Training modules/Online harassment

This was provided by the Wikimedia Foundation's Trust and Safety Teams. It was adapted for Miraheze's use by User:RhinosF1. The original version can be found at https://outreachdashboard.wmflabs.org/training/support-and-safety/.

Purpose of this module[edit | edit source]

This module is intended to help community leaders, users with advanced rights, and groups handle community challenges around allegations of online harassment and abusive behavior. Working with such reports can be a challenging and time-consuming process. Projects on Miraheze are led by many different groups which can mean a lack of consistent approaches to the issue between different Miraheze projects, or even within a single project or group. Harassment cases can cause emotional strain on those reporting the abuse as well as those experiencing it, and it is often very difficult to find solutions that satisfy everyone involved.

However, helping fellow community members deal with this issue is important. The experience of feeling harassed is a deterrent to participation. Volunteers often struggle with finding assistance when they feel harassed. Supporting them, and supporting each other in supporting them, may help us avoid losing good-faith contributors who could be helping build out content for readers.

These training materials will evolve over time. Approaches to online harassment, as well as policies and tools, are an expanding area of study.

Basics: What is harassment?[edit | edit source]

Harassment can be difficult to define, as it can appear in many forms. Some of these are more obvious than others, but all forms can be upsetting and distressing to those targeted.

Our Code of Conduct defines it as:

• Personal attacks, violence, threats of violence, or deliberate intimidation.
• Offensive, derogatory, or discriminatory comments.
• Gratuitous or off-topic use of sexual language or imagery.
• Inappropriate or unwanted public or private communication, following, or any form of stalking.
• Disclosure of a person's identity or other private information without their consent. Disclosure of some identifying information is not consent to disclose other identifying information.
• Inappropriate or unwanted publication of private communication. Publishing or reporting private communication or personally identifying information for the purposes of reporting harassment (as explained here) is acceptable.
• Harming the discussion or community with methods such as sustained disruption, interruption, or blocking of community collaboration (i.e. trolling).
• Discrimination (unless required by law), particularly against marginalized and otherwise underrepresented groups. Targeted outreach to such groups is allowed and encouraged.
• Using the code of conduct system for purposes other than reporting genuine violations of the code of conduct (e.g., retaliating against a reporter or victim by filing a report claiming their response was harassment).

You may have experienced harassment yourself on the Miraheze projects, or you may have seen someone else experience it. Either way, you almost certainly know how horrible it can feel.

Harassment isn't always blatant name-calling; at times it can be specifically designed to be subtle, in a way that's meaningful only to the target. You may not think a particular situation is harassment, but when you receive a report or complaint, you must examine the context and background. In situations like this, try to deal compassionately with the situation, listen empathetically, evaluate the evidence objectively, and determine how you may be able to assist.

Basics: Why do you need to care about harassment?[edit | edit source]

Online harassment has been an issue for a long time, almost since the launch of the internet itself. Areas of the internet where many people converge and communicate openly with each other – for instance, forums, multiplayer games, and social media – are particularly susceptible to it. Harassment and bullying can lead to distress and depression in people subjected to those things (pdf link). In a survey published by the Pew Research Center in 2014, almost three-quarters of adults using the internet have seen someone be harassed in some way online. Two in five have experienced it first-hand.

A culture of harassment has been one of the major criticisms of some communities since their inception in 2001. Miraheze has hopefully avoided this. Researchers from the Palo Alto Research Center in 2008 into Wikimedia Sites found that less-active editors who make two to nine edits a month were seeing their edits reverted up to three times as often than they had been in 2004. But it's not only low-volume editors who encounter harassment – long-term Wikimedia contributor David Shankbone wrote in 2008 that "if you become a target on Wikipedia, do not expect a supportive community."

When vulnerable types of users are targeted by harassment, this can lead to a lack of diversity in editors and a lower quality of content. When users have their privacy compromised, it is likely that their involvement with online projects like Miraheze will be greatly reduced or stop altogether.

The majority of harassment complaints will be seen by the community first. It can be complicated to deal with often complex and subtle harassment claims and cases. This module will help prepare you for the best ways to deal with them.

Basics: Some common forms of harassment on our projects[edit | edit source]

Harassment comes in many shapes and sizes. Some of it is childish and may seem easy to shrug off – throwaway insults by vandals, for example. But while it can be easy for an administrator or vandalism patroller to brush this treatment aside, newcomers to the movement can be discouraged or offended by it. They might also be goaded into breaking rules by entering into petty edit wars or meeting name-calling with name-calling.

Some vandals can become focused on the pursuit of one or a group of editors. This pursuit may take subtle forms, like "wikihounding" – the practice of "stalking" someone's edits to constantly revert or oppose them. Being wikihounded can result in the editor becoming disillusioned, upset, or frustrated. Wikihounding can also lead to more general online stalking in places like email, social media, and personal blogs. Harassers may collect personal information from these sources and use the release, or threat of release, of this information to intimidate contributors.

Threatening users must be treated seriously. You should email reports of threats to stewards[at]miraheze.org or get assistance via IRC or Discord. Do not attract attention to them. You may also want to consider emailing conduct[at]miraheze.org to have it followed up.

Immediate action: Blocking users[edit | edit source]

Once you have been made aware of obvious harassment or threats, there are actions you may take immediately that don't require in-depth investigation. You might already be familiar with these actions, as they are fairly commonly used by local administrators or users with advanced rights.

If you are experienced with using the block tool, feel free to skip this section.

The block is one of the central tools available to administrators and those with advanced permissions. It prevents a registered user account from editing and an unregistered user from editing from a specific IP address. Blocking policies are project-specific. More information on performing blocks, and when they're appropriate, should be available in local policy. Block summaries should be neutral and avoid expressing frustration or retaliation against the person blocked as this may encourage them to continue.

