oppose per the above arugments. This would be a slippery slope towards invasions of privacy and administrator overreach. ~Darth Stabro^{Talk/Contribs} 00:38, 8 September 2022 (UTC)Reply[reply]
• Oppose per SnowRise et al. Like others, I had no idea this was going on, and would have objected if I had known. I'm less concerned about people Googling people than I am about admins blocking editors unilaterally based on off-wiki evidence (whether it's public or private off-wiki evidence). If the evidence, for whatever reason, can't be posted on-wiki, then it needs to be sent to paid@ or arbcom@ or whomever, for further action. Recently I sent a report to paid@ and arbcom@ with what I thought was slam-dunk off-wiki evidence. A CU checked it, and after a discussion with the editor in question, determined that there were in fact no policy violations. Shortly thereafter, an arb granted the editor autopatrolled. Clearly, I was wrong, and there was more information than whatever evidence I had. If I had been an admin and had blocked that editor, it would have been a seriously harmful mistake, possibly driving off a good-faith editor, even if it was later overturned. We are all capable of making mistakes; sharing evidence on-wiki, or sharing it via email if it's off-wiki evidence, ensures that there are checks and balances, that it's not just one individual acting unilaterally. Levivich^😃 01:15, 8 September 2022 (UTC)Reply[reply]
• Oppose, encouraging admins to essentially stalk people off-wiki is not the way to go about things. Such behaviour is a total violation of privacy, and to my mind has the potential to be very creepy. Take an admin stalking an editors' social media for example, under this proposal this hypothetical admin would be able to explain away their behaviour if accused by stating they were merely "looking for evidence" on whether they should perform a block, and indeed this adminwould be able to doxx the editor by storing their personal information in this proposed archive without any method for this doxxing to be undone, since it would have to be maintained indefinitely so the admin could hoof it around to any other admin who wants it in order to explain their block. There is already a way to block editors for off-wiki behaviour, and I have yet to see any evidence that it is not working, only that it's not working as fast as some people would like. Devonian Wombat (talk) 01:27, 8 September 2022 (UTC)Reply[reply]

  This - there is a way to block people for this behavior already. If it ain't broke... ~Darth Stabro^{Talk/Contribs} 03:31, 8 September 2022 (UTC)Reply[reply]

  The status quo is in fact that non-CU admins make those blocks. Prohibiting those blocks may well make it broke. Best, KevinL (aka L235 · t · c) 02:07, 9 September 2022 (UTC)Reply[reply]

