WMF hands out private info to unscreened strangers: OTRS

[Flip Flopped]

I just rub people the wrong way, usually those who want to push their own POV and don't want anyone interfering in that like TDK. With the unfortunate demise of the other site, hopefully more will refocus back on this one and WPO. There is still a lot on the WMF sites to be criticized, not the least of which is the WMF's incompetence.

Just look at the whole thing with INeverCry. He was an admin, who created a sock that became an admin and was an OTRS member for a while. For those who aren't familiar, getting OTRS access requires approval and vetting by the WMF. So the fact that a sock was able to show their real identity (or at least a good fake one) and get access to OTRS and be an admin highlights the WMF's incompetence (just for clarity I liked INC and I think they did a lot of good work, on Commons especially. Banning them helps Hasten the day).

What? I never heard any of that about INeverCry. Holy Toledo. He became an admin then created a sock and became an admin with a second account. Which account became the OTRS member? What kind of proof of identity did he send the WMF for his OTRS role? We all knew the WMF would accept fake credentials for these trusted roles handling private information with legal implications, but this is the first I've heard of what might be actual bogus credentials being used.

I bet their screening procedures for all the ArbComs in different languages is just as much of a farce.

[Kumioko]

Yeah that pretty much sums it up. The sock account was Daphne Lantier as seen here: https://commons.wikimedia.org/wiki/User:Daphne_Lantier and that was the account that had OTRS access. Now having said that INC had OTRS access in the past as well, so it begs the question, if the WMF verified that both were who they said they were, then how were they both allowed to use the same identity and no one at that point noticed they were a sock of another editor.

[Flip Flopped]

Yeah that pretty much sums it up. The sock account was Daphne Lantier as seen here: https://commons.wikimedia.org/wiki/User:Daphne_Lantier and that was the account that had OTRS access. Now having said that INC had OTRS access in the past as well, so it begs the question, if the WMF verified that both were who they said they were, then how were they both allowed to use the same identity and no one at that point noticed they were a sock of another editor.

Wow. That does make it even worse.

I have to add that I always have had a good impression of INeverCry. I hope his behaviour was authentically well-intentioned, but these developments inevitably raise many questions.

When did this all come out, Kumi? How did people find out about it?

[Kumioko]

I have suspected it since about this time last year and others such as Nick have probably suspected it since around the same time. The 2 share such a close pattern of editing and style it's really pretty obvious IMO.

It just became a big deal in the last month or so though. Somewhere around the end of July.

So first off, here is the link to where they were added as an OTRS member: https://meta.wikimedia.org/wiki/Steward_requests/Global_permissions/2017-05#add_global_OTRS_member_for_Daphne_Lantier

Now I could be wrong, but as I understand the process, when they send the email requesting to be added, they are vetted by someone at the WMF and then approval is given and they are added. This may not happen like it's suppose to though and the WMF may leave that to volunteers but IMO due to the sensitivity of the OTRS data and the impact it can have, they really shouldn't be doing that if that is the case.

Here are some of the details about the socking, Desysopping and bans:
- ENWP Sockpuppet investigation confirmed here by Courceles August 11: https://en.wikipedia.org/w/index.php?title=Wikipedia:Sockpuppet_investigations/INeverCry&diff=794951533&oldid=794807699
--Note: I personally do not have any respect for Courcelles, their abilities or the Checkuser tool, so to me this is hardly "evidence" but it was what started the ball rolling.
- Desysop on Commons Started August 18 here: https://commons.wikimedia.org/wiki/Commons:Administrators/Requests/Daphne_Lantier_(desysop)
- Then INC/Daphne went on a vandalism spree on Commons. Really once they started making threats and accusations, regardless of merit, INC knew it was over.

I didn't add links to the blocks and there are a couple of AN type discussions and some discussion on Meta as well as IRC (which obviously cannot be linked) too.

[Graaf Statler]

The WMF projects at it's best. Assuming good faith (AGF) is a fundamental principle on Wikipedia. Without any screening, without any checking if private info is stored in a correct way, yes, this is the project of the future!
And the drama is, people are thinking they have to do with a solide organisation, and they gave there private date in good faith to them. But the plane true is, their date is absolute not save there!

But, we all know WMF and it's projects are above every rule and law. So, they can do whatever they want.

[Kumioko]

I think it's funny how WPO didn't pick up on this until someone from here pointed them to it. You're slipping WPO!

I also think it's funny that ole' Greg K said my statements need to be verified and people are saying they cannot find a source for my claim that Daphne/INC was on OTRS when the links are right here! Maybe Greg needs to start checking the facts before making unsubstantiated claims.

[Flip Flopped]

I have suspected it since about this time last year and others such as Nick have probably suspected it since around the same time. The 2 share such a close pattern of editing and style it's really pretty obvious IMO.

It just became a big deal in the last month or so though. Somewhere around the end of July.

So first off, here is the link to where they were added as an OTRS member: https://meta.wikimedia.org/wiki/Steward_requests/Global_permissions/2017-05#add_global_OTRS_member_for_Daphne_Lantier

Now I could be wrong, but as I understand the process, when they send the email requesting to be added, they are vetted by someone at the WMF and then approval is given and they are added. This may not happen like it's suppose to though and the WMF may leave that to volunteers but IMO due to the sensitivity of the OTRS data and the impact it can have, they really shouldn't be doing that if that is the case.

Here are some of the details about the socking, Desysopping and bans:
- ENWP Sockpuppet investigation confirmed here by Courceles August 11: https://en.wikipedia.org/w/index.php?title=Wikipedia:Sockpuppet_investigations/INeverCry&diff=794951533&oldid=794807699
--Note: I personally do not have any respect for Courcelles, their abilities or the Checkuser tool, so to me this is hardly "evidence" but it was what started the ball rolling.
- Desysop on Commons Started August 18 here: https://commons.wikimedia.org/wiki/Commons:Administrators/Requests/Daphne_Lantier_(desysop)
- Then INC/Daphne went on a vandalism spree on Commons. Really once they started making threats and accusations, regardless of merit, INC knew it was over.

I didn't add links to the blocks and there are a couple of AN type discussions and some discussion on Meta as well as IRC (which obviously cannot be linked) too.

Holy cow. This is wild, and so recent.

Wasn't it hypothesized that the WMF would accept a scan of any drivers' license as long as the name matched whoever you claimed to be (your brother, uncle, etc.)?

[Flip Flopped]

The WMF projects at it's best. Assuming good faith (AGF) is a fundamental principle on Wikipedia. Without any screening, without any checking if private info is stored in a correct way, yes, this is the project of the future!
And the drama is, people are thinking they have to do with a solide organisation, and they gave there private date in good faith to them. But the plane true is, their date is absolute not save there!

But, we all know WMF and it's projects are above every rule and law. So, they can do whatever they want.

I love the part where children may be handling users' private data and the private data of living people (like celebrities) who might have biographies on Wikipedia. All a kid has to do is lie about their age and name, then scan an adult family member's drivers license or birth certificate. It's hard to sue kids; you end up having to sue their parents sometimes.

[Kumioko]

With one important caveat, the WMF requires you to lie if you are a child and use an adults ID. Don't worry, we won't ask and we'll destroy the documentation to ensure there is no way to perform an audit, quality control check or perform a legal request.

[Flip Flopped]

With one important caveat, the WMF requires you to lie if you are a child and use an adults ID. Don't worry, we won't ask and we'll destroy the documentation to ensure there is no way to perform an audit, quality control check or perform a legal request.

I think tarantino cited the new WMF "Handling Private Information" policy to show the WMF gives 16-year-olds access to people's private data.