Range blocks[edit | edit source]

Range blocks, where a group or "range" of IPs are blocked, can be a powerful weapon against users moving through multiple IP addresses. However, it is also a solution with a lot of potential collateral damage. Consider consulting a fellow administrator with experience in these kinds of blocks before applying a range block for the first time, and make sure you are aware of and respect local policies about their use.

Immediate action: Revision deletion or suppression[edit | edit source]

Revision deletion (sometimes shortened to "revdel" in English) is available to administrators. It is used to hide deleted content from those without administrator rights. This is a reversible action which can be a good first response to obvious attacks, even if you feel the larger issue needs to be discussed more thoroughly.

Suppression (also called oversight) is a tool that can be used to hide content even from administrators. Policies on suppression can vary a little by wiki. The Oversight policy is available here. Of the criteria, those which most relate to harassment are:

• Removal of non-public personal information such as phone numbers, home addresses, and workplaces or identities of pseudonymous or anonymous individuals who have not made their identity public, or of public individuals who have not made that personal information public. Users with advanced rights are encouraged to use common sense and intuition when making a call like this. Suppression can be reversed, so it is usually safest to remove when in doubt.

• Removal of potentially libelous information on the advice of the Miraheze Board or Sysadmin Team or when the case is clear and there is no editorial reason to keep the revision.
• Hiding of blatant attack names on automated lists and logs, where such an action does not disrupt edit histories. A blatant attack is one obviously intended to denigrate, threaten, libel, insult, or harass someone. Note that usernames are created globally by default. You can "block-suppress" locally, but it's usually best to have a Steward "lock-suppress" the account globally. (Remember that, when it comes to registered user accounts, "blocks" are local actions, but "locks" are global.)

If the harassment in question doesn't meet these criteria, it might still be revision deleted as described above. Where there's doubt, refer the case to Stewards who will handle appropriately.

Immediate action: Cross-wiki blocking and tracking[edit | edit source]

In the event that an obvious harasser is abusing someone across multiple wikis, it may be necessary to take global action. It is possible to globally lock accounts, though only Stewards have this ability. They can also globally block the underlying IP address to prevent the creation of alternate accounts (known as "sockpuppets") or "sleeper" accounts.

CVT are users with administrator rights on most wikis. They can also help to keep cross-project abuse to a minimum. They can also help support projects without administrators, or with very few. However, the role of combating global abuse is generally best left to the stewards.

CVT can help to track and prevent obvious vandalism or harassment through their own methods. They might be worth contacting to help keep track of harassment on smaller wikis and may have background knowledge of problem users on those projects.

Handling personal information: Publication of personal information[edit | edit source]

"Doxing", or "outing", is usually described as the publication of personal information online, generally in order to intimidate or threaten. In some cases, this personal information is used to actively seek out and harass online users in real life. Real-life outcomes can involve someone unwelcome literally showing up at the target's door or place of employment. Unfortunately, doxing has become a common method to intimidate, harass, or punish people online.

Handling personal information: What counts as "personally identifying information"[edit | edit source]

As previously covered, "personally identifying information" (often shorted to "PII" and sometimes expanded as "personally identifiable information") covers a fairly wide range of data that can be used to identify or trace a person in real life.

On Miraheze projects, the category of PII includes information about a user such as phone numbers, home addresses, and workplaces, unless the user has chosen to publish that information on a Miraheze project themselves. PII includes the real names of pseudonymous or anonymous individuals who have not made their identity public on a Miraheze project. Private information about public individuals, such as addresses or phone numbers that the individual has not made public, are also considered PII. It also includes IP addresses and user agents of those who have not made this connection in the past.

Because the right to participate without giving away personal information is guaranteed in the Miraheze Privacy Policy, it's usually advisable to be vigilant and conservative when dealing with anything that could be used to "out" an editor.

Handling personal information: Handling PII on-wiki[edit | edit source]

You may be asked to handle PII that is posted in a variety of locations, deliberately or otherwise. It isn't always with malicious intent. Sometimes a person will post something about themselves on a project without realizing how public that page is. Or perhaps someone mentions a link between another user and their PII that they thought was known, but it wasn't. No matter the intentions of the person who posted it, PII that isn't willingly divulged generally needs to be handled with caution and removed and suppressed as necessary.

PII can be revealed on Wikimedia project noticeboards and talk pages, such as those used for mediation. This is not always done maliciously. Some examples of accidental publication of PII might include:

• Someone attempting to make a link between a user and their location, their employer, or an IP address to prove a point in a debate;
• Someone referring to another person by name (assuming the other person had not publicly linked this to their account);
• Someone uploading an image of an event that shows another user and their name badge, thus connecting a user to their real name, or that contains the user's real name in the tags or metadata.

In all of these cases, even if no action is merited against the person who made the edits, the edits themselves should be suppressed. Refer to the "Immediate action" section for more information.

There is also the additional possibility of articles being used in harassment of this variety. This is of particular concern when the harassment is targeting an individual with a Wikipedia article of their own. Most of the time, such targets are fairly low-profile, if notable, individuals.

Situations involving articles such as these might include:

• Posting home addresses or phone numbers into infoboxes or article text;
• Inserting unsourced or false material that is controversial or purports to reveal personal details (usually where those details are excessive – details of divorces, children's dates of birth...);
• Adding links to unreliable websites or blogs that reveal previously unpublished or unverified personal details

Be wary of treating article content issues as harassment. Undue weight given to sourced content – such as criticisms or controversies – is a different matter and ought to be handled with on-wiki discussion.

Handling personal information: Responding to posters of PII[edit | edit source]

There are a few ways you can respond to those who post personally identifiable information. Policies on assuming good faith vary greatly by project, but you will generally be able to use common sense to determine whether something is done on purpose or by accident.

If the PII was posted by accident, treat the actual PII as serious, but try to communicate with the posting user as quietly as possible about why posting this type of information is not allowed. For example, a user may have posted their email address for further correspondence. Or they may have posted what they thought was a known connection between two online identities that had actually not been previously linked.