• Strong Oppose, mainly for reasons that SnowRise mentioned, as well as legal issues Re GDPR that WMF Legal should probably look into. While this does not go against the letter of WP:DOX "Posting another editor's personal information is harassment, unless that person has voluntarily posted their own information, or links to such information, on Wikipedia." - certainly measures against it ae re being discussed, but it seems like a slippery slope. Maximilian775 (talk) 02:31, 8 September 2022 (UTC)Reply[reply]
• Oppose. Ordinary admins with negative off-wiki evidence about an editor should pass it up the tree. They shouldn't act on it themselves. The proposal that any other admin has the right of access to the information is especially preposterous. If this isn't already clear in policy then it should be made clear. Zero^talk 03:44, 8 September 2022 (UTC)Reply[reply]
• Oppose per Snow Rise et al. I think this is something most rank-and-file editors would not be comfortable with. LEPRICAVARK (talk) 04:23, 8 September 2022 (UTC)Reply[reply]
• Oppose in parts, support in parts. When once upon a time we elected our functionaries, and the level of support required to gain either CU or OS was far above what it would take to pass RFA, then sure I could see a substantive difference in the level of trust granted to admins by the community and the level of trust granted to functionaries. I suppose I still kinda see that for the functionaries that are that due to their ACE elections, but Tamzin is right that all that really means is that you finished in the top 8 out of 12 people running or so, so I dont even really get the distinction between an arb elected in 2012 and an admin elected in 2021 in terms of level of trust the community has given them. If the functional difference is having agreed to the privacy policy, well as far as I can tell the the Access to nonpublic personal data Policy is about CU data and material that has been oversighted, but also you can just have people sign that agreement as TNT noted above. I dont like the idea that any admin can request that information from an admin who made a block based on off-wiki evidence, but I dont especially have a problem with the scenario outlined above in which say for example somebody's upwork profile provides DUCK level proof of UPE violations and making a block. But the evidence should be sent to whichever group of admins an appeal of such a block would be directed, OS, CU, ArbCom, whatever. It does not need to be spread as widely as "any active admin". So I oppose the sentence on the evidence should be provided to any uninvolved admin, and instead would favor any block issued on the basis of off-site evidence have its evidence forwarded to an appropriate team with advanced permissions so that they may review it, either as the result of an appeal or just as peer-review. And like CU or OS blocks, if there is evidence of an admin going rogue with their blocks, then AC may desysop that admin or restrict them from making such blocks by motion, like they would strip CU or OS from a functionary that was misusing it. nableezy - 16:25, 8 September 2022 (UTC)Reply[reply]
• That's treading into dangerous territory if you hide evidence. I'd prefer to have this go to an ArbCom type forum, so the evidence can be reviewed and noted; a closed courtroom where the evidence is discussed but only given to those who need to make the decision, preferably the ArbCom people would be otherwise uninvolved in the block decision. We have to keep this as neutral as possible.Oaktree b (talk) 01:36, 9 September 2022 (UTC)Reply[reply]
• Oppose. I'm in a weird headspace where I am not convinced the process proposed by the RfC is necesssary, but I am also unconvinced it is necessary for the community to clarify that it is unacceptable for admins to make many blocks they already make (quoting L235 above). My interpretation of WP:BLOCKEVIDENCE as currently written is as follows. Administrators may only justify blocks using on-wiki evidence that any administrator has the technical ability to see (including deleted revisions, private edit filter logs, etc.). If a block cannot be justified using on-wiki evidence alone, then that block would be impermissible unless the user is a checkuser, oversighter, or arbitrator acting within the bounds of their respective roles and responsibilities. The community has never allowed non-functionary administrators to block editors based primarily on off-wiki/private information.
  The key word, however, is primarily. The RfC essentially makes the claim that this policy is too restrictive and that it would require many "routine" spam and sockpuppetry blocks to go to ArbCom or the CU team. That's where I disagree. It's not uncommon to find cases where there is additional off-wiki evidence that the blocking administrator might be aware of (and could be helpful additional information that could be provided on request to administrators reviewing a block), but in the wide majority of these cases, the block could nonetheless be justified just with the on-wiki evidence. Consider one of Tamzin's examples above in which A user recreated an article on a non-notable person, which had been deleted several times in the past. Repeatedly attempting to create an article about an obscure non-notable topic inherently suggests some kind of connection to past socks that tried the same thing; while I'm not familiar with the exact context here, I strongly suspect the block would have been justifiable based on the on-wiki evidence alone (sure, the justification wouldn't have been as strong, but there would have at least been a plausible argument nonetheless). That's the key here. Contacting a checkuser, an oversighter, or an arbitrator would only be necessary if an editor needs to be blocked based on private evidence and a block cannot be justified without that private evidence.
  The one pesky policy section that is admittedly confusing is WP:ADMIN#Special situations. I wrote at the ACN discussion that triggered this RfC that I don't see that section as necessarily irreconcilable with BLOCKEVIDENCE as currently worded—but I do wish this RfC were more about clarifying that section (which appears to have been added unilaterally in 2012) rather than BLOCKEVIDENCE. Mz7 (talk) 10:31, 9 September 2022 (UTC)Reply[reply]

  I think this is a reasonable way to look at the current policy. I just ran into this with my block of Quintin-Mills: His one edit was spammy enough to bring it into the discretionary range between warn and block, but what tipped me in the direction of blocking was a statement he made in a global rename request. With this RfC in mind, I referenced that as additional evidence in the block rationale, but did not make it the primary reason, as I think most admins will agree that Special:DeletedContributions/Quintin-Mills falls within admin discretion to block over. -- Tamzin^{[cetacean needed]} (she|they|xe) 22:16, 9 September 2022 (UTC)Reply[reply]

• Oppose Nobody should be blocked on evidence which is not available to the Community at large or which cannot be revealed pursuant to a WP:ADMINCOND request. If anyone thinks they possess offwiki evidence that merits a block they should notify the target and open an ArbCom case in which the target can make representations (if necessary by email). For the same reason, the work to mask IP addresses should be stopped dead in its tracks. The damage that this will do to editors fighting vandalism will be incalculable. 2A00:23A8:4C31:5901:9580:C3C4:6DB1:AE40 (talk) 17:14, 9 September 2022 (UTC)Reply[reply]
• @Tamzin:, back at WT:ACN, you wrote The community's consensus is that admins may issue blocks based on private evidence.... Was there a formal discussion you can link to out of which said consensus emerged, or were you using the term in the more informal sense of "We've been doing it that way for a long time and nobody objected"? -- RoySmith (talk) 21:59, 9 September 2022 (UTC)Reply[reply]

