As far as I can see, this needs community discussion first to decide a approach that is wanted.

For option 2, see also T226797#8496963. I do think we need a global CheckUser, and loginwiki will be obsoleted once we have it.

While technically these checks could be performed on meta.wikimedia.org

Some actions only produce a log on: local project, loginwiki. The axiom that metawiki could be used for all cases is false.

In T399165#10991066, @Dreamy_Jazz wrote:

As far as I can see, this needs community discussion first to decide a approach that is wanted.

Prior community discussion determined that stewards should not be meta checkusers (see: https://meta.wikimedia.org/wiki/Meta:Requests_for_comment/Meta_checkusers_and_stewards ). Consensus can change, someone is welcome to start a new RFC

Option 1 "Make only the account creation actions available on Meta for CU" isn't going to fly. There will be need for local CU investigations on metawiki where just seeing account creation logs is not enough.

What if an account is compromised and only edits on metawiki? This means it is impossible to determine if the edits which look to be made by another person are likely the result of a compromise based on CU data.

In T399165#10991722, @Xaosflux wrote:

In T399165#10991066, @Dreamy_Jazz wrote:

As far as I can see, this needs community discussion first to decide a approach that is wanted.

Prior community discussion determined that stewards should not be meta checkusers (see: https://meta.wikimedia.org/wiki/Meta:Requests_for_comment/Meta_checkusers_and_stewards ). Consensus can change, someone is welcome to start a new RFC

As far as I understand from this RFC, it focuses on option 2. But what about option 1 — retiring the concept of local CheckUsers on Meta, granting stewards CU access on Meta directly, and limiting logged CheckUser actions on Meta to account creation only (similar to how it currently works on LoginWiki — i.e., only a single entry is shown)?

In T399165#10992529, @Arendpieter wrote:

In T399165#10991722, @Xaosflux wrote:

In T399165#10991066, @Dreamy_Jazz wrote:

As far as I can see, this needs community discussion first to decide a approach that is wanted.

Prior community discussion determined that stewards should not be meta checkusers (see: https://meta.wikimedia.org/wiki/Meta:Requests_for_comment/Meta_checkusers_and_stewards ). Consensus can change, someone is welcome to start a new RFC

As far as I understand from this RFC, it focuses on option 2. But what about option 1 — retiring the concept of local CheckUsers on Meta, granting stewards CU access on Meta directly, and limiting logged CheckUser actions on Meta to account creation only (similar to how it currently works on LoginWiki — i.e., only a single entry is shown)?

1. That project, like any other project, can have local disruption; I can't see any reason we would want less checkuser information available on any local project.
2. If that community wants to retire all their checkusers it will default to using stewards, just like any other project. Just start a local RFC to stop having checkuser elections and revoke all project checkusers.

In T399165#10991616, @Xaosflux wrote:

While technically these checks could be performed on meta.wikimedia.org

Some actions only produce a log on: local project, loginwiki. The axiom that metawiki could be used for all cases is false.

Which actions still only produce a log on the local project or loginwiki, but not on metawiki?
I thought — perhaps incorrectly — that after SUL3 was enabled on all Wikimedia projects, all such actions were moved to auth.wikimedia.org. Is that not the case?

In T399165#10992577, @Arendpieter wrote:

In T399165#10991616, @Xaosflux wrote:

While technically these checks could be performed on meta.wikimedia.org

Some actions only produce a log on: local project, loginwiki. The axiom that metawiki could be used for all cases is false.

Which actions still only produce a log on the local project or loginwiki, but not on metawiki?
I thought — perhaps incorrectly — that after SUL3 was enabled on all Wikimedia projects, all such actions were moved to auth.wikimedia.org. Is that not the case?

auth.wikimedia.org is not meta.wikimedia.org ; example: local project temporary account creation

I propose that we go with Option 3 (Status Quo) and close this task. I'll do that in a few weeks time if no one objects.

In T399165#10992577, @Arendpieter wrote:

[…] I thought — perhaps incorrectly — that after SUL3 was enabled on all Wikimedia projects, all such actions were moved to auth.wikimedia.org. Is that not the case?

auth.wikimedia.org is not a wiki, it is a proxy URL. Enabling that proxy did not change what wiki an action happens on. The main thing we changed with SUL3 is the URL, and thus where the browser reliably stores the central session cookie.

Login actions now use the proxy URL auth.wikimedia.org/dewiki/, instead of the URL de.wikipedia.org. The frontend experience and backend association remains fully "local" to dewiki. This can be seen in a few ways, such as: logo (Wikipedia vs Wiktionary vs Commons), site-specific configuration and customisations (e.g. the sidebar, default language, and login form customisations), and CheckUser logs.

Compare the following in a private window:

• https://auth.wikimedia.org/dewiki/wiki/Special:UserLogin
• https://auth.wikimedia.org/commonswiki/wiki/Special:UserLogin
• https://auth.wikimedia.org/nowiktionary/wiki/Special:UserLogin
• https://auth.wikimedia.org/ruwikivoyage/wiki/Special:UserLogin

As part of the SUL3 work, we preserved post-singup "pings" to loginwiki and metawiki no matter on which wiki you create an account from, so that CheckUser workflows remain unchanged. There is also a periodic script to backfill data from local wikis to loginwiki/metawiki (e.g. if the ping failed, ref T378401).