If the posting of this information was obviously deliberate, or if a seemingly accidental posting is repeated, more severe action might be needed. Cases of deliberate PII release might include an attempt to "out" another editor, perhaps to link their account to a purported employer. It could also include leaking personal emails or other communication which could be compromising.

In cases of deliberate PII release, use your judgment to decide whether a stern warning will suffice or whether a block is necessary. If you choose to use a block, be aware that you may also need to restrict the blocked user's ability to edit their talk page in order to keep them from posting the PII there.

Possibly the hardest part of dealing with the public posting of personal information is corresponding with those experiencing harassment.

Handling personal information: On-wiki steps they can take[edit | edit source]

In a case like this, the first and most important step someone experiencing harassment should take is to contact Stewards directly through email, IRC or Discord. This should be done as quietly as possible to avoid drawing attention to the personal information and to prevent its spread.

Administrators or Stewards might wish to take action against the poster of this PII, assuming it was posted with malicious intent or is posted repeatedly.

If the action is global, you may also want to consider contacting the CoCC.

Handling personal information: Off-wiki steps to recommend[edit | edit source]

Off-wiki posting of information is much more difficult to remove than on-wiki edits. Once information is posted online, it can spread quickly and be difficult or impossible to completely remove.

It can be a good idea to contact the hosts of the website on which the leaked content has been hosted and ask them to remove it. This is especially effective when the website in question has a Trust and Safety team set up to deal with these situations. If they don't, it can be more difficult to have content removed, but it is usually possible.

If the person experiencing harassment has concerns for their safety as a result of the leak, they may contact their local law enforcement. This should ideally be done by the person experiencing the harassment themselves, as some authorities may not accept reports by a third party. The posting of personal information online may be illegal depending on where those involved are located, especially if that information is illegally obtained.

Miraheze cannot provide legal advice to users. Legal help varies by country or area, and may be worth investigating should the harassment be serious enough.

Handling personal information: What not to do – The "Streisand effect"[edit | edit source]

The "Streisand effect" is a term used to refer to cases where trying to hide something actually makes it more visible. It is named after American actress Barbra Streisand, who, with a court order, attempted to stop the media from publishing a photograph of her house. The press attention from this court order led to more people seeing and sharing the photograph.

When attempting to handle doxing claims, keep in mind things that could make the situation worse. Of course, the number one priority should be ensuring the information leak is contained and doesn't spread any further.

• If you are not an oversighter, and cannot deal with this information right away, don't explicitly link to it in public. This includes on [[IRC] and on administrative noticeboards. Doing so increases the chances of bad actors copying the information and leaking it in the future. Instead, contact an oversighter or oversighters directly, by email or on IRC. If the leak was on a wiki that doesn't have oversighters, contact a steward instead.
• If suppressing PII will require hiding many revisions, be aware that this will look strange and can look suspicious. There is every chance that such an action will raise suspicion and that the reason for the suppression might be questioned. Be sure to clarify this risk with the reporter and ensure they are willing to take the potential extra scrutiny.

"Off-wiki" harassment[edit | edit source]

The Miraheze projects' low tolerance for harassing behavior sometimes leads people to take Miraheze-related harassment to other platforms and websites. This often, but not always, occurs after a Miraheze account has been blocked; less commonly, a user in good standing will go off-wiki to target an opponent in the belief that doing this off-wiki means they cannot get in trouble on-wiki. Off-wiki harassment is among the most difficult types of harassment to deal with because local administrators and users with advanced rights cannot directly stop or remove the harassment.

Often, helping a harassment target with off-wiki harassment means educating yourself on the policies and procedures of the site where the harassment occurs, so that you can help the person figure out what options are available to them. Some websites have good procedures to help people remove harassing comments or images, while others may expressly ignore the problem.

Off-wiki harassment: Forms it can take[edit | edit source]

There are a number of different forms off-wiki harassment might take, including but not limited to:

• Doxing – publishing personally identifying information about another user.
• Impersonating users – pretending to be somebody else, and carrying out behavior that would embarrass or harm the target.
• Brigading – advertising at an off-wiki venue for other users to come to Wikipedia and attack or revert other users.
• "Revenge porn" (real or forged) – this may involve publishing actual photos of someone in sexual situations, or the forging of such images.
• Phone calls or emails directed at a specific user – a harasser may use these communication venues to intimidate, issue threats, or carry out sexual harassment. Even in a situation where a harasser themselves doesn’t do these things, publicizing someone’s phone number increases the chances they will receive things like “prank” phone calls.
• Phone calls or emails directed at a specific user's family or job – often used to make negative accusations about someone, or to intimidate them by showing they can access loved ones. This type of intimidation can be particularly frightening.

Off-wiki harassment: Investigating reports[edit | edit source]

When you receive a complaint about off-wiki harassment, it may or may not say who the reporting party believes the perpetrator is. If it does include such an allegation, your first priority should be to verify, if possible, this claim: is the Miraheze user actually the same user as whoever is doing the off-wiki harassment? A user in distress may not be a reliable judge. It is always possible for a malicious third party to be carrying out an impersonation that victimizes both the alleged target and the alleged perpetrator, or for someone to take advantage of our system to target a good faith user they disagree with.

Verifying the identity of the harasser may be a simple task, or it may be essentially impossible. It is your team's or community's responsibility to determine what amount and type of evidence is adequate to take action. In general, you should remember that a wiki is not a court of law, and your team has been entrusted with your advanced rights because your community trusts you to make good decisions.

Some ways you may be able to investigate the identity of the harasser include:

• Comparing the off-wiki perpetrator's interests or writing style with the alleged on-wiki user
• Using search engines to try to connect the off-wiki perpetrator's username on that site with the details of a Miraheze account
• Checking to see if the Miraheze username has ever mentioned the other account being theirs anywhere on-wiki (the reverse, where the off-wiki account identifies itself off-wiki as a Miraheze account, is not verification of the linkage.)