  @RoySmith: I was referring to the consensus behind the current will be made available to wording, and the implicit consensus to not have that say is available to. -- Tamzin^{[cetacean needed]} (she|they|xe) 22:16, 9 September 2022 (UTC)Reply[reply]

• Oppose If I'm reading this correctly it creates some new responsibilities that I'm not liking: (1) The sitting ArbCom must maintain an indefinite library of these evidences (2) The sitting ArbCom must maintain a process to produce this evidence to any admin on demand. Well, what are you going to do if arbcom doesn't turn up a volunteer to do this? Creating an indefintite responsibility to future volunteers is a bad idea. — xaosflux ^Talk 22:42, 9 September 2022 (UTC)Reply[reply]
• Oppose. The only people who should be judging others on/have access to non-public evidence should be those that have signed the Wikipedia:Access to nonpublic information policy. Also, ArbCom is elected on behalf of the community specifically to oversee cases such as these that are not amenable to public review. WP:BLOCKEVIDENCE is fine as-is. If a block is based on evidence that would be WP:OVERSIGHTED if published on Wiki, someone who has WP:OVERSIGHT permissions should be in charge of these blocks. The real issue for me it seems is that our existing policies are not being enforced. Chess (talk) (please use {{reply to|Chess}} on reply) 03:03, 10 September 2022 (UTC)Reply[reply]
• Support for LTA cases/cases where off-wiki harassment is part of the case, not simply for seeing what else we can find: There should be stringent reasoning behind an administrator choosing to investigate a user's off-wiki activities – either off-wiki conduct is part of the problem, or a user's abusive behaviour is part of a dangerous and wider trend of how they conduct themselves online (as in, LTA cases where "this user may stalk you/send you death threats" has to be added to the LTA case file). Investigating off-wiki behaviour should be unsuitable in the vast majority of cases, but I can see times when it will probably be necessary. In these cases, there needs to be more of a record than "this administrator found it and this administrator saw it too"; having it entered into record somewhere hopefully makes it a more accountable process.--Ineffablebookkeeper (talk) ({{ping}} me!) 13:04, 10 September 2022 (UTC)Reply[reply]

  It seems like you're saying that someone who lives with a very real Wiki-generated threat would benefit by having any admin who requests it be given access to detail which could further endanger the stalked person like, say, information in police records. What if the off-Wiki harassment is from an individual who was an admin? What if the admin who issues a block happens to be an ex-arb? The forced disclosure in this wording would still apply; would it not obligate them to disclose personal information (that could endanger the threatened editor) to any admin who is curious about what looks like an odd block, but has signed no confidentiality agreement? The wording of this proposal was perchance conceived to try to address the (relatively less real, 'cuz nobody dies) problem of paid editing, without full consideration to situations of more consequence than someone getting their company promoted on the internet. Not one of the three examples applies to real-life real threats that happen to Wikipedia editors. Perspective, priorities, and reality check, pls. Obviously, I oppose the wording as written, and in fact, would consider the whole matter should probably be reviewed by someone at legal should it advance, because the alarming repercussions to real people in real life if confidential information, revealed to arbs, ends up revealed to any 65% threshhold admin who has not signed a confidentiality agreement and was not elected is dangerous in real ways ... SandyGeorgia (Talk) 17:40, 22 September 2022 (UTC)Reply[reply]