Some ways your team may be able to request more information about the identity of the harasser from outside parties include:

• Reaching out to the off-wiki site's Trust and Safety team for assistance
• Filing a complaint with the perpetrator's ISP, if it is identifiable
• In extreme cases, a legal representative may be able to subpoena information about the perpetrator

In all cases, you must remember that there is a difference between investigating a harasser and doxing someone. Rarely will you need to find actual personal information about the harasser; most of the time you will simply be trying to find a link between one account and another. Even in cases where real-life identity becomes relevant, it is your obligation to not do more research than you must, and to think carefully about how to store such information.

Off-wiki harassment: How to request takedown of content on other social media[edit | edit source]

Most social media websites (for instance, Reddit) have, for their own legal protection, explicit policies about when and how they will remove ("takedown") content that infringes their terms of use or violates the law. Similarly, they will usually have guidelines that determine whether certain behavior or content is desirable.

Where harassment is taking place on external websites, it can be possible to request intervention from these websites themselves. Many of the major social media networks now have Trust and Safety teams, though the existence of and best practices for these teams are often quite new. As a result, many of these teams are still trying to firm up policies and procedures for dealing with cases, and may not have a definite, immediate response to give to a complaint. That having been said, most trust & safety teams care about protecting their users and are receptive to complaints about these issues.

Some websites have streamlined the process of requesting content be taken down; for instance, Facebook allows users to report problematic content of many types with a button and Twitter accepts reports of copyright violations via an online form.

Off-wiki harassment: Assistance you can offer[edit | edit source]

Protecting their personal information[edit | edit source]

For a more extensive list of ideas, see RAINN's list

A user who has been doxed or threatened off-wiki will often be extremely concerned about their personal safety, given that the perpetrator has such information about their life. While you cannot directly protect a user's information or safety, there are some resources you can direct them to about how to protect their information:

• They should verify, and potentially tighten, their social media privacy settings. Most of these websites offer a help page or wizard to help users choose what privacy settings work best for them. For instance, here is a guide to Facebook's privacy settings
• They may want to request removal of their personal information from "people search" websites. In some countries, personal details such as names, addresses, and phone numbers are considered public information, and for-profit websites gather and package this information for re-sale. Most such websites include an "opt-out" method for people who do not want their information shared this way, but those methods are not always easy to locate. A "how to" guide like this one may help a user have their information taken down.

Securing their accounts on other sites[edit | edit source]

When a user reports that an account they own has been compromised, or "hacked", you can suggest some important steps they should take immediately:

• Ask the user to check their password security. It is usually a simple matter for the user to reset their password for the compromised account, and they should be sure to do the same for any other online accounts for which they have used the same, or a related, password.
• Contact the administration or Trust and Safety team of the website their account was compromised on, if it has been. These teams can often secure or restore an account with the tools available to them.
• Consider enabling two-factor authentication on sites where it is available. This service will mean that even if someone has their username and password, they will still not be able to access their account without the second "factor". This process usually involves linking an account to a mobile device.

Image-based problems[edit | edit source]

In some cases, users can be the targets of harassment involving images. This can come in many forms, but all have the potential to be upsetting or intimidating. Some examples of how images might be used to harass a user include:

• An attendee of an event being photographed without their consent, with the resulting photographs posted to Commons or another image sharing project;
• Sending them offensive or otherwise shocking images;
• Editing an existing photograph of the user;
• Using a user's image to illustrate an article that has negative connotations

Image-based problems: How and when to get an image deleted[edit | edit source]

Getting an image deleted can be a complicated process. The most important aspect to consider is whether the image actually breaks any rules. Sometimes the image itself isn't causing the issue, but the harasser is using it maliciously. Commons may have some shocking images and images that might cause distress to users. This by itself is not normally a reason to have them deleted.

A common form of image-based harassment is the posting of images taken of volunteers without their consent. At events, there are usually precautions taken to ensure those who do not wish to have their images taken are not photographed. This is usually done with stickers or lanyards. In some circumstances, these may be ignored – maliciously or otherwise – by photographers or camera operators at events. It can be distressing to have a photograph linked to a username, especially if the link wasn't apparent before. It's also treated as a form of personally identifying information on the projects.

Note that images used to harass users are often posted "off-wiki". Learn more about dealing with harassment taking place on external websites.

Image-based problems: Commons versus local projects[edit | edit source]

Some images found on our projects are hosted on Wikimedia Commons or Miraheze Commins. You can identify if an image is hosted there, rather than on a local Miraheze project, by the appearance of a View on Commons tab along the top of the page. There will also be a note just below the image stating that the file is accessible on Commons.

Wikimedia Commons has a guideline around images of identifiable people which can be useful in situations like this. It states: "The subject's consent is usually needed for publishing a photograph of an identifiable individual taken in a private place, and Commons expects this even if local laws do not require it."

Project Events are usually considered private places. This can be less obvious if the event is held somewhere that is normally open to the public, like a library or a university. A well-run event will have either something to sign if you are okay with photographs being taken or, more commonly, stickers or lanyards to indicate you are not comfortable being in photographs.

Even in public places, country-specific rules exist on consent. These rules can be complicated, and not all are legally binding. Check whether or not the country in which the offending photograph was taken is covered by a rule such as this.

"Selfies" or other images of editors which are uploaded by themselves are fairly common on Commons. Of course, while these are usually fine, users should be aware that images of themselves have the potential to be abused.

Images hosted on local projects are processed slightly differently. Policies on this tend to vary by project. On most, the unauthorized posting of someone's photograph counts as the release of personally identifying information.

Image-based problems: Images involving minors[edit | edit source]

Where there is a suspicion that an image might contain child abuse or child pornography, you must immediately report it to Miraheze through abuse@miraheze.org to alert the appropriate teams. Include a URL link to it so that it can be reviewed quickly. Even though situations like this are rare, the material must be reviewed promptly – having all relevant information available at first contact helps speed things up substantially.

Even if there's no obvious abuse or suggestion of pornography involved with an image of a minor, it can still be upsetting. There currently is no hard rule regarding the treatment of images of younger editors, uploaded by themselves or by others. Generally, it is best to use your common sense – would this image be harmful if it remained? Is this image within the scope of the project?

Communication: Communication style[edit | edit source]

Appropriate communication with a harassment reporter should focus on both appropriate communication style and second appropriate information and expectation sharing.

One of the most important things to remember when you are communicating with someone who reports suffering harassment is that harassment is, by design, intended to intimidate and upset. As a result, you will likely be addressing someone who is frightened, angry, hurt, or a combination of all three. Reporters may be worried that they will receive a dismissive response. Whatever the merits of the report itself, you can go a long way toward making the reporter feel safer than they may have feared simply by approaching it, and the reporter, with empathy.

Your goal in empathetic communication is to signal to the reporter that you understand that this is a stressful or frightening situation for them.

Some ways to communicate empathy will involve your choice of words and phrases. Try to use language that approaches the report with concern and attention, like:

• "I understand" or "Could you help me understand" – Let the reporter know that you are not just reading the words they wrote, but rather are truly trying to grasp the situation. If the initial report is clear and thorough, show them that you understand their situation. If you need to ask questions to get a handle on the situation, ask them in a way that communicates "seeking to understand" rather than skepticism or doubt about the report.
• "That must be (frightening/hurtful/upsetting)" or "I see that you are (frightened/hurt/upset)" – Active listening is an important skill in these situations. Your communications to the reporting user should indicate that you understand why they felt it necessary to reach out to you.

Avoid using words and phrases that indicate skepticism or disinterest, like:

• "I disagree" – Remember that they are reporting the situation to you as they understand it. Negative assertions and disagreement won't help you understand the situation better, and may lead the reporter to believe you are not here to help.
• "Nothing we can do" – There certainly will be cases where you cannot take action. However, there is a difference between saying "nothing I can do", and offering advice or alternative routes forward. Even if a situation does not call for administrative attention, you may be able to help the reporter with suggestions of other venues, new communication strategies, or referrals to support organizations.
• "The person accused of harassment has a good reputation" – Sometimes harassers have a good reputation on their project, which can act as a social "shield". Do not offer opinions on the person accused of harassment. Instead, focus on the reported behavior or actions.

Communication: Sharing information and managing expectations[edit | edit source]

Though your communications to the reporter should be empathetic, as described above, remember that the investigation is your responsibility. For the privacy and safety of all parties, it is neither desirable nor appropriate to actively involve the reporter or the target in the actual investigation or communications about the investigation. You should, of course, make sure you have the full details of their complaint, and be prepared to set reasonable expectations about what information they will receive and when they will receive it.

Do:[edit | edit source]

• Offer the target or reporter a timeline. Your goal should be to let them know what to expect. While you will never be able to promise a certain result or a certain closure date, you should be able to give them a sense of the projected progress of their investigation. Consider whether you can offer the reporter a "check-in" date.
• Alert them to any substantial delays that may alter the timeline you offered. Remember that while, for you, this may be one of a dozen active cases, for the reporter it is likely a much higher (and more emotional) priority. Sudden, unexpected silence or lack of apparent progress may feel alarming to them.
• Contact users in a timely manner to request any additional information your investigation requires. Particularly when an investigation involves multiple people, small delays can compound – try not to add to that by putting off simple steps like asking an important question.

Do not:[edit | edit source]

• Overshare. Again, this will be an emotional situation for the target, and you may be tempted to err on the side of giving them as much information as you can. Remember, though, that the parties involved in the case are not neutral or confidential parties. An alleged harasser does not lose their right to privacy simply by being reported.
• Make promises you may not be able to keep. While you may wish to reassure a targeted user with "I promise we will stop this behavior" or "You will have an answer by Tuesday", such a reassurance will backfire if you are unable to follow through. Know your limits, both in time and in your role.

Communication: Keeping yourself safe[edit | edit source]

Protecting your personal information[edit | edit source]

People who work on harassment complaints can become targets themselves and have their names and communications spread on the internet. When communicating with both the reporting party and the accused, use some simple rules to protect yourself.

• Realize that anything you write may be shared or "leaked" publicly. Think about how your words could be taken out of context, or used against you, as you write.
• For communications regarding your Wikimedia role, consider using a separate email address, one that does not give personal details in the address name.
• Do not give personal details in your communications. Sometimes it is tempting to give personal experiences to show you empathize with someone suffering harassment (e.g. "I saw a very similar situation when I worked at my campus help center in Mumbai"), but you need to protect your own privacy.
• Consider using a VPN or other tools to help protect your web identity, particularly when investigating through avenues which might track your activity.

Protecting your emotional well-being[edit | edit source]

Try to remember that while empathy is valuable, over-empathizing with a case can make things more difficult for both you and the people you are trying to help. If you connect too closely with the reporter, they may develop unrealistic expectations about what you can provide. You also risk exposing yourself to "secondary trauma", where you begin to experience the same negative effects as targets do. This will limit your ability to help people long-term and could lead to recurring psychological problems in the future.

Be realistic with yourself about what you can and cannot do, and realize that some distance and barriers will help you perform your role better. You can't solve all problems by yourself!

Providing support and advice[edit | edit source]

It's natural for you to want to offer as much help and support as you can to a person who is being harassed, but you must keep in mind that your skills and tools do not necessarily encompass all types of help and support that a target may need. At times, there will be advice you simply cannot offer, either because doing so may inadvertently harm the person you are trying to help or because it would be more useful to refer the person to someone more qualified to offer that support.