• Oppose per Ealdgyth et al. I am shocked to learn that an admin (or many) has been doing the off-wiki investigation the opening statement seems to indicate; surely this is contrary to all our privacy values. Happy days ~ Lindsay^Hello 20:59, 10 September 2022 (UTC)Reply[reply]
• Oppose. I am uneasy that private information might be passed around among people who have not signed up to the WMF access to non public information agreement. There is already a dedicated VRT/functionaries email address for issues concerning undisclosed paid editing so it is not necessary to do this. --Malcolmxl5 (talk) 22:12, 10 September 2022 (UTC)Reply[reply]
• Hell no. Administrators should never be blocking users based on "nonpublic evidence". Ever. Any "standard" admin actions must be backed up by public evidence. If the evidence can't be posted on-wiki for whatever reason (and it better be a legal reason or a significant privacy concern, nothing else) the action(s) in question need to be carried out by the Arbitration Committee (for local matters) or the WMF Office (for global matters). And frankly, for ArbCom matters, unless the user being sanctioned is an administrator or otherwise in some sort of higher capacity, the action should really just be a quiet {{ArbComBlock}} without a public motion or noticeboard posting. If you can't publicly share the evidence, don't make a public announcement about the fact that you can't share the evidence. But to be clear, this should only be done in cases where the evidence can't be shared for legal or privacy reasons, not just because admins don't feel like sharing it publicly for whatever reason. I see way too much of "I'm not going to share the evidence publicly because the sanctioned user will use it to evade detection next time" (especially in sock puppetry cases but also elsewhere too). This makes it impossible for someone to defend themselves. While we may not be a court of law, we still need to act in the interest of fairness. Refusing to provide the evidence to the accused and to possible witnesses or outside third parties makes it literally impossible for the accused to prove that they are in fact innocent (even cases of serious harassment can be mistaken; there was once a case on a now-defunct community website that I used to administrate where someone pulled off the most elaborate joe job that I have ever seen, and managed to get a completely innocent user blocked for making death threats (among other things) when it was in fact the user that reported the harassment who was doing the harassing. Fortunately in that circumstance the situation was swiftly corrected, but I worry that such a situation here on enwiki would not be. I realize that this is a bit of an off topic tangent, but this is an issue that continues to weigh heavily on me and one that I feel strongly about. The long and short of it is that if an editor needs to be blocked for some reason that cannot be stated on wiki, that block must be carried out either by ArbCom or the WMF Office. No exceptions. No regular admin should be acting in their regular capacity and blocking users based on nonpublic evidence of any kind. If there is a situation (alluded to above) where there is both on-wiki evidence and supplemental off-wiki evidence, block only based on the on-wiki evidence and don't even publicly mention the off-wiki evidence. If you can't discuss it publicly, don't mention it publicly. The end. And if the evidence does not violate any privacy or other laws, it must be stated publicly and all of this becomes moot. Evidence must only be kept private if there is a legal reason or a significant privacy reason to do so - not just because an admin feels like it. Taking Out The Trash (talk) 02:46, 11 September 2022 (UTC)Reply[reply]
• I don't want individual sysops making this call based on fishing expeditions, but I do think we need a lightweight process in which three or four of our more experienced sysops can reach a quick decision where there's need. An AN/I thread would be an appropriate venue.—S Marshall T/C 23:27, 11 September 2022 (UTC)Reply[reply]

  ...And, a block by an individual sysop with "email me for the evidence" is way, way, way out of line. If Arbcom became aware of that ever happening, I'd look to them for a prompt and summary desysopping of the blocker.—S Marshall T/C 23:37, 11 September 2022 (UTC)Reply[reply]

• Support I think the problem of UPE is significant enough that additional tools are needed to combat it. I would support the idea of requiring more than one administrator to concur in the block, to prevent abuse. It seems pretty ridiculous that we can't use things like LinkedIn to identify bad-faith editors. Calliopejen1 (talk) 18:45, 14 September 2022 (UTC)Reply[reply]

  @Calliopejen1: We can, you just need to send it to a functionary or ArbCom for action, preferably via paid-en-wp@wikimedia.org. – Joe (talk) 07:06, 16 September 2022 (UTC)Reply[reply]

• Oppose per Snow Rise. This is clearly outside the remit of admin. What is outside en.wiki should stay outside. We elect admins to clean things up in Wikipedia, not to run checks on people based on off-wiki information. In my opinion, attempts to connect real world identity to editor name is a clear overreach of power and a blatant invasion of privacy. I could be a known criminal in my real life, but in the event I got investigated for my on-wiki conduct, my real life should not affect my on-wiki investigation. My off-wiki conduct should never "poison" any investigation on my on-wiki conduct.

And we are talking about non-public information that can't be shared. Yes, the information would be shared among admins. But who will guarantee that the information would not be kept securely? Who would guarantee that the admins would not spread the information off-wiki? Are all admins privy to the information? Will the information be destroyed after a certain time? Who would guarantee that the admin judging the case will be fair and unbiased with the evidence off-wiki?. Will some people with WP:UPE get away because of this? Absolutely. But protecting the privacy of many is more important than attempting to stop a small number of bad actors.Admins should not be doing "fishing expeditions" through Google to block someone. If the on-wiki evidence is not enough to "convict" someone, the editor should not be blocked - just like real life. — Preceding unsigned comment added by SunDawn (talk • contribs) 12:23, 16 September 2022 (UTC)Reply[reply]