Before we go into types of support, remember: you should never feel obligated to counsel or advise harassment targets if you are not comfortable doing so. Your mental health and safety are as important as those of anyone else. It is much better for you to pass off a case to someone more equipped to handle it than for you to burn out trying to do it all yourself.

Providing support and advice: Actionable and non-actionable cases[edit | edit source]

As someone investigating a harassment case, you are also the person best positioned to take concrete action to stop the harassment – when doing so is possible and called for. When a case is closed or a sanction put in place, you should let the target and, if appropriate, the reporter know that action has been taken. Try not to make this communication emotional. Your goal is simply to let them know what has happened.

For cases in which you can't take action, the most important part of offering support to those experiencing is something you've already read about in this module: empathy. Your goal should be to communicate to the user that you understand their feelings and that you are approaching the situation with those feelings in mind. Even in cases where you can offer no concrete action, providing emotional support can still help the user experiencing harassment feel safer. Your communications should balance honesty with sensitivity. However, being overly blunt or protective can lessen the effectiveness of your communications.

Providing support and advice: Malicious or mistaken reports[edit | edit source]

A situation where a report was made to you in bad faith or with significant, compromising errors can be one of the hardest to address. You will be dealing with an alleged harasser who is defensive, anxious, and impatient as well as a reporter who is likely to be pushing hard for action and reluctant to reconsider their views. The key in many of these situations is to carry out communication without judgment. When talking to a mistaken reporter, remember that if they believe that they were harassed – whether you believe they were or not – you can still offer links to support venues like RAINN or the Victim Connect Helpline. Support venues exist for support in other languages.

When you speak to the accused subject of a mistaken or malicious report, keep in mind that you are delivering positive news to them. They are not in trouble, and you know they didn't do anything wrong. That doesn't mean you should communicate emotionally, however – you are a neutral, evaluative party, not a friend congratulating them on being vindicated or a prosecutor going into detail about the other party's guilt. Repeated malicious reports are a problem that should be communicated to others who may be receiving reports from the same reporter. Knowledge should be shared so that time is not wasted on evaluating reports without basis. People intentionally abusing reporting systems may need to be sanctioned, and this behavior can constitute a form of harassment itself.

Providing support and advice: What kind of support can Miraheze offer?[edit | edit source]

Miraheze has various teams that can always assist as a resource for both you and harassment targets. However, while we are always happy to provide advice, we can only take action in certain situations. This can include cases where a community has already taken unsuccessful steps to resolve the harassment or cases of harassment serious enough that the community cannot resolve it themselves. Here are a few types of help Miraheze can offer:

• Terms of Use violations: Though many activities that violate Miraheze's Terms of Use can be and usually are handled by local communities, Miraheze Sysadmins are the primary line of defence between communities and more severe violations such as threats, privacy violations, and injection of malicious software. In these cases, you should reach out to us via abusemiraheze.org with details of the case. We will review the situation and pursue appropriate solutions.

• Please note: If you pass an investigation to Miraheze, you will not be given details of their subsequent investigation. While the team will try to keep you informed of the status of the case, investigation details are considered confidential.

• Target support: Our teams will always try to be a sympathetic ear when we are available and will try to help provide or direct to you to support needed but are neither social workers nor trained mental health professionals.

• For the safety of all involved, They cannot provide counseling or emotional support, though they can direct community members in need to other available resources for these things.

• Legal support: Users and team members with legal experience cannot offer legal advice to individual community members.

Providing support and advice: What kind of non-Miraheze support can you direct someone to?[edit | edit source]

You will have noticed in the above sections that due to privacy, safety, and legal concerns, there are significant limitations to the types of assistance that community members and Miraheze can provide to users being targeted by harassment. This does not mean, however, that there is no help you can offer to those in need of types of assistance you and Miraheze cannot provide; you are free to use your judgment in referring those in need of further assistance to organizations and resources that can offer that help! The following examples are by no means exhaustive; for a more detailed listing of resources, see the Mental health resources list.

• Suicide prevention hotlines: United States / non-United States
• The Trevor Project LGBTQIA crisis support
• English/Spanish bilingual crisis hotline for "LGBTQ & HIV-affected victims and survivors of any type of violence"
• RAINN: Support for victims and survivors of rape, abuse, and incest
• WHOA (Working to Halt Online Abuse) crisis support for targets of online harassment and threats
• Crash Override Network for targets of online abuse
• National Crime Agency Command (United Kingdom only) for protection of at-risk or abused children

Support you should not offer: Mental health counseling[edit | edit source]

There are some types of support and advice that you should not attempt to give to users. These include mental health counseling and legal advice, both of which should only be given by trained and qualified professionals.

If you handle harassment cases, you will be dealing with people in various levels of mental distress. Most people understand that users with advanced rights are not psychology professionals and will not expect you to provide counseling, but in cases where someone is in crisis or where you feel the appropriate mental health advice is obvious, it can be tempting to offer it – please don't.

Why shouldn't you offer counseling, even in a case where the person needs it or you believe you know what to do? For more than one reason:

• Boundaries: As someone handling a harassment issue, your community expects you to act in a neutral, investigatory manner. Reaching past that role to counsel an involved user risks confusing them – "is this person an investigator or my friend/advisor?" – and overstepping the trust your community gave you.
• Not dividing your energy: You hold advanced rights in your community because your community felt you had expertise in the skills that role calls for: discretion, knowledge of IP address technology, good judgment in resolving disputes, and so on. Even if you think advice beyond your role could be useful, remember that you are of most use to someone in a harassment situation by using the skills the community asked you to use; try not to get sidetracked by trying to offer other services as well.
• Safety of the user: Unless you are a trained mental health professional, you simply cannot know the appropriate way to treat or counsel someone in a mental health crisis. Trying to do so without the necessary expertise means that, if you make a wrong treatment decision, you could inadvertently harm the person you are trying to help. In the case of mental health and crisis counseling, this kind of mistake could lead to a person in crises becoming even more upset, or causing a non-life-threatening situation to escalate into a life-threatening crisis.
• Liability: By representing yourself as someone able to provide mental health advice, you could be violating laws in many places that govern who may give medical treatment. If such a law applies to you, you could be held legally responsible for negative repercussions from the advice you provided. Professional providers have insurance to protect them in this situation; you likely do not.

To sum up: In a harassment situation, it is in everyone's best interests for you to focus on assisting with your community and project expertise, not as a mental health counselor. You may optionally wish to suggest to a user who asks for counseling that they reach out to an organization like the National Association for Mental Illness (NAMI) (US only), which can help those in need find mental health treatment and resources. You can also provide links to a resource directory such as our international resource directory. You are not obligated to do so if you are not comfortable doing so.

IMPORTANT: If you believe a situation is an emergency where the target or someone else is in immediate physical danger, you should consider contacting local authorities.

Support you should not offer: Legal advice[edit | edit source]

If you handle harassment cases, you will almost certainly eventually encounter one in which legal concerns come up. Perhaps a target will want to know if they can issue a DMCA to force another website to take down images of them; perhaps the harassment someone reports to you will be in the form of "I will sue you" legal threats; perhaps a target will ask whether they should pursue legal action against the harasser.

As with mental health issues, it can be tempting to offer a victim with legal questions or needs whatever level of advice you feel you can. Please don't. Why? Many of the reasons are similar to the reasons you should not offer mental health counseling:

• Boundaries: see mental health counseling
• Not dividing your energy: see mental health counseling
• Best interests of the target or reporter: Though giving poor legal advice is less likely to lead to physical harm than giving poor mental health counseling, the damage it can do is nonetheless significant. Being given incorrect legal advice could lead them to take (or not take) legal actions that are not easily reversible; it could even lead to a target putting themselves in a situation where a harasser has grounds to file a legal case against their target.
• Liability: In some countries, including the United States, it is illegal to carry out the unauthorized practice of law, which includes activities like "providing information about what actions to take or giving advice to someone that is specifically tailored to an individual's unique situation, under the guise of being a lawyer or person experienced in the law." Breaking laws of this type puts you in legal jeopardy of your own – you could be fined or imprisoned.

If someone involved in a harassment case asks for legal advice, you should explain to them that you cannot offer advice of that type. If you know of a resource that can connect targets to qualified legal assistance, you may wish to offer it, but you are not obligated to do so and if you are uncomfortable for any reason, you may choose to simply explain to the target that you cannot provide such assistance. Linked below are two resources that allow a target to search for legal aid by area, crime type, and other requirements:

• The Office for the Victims of Crime (US only)
• Citizens Advice page on free and affordable legal resources (UK only)

Handling reports[edit | edit source]

Reporting harassment publicly, or even privately, is a difficult thing for many to do. It's natural to feel uncomfortable accusing someone of harassing you or someone you know, especially when the person in question is powerful. It's possible also that the harassment is subtle and easily deniable. When people submit reports to you, they may be afraid that you may simply not take them seriously or that, even if you do, you won't care.

When you or your team receives a request, bear in mind that it may have taken a great deal of courage and caused a lot of anxiety to the reporter. Treat every claim as serious, even if its tone seems bombastic or overwrought.

Handling reports: What makes a good reply[edit | edit source]

The best thing you can do with a claim of harassment is to respond to it actively – even if there is nothing you or your team can do about it.

• Be prompt: This is arguably the key aspect to an initial response. Don't leave reporters waiting for a reply that may or may not ever come. If you are able to action the complaint immediately, do so and let the reporter know. If the case is complex and you cannot immediately offer a substantive response, let the reporter know in the meantime that you have received their message and will be investigating.
• Be empathetic: Assume the report is genuine – at the very least, assume it is something that has genuinely distressed the reporting party. Respond kindly, letting the reporter know your team will look into it. Try to avoid boilerplate replies where possible – make it clear that you are responding to their specific situation and that you are responding as another human being.
• Give concrete timing information, and stick to it: Where possible, give estimates to the reporter on how long things will take to get moving. Be sure to allow yourself plenty of time in these timing estimates; things can come up, and delays can happen – this is not your full-time job, and you are not expected to be able to drop everything when a case comes up.
• Be informative: This one is difficult, especially if the report came in privately. Being informative doesn't always mean being public or detailed; however, it's usually a good idea to at least keep the reporter up-to-date about the status of your investigations. Follow up with more emails as appropriate as the case goes on.
• Ask for updates: Let the reporter know that they should forward new developments to you as they occur. If you feel that you need more information to complete your investigation, reach out to the reporter to ask for it.

Handling reports: What to do with third-party reports[edit | edit source]

Sometimes, you will receive reports that are not from the target of harassment. For instance, someone might observe harassment occurring against someone else which they feel is serious enough to report on the other person's behalf. When investigating these situations, a good first step is to privately contact the person who is the reported target. Their opinions and any background they can provide will be valuable.

Remember, however, that your investigation and any outcomes will usually not be decided by the wishes of the targeted user. The reported problem may represent a threat to other users and the community at large and may need to be investigated whether the target desires that approach or not. In these cases, however, it important to conduct your investigation in a way that respects the target's privacy – some targets of harassment may fear retribution if they are identified as the reporting or targeted party.

Handling reports: Replying to non-actionable reports[edit | edit source]

When a report is non-actionable or contains inaccuracies, it can be tempting to just ignore it or dash off an abrupt "nothing we can do here" reply. Remember, though, that the reporter – for reasons stated earlier in this module – may have put a great deal of emotional effort into putting the report together. So, how do you respond to these kinds of reports?

The key here is to be empathetic. Sympathize with the reporter. Use soft language where possible, even if the reporter hasn't. If there really is nothing that can be done, and this is confirmed through an investigation, let them know. Give some potential next steps for the reporter. Your target here is to make sure they have at least some way forward, though it may not be totally possible to completely satisfy them with your response.