• Oppose Personally I would strip the whole section out of the policy and refer all blocks related to off-wiki evidence to ArbCom/functionaries. It made sense in the mid-2000s but not now. --Rschen7754 05:15, 17 September 2022 (UTC)Reply[reply]
• Oppose per SnowRise and others. This is highly inappropriate and, IMO, carries real risks of abuse. Blocks should occur for on-wiki actions due to on-wiki evidence. --SilverTiger12 (talk) 00:25, 18 September 2022 (UTC)Reply[reply]
• 'Support' - administrators are already permitted to speedy delete pages and block users based on the deleted content. This means that they are trusted to take administrative action based on information visible only to admins. The only question is how to ensure that an admin who becomes unavailable can still make sure that other admins can still know the facts behind it. The use of informing ArbCom is intended to solve this problem, and informing them before they take action is to deal with the highly unlikely situation that an admin drops dead immediately after blocking. Animal lover |666| 17:40, 18 September 2022 (UTC)Reply[reply]

  Deleted pages or contents are not off-wiki evidence. Those are still available to all admins, as they are on-wiki. The problem with this new policy is that off-wiki evidence, such as Google searches or LinkedIn pages, that are only available to some admins, will be allowed to be used as an evidence against you. There is no debate about whether on-wiki evidence can be used or not, the debate is about off-wiki evidence. ✠ SunDawn ✠ (contact) 11:38, 19 September 2022 (UTC)Reply[reply]

• Oppose per Rschen7754. Typically people digging around off-wiki is not a good thing, and on-wiki evidence for the block is substantially stronger. I understand the allure of private block evidence, but I don't think it is a direction we should head as a community. TonyBallioni (talk) 17:50, 18 September 2022 (UTC)Reply[reply]
  • Also, since this was asked by Kevin: my interpretation of the current policy is that blocks by administrators based on off-wiki evidence that cannot be reviewed on-wiki are prohibited in virtually all circumstances. I think Salvio giuliano and Thryduulf sum it up better than I could. My interpretation of the wording The community has rejected the idea of individual administrators acting on evidence that cannot be peer-reviewed is that it requires public peer-review unless a user is making a block in their capacity as a CheckUser or Oversighter. The historical reason for allowing private evidence ArbCom-only blocks had to deal with child protection. That's been handed over to T&S now. TonyBallioni (talk) 18:03, 18 September 2022 (UTC)Reply[reply]
• Strong Oppose -- the community did not like the whole Fram affair, and whatever exactly happened is still unknown to us. This sounds many times worse. Also, it seems to fly in the face of due process. Can the accused access the evidence that the administrator is using to justify their action? While Wikipedia is not obligated to provide due process, it is, nonetheless, fundamental that everyone have their say and the right to defend themselves. I've seen and experienced how badly social media sites (such as Facebook and Twitter) fail at providing people an adequate defense to challenge blocks, I'd rather not see Wikipedia fall down that same path. --Rockstone^{Send me a message!} 08:09, 19 September 2022 (UTC)Reply[reply]
• Oppose. If a block must be done for non-public evidence, it should be by ArbCom, not as a standard admin action. Perhaps we could consider a process to make it easier to ask for such blocks from ArbCom or functionaries instead. Regards, User:TheDragonFire300. (Contact me | Contributions). 09:47, 22 September 2022 (UTC)Reply[reply]
• Oppose, and I would urge Tamzin (and others doing the same) to cease making such blocks and to instead follow actual policy, even if that means some extra red tape or the occasional spammer not being blocked immediately. Continuing to make such blocks should be grounds for a desysop. If selective reading of policies seemed to condone such blocks based on off-wiki hunting, then the policy needs to be made clearer: but it looks as if the policy was clear enough already, and some admins just didn't read the whole policy, only the bits they wanted to see. Fram (talk) 10:31, 22 September 2022 (UTC)Reply[reply]
• I've commented substantively in this RfC so I am clearly not uninvolved. But in reading over the discussion I think there is a consensus to be had. It's not consensus for what was proposed by Tamzin and L235 but there is a consensus none-the-less and I hope that whoever closes this discussion will note that consensus so relevant policy pages can be updated. Best, Barkeep49 (talk) 21:46, 22 September 2022 (UTC)Reply[reply]

  I agree with this reading of the discussion. Best, KevinL (aka L235 · t · c) 21:55, 22 September 2022 (UTC)Reply[reply]