It's also important to remember that the person who was reported in a non-actionable report may also be upset by the report. This doesn't mean the report was in poor faith; it may be a misunderstanding, or a genuine overreaction. Offer and provide advice to the person reported as well, whether that be cooling an editing conflict or avoiding the user altogether.

Handling reports: When to contact Miraheze[edit | edit source]

Miraheze Sysadmins and Code Of Conduct teams deal with severe harassment complaints, performing investigations where appropriate. These can lead to global "Terms of Use bans" in the most serious of cases.

There are several situations where it might be appropriate to refer a report to Miraheze:

• Threats to life and limb: Serious threats, such as death threats or threats of terrorism must be forwarded to board[at]miraheze.org - If you are comfortable doing so, you should also consider contacting your (or the target's) local authorities to report such threats as the board are not around 24/7. Assume all threats are serious, even if they don't sound plausible. If you are not comfortable making a call yourself, email the threat into us. You may also ping us on IRC and/or Discord to get quick help.
• Serious complaints of harassment: In the case of ongoing and serious harassment, serious enough that you or your team don't feel comfortable handling it yourself, the report may be forwarded to abuse@miraheze.org.

Handling reports: Directing reports[edit | edit source]

What types of problems should be redirected to community noticeboards?[edit | edit source]

Community noticeboards are great for getting more attention onto a problem and for finding people willing to deal with difficult situations. They also enable transparency, and bringing an issue to a noticeboard avoids the appearance of underhanded dealings in disputes. For problems like a single instance of edit warring or a personal attack, a community noticeboard may be a more appropriate and effective place to deal with the problem.

That having been said, noticeboards are highly visible and open to everyone. They can result in unwanted attention and potential blame being focused on harassment targets. Noticeboard discussions are also often adversarial and hotly contested, and can flare out of control quite quickly. For this reason, we'd recommend not redirecting harassment reports to community noticeboards if there is a better option available.

What types of problems can be handled by individuals?[edit | edit source]

Clear-cut cases of harassment, involving obvious targeting and bullying, can, of course, be processed by an individual administrator in accordance with local policy. Such types of harassment are normally easy to spot and, on many projects, uncontentious to deal with, though they can also be among the most persistent of case types. When in doubt, or if a situation expands beyond your comfort zone, it is always appropriate to escalate for assistance.

More difficult cases, such as more subtle harassment or cases involving long-term or otherwise constructive editors, should be discussed by more than one person prior to any investigation being closed. SuSa would recommend these discussions be done in private, unless it is more appropriate, based on other considerations, to use a noticeboard for this purpose.

What types of problems should be redirected to functionaries?[edit | edit source]

If you receive a report addressed directly to you, that doesn't mean you have to deal with it alone, or that you are responsible for resolving it at all. (Though you can do both if it's appropriate.) Sometimes, these reports are best processed by local users with advanced rights, such as Stewards or the CoCC. For the reasons stated above, it might be more appropriate to pass cases like this on in private, rather than on-wiki.

All but the most complicated of cases can usually be processed by local administrators, though the venue in which they do this depends on the severity of the accusations and, at times, the status of the reporter or reported party.

You'll usually receive reports of harassment from users in good standing. However, you might also receive them from users under editing sanctions or even users who are blocked or banned from editing. Never dismiss a report due to the community status or reputation of involved users. Though knowledge of reputations may help you decide on the appropriate venue for handling a case, the facts of the case, not the reputations of the involved parties, are going to be the basis of your investigation.

Investigating reports: Verifying facts[edit | edit source]

There are a number of steps involved in a thorough investigation of a harassment report. It is not enough to simply look at the description or diffs a reporter submits – in almost all cases, deeper investigation is needed.

Your first step in an investigation, after replying to the reporter to acknowledge that you received their report, is to verify as many of the reported facts as possible. This will involve:

• Opening any diffs contained in the report and verifying that they say what the report says they say.
• Verifying the identity of the reporter and/or victim: Are they actually operating the user account they claim to be, or might they be only pretending to be that account's owner? (This might be done under the pretext of a disposable, single-purpose account.)
• Verifying the account status (if applicable) of the reporting party: do they omit any material facts, such as sanctions on their account? Are there any security issues related to this account, such as a compromised password, that may call for you to take immediate action?
• Verifying the identity of the alleged harasser. Be aware that situations have occurred in the past where someone pretends to be another person and misbehaves in the hopes of getting the imitated party in trouble. In most cases you will not be able – or want – to verify a "real life" identity; your concern here is making sure that the account the reporter says is doing the harassing is actually the one doing the harassing
• Verifying the account status (if applicable) of the alleged harassing party: are they under any sanctions that might be related to this situation? Are they blocked or banned? Does their account appear to have been compromised in any way?

Investigating reports: Background research[edit | edit source]

The facts you verified usually come with context that helps you to navigate the issue and understand what has happened. That makes the background an important component of evaluating a case; if you skip it, you risk overlooking history or facts that are vital to resolving the current issue.

Your background research should cover researching the involved parties along the lines of below:

• Regarding the target:
  • Has your team dealt with this person before (whether as a target, a reporter, or a harasser)? Were their reports and/or opinions reliable in any previous dealings you have had with them?
  • Does this person have a history of having been harassed, whether by the current alleged harasser or by others? (If yes, you may find that you are dealing with a new sockpuppet of an old harasser.)
  • What is this person's history in the community? Knowing that someone has participated in a gender-related WikiProject, for example, might lead you to discover that gender is the basis for the current harassment case.
• Regarding the reporter (if different than the target):
  • Has your team dealt with this person before? Were their reports and/or opinions reliable in any previous dealings you have had with them?
  • Does the reporter have a known relationship to either the target or the alleged harasser? That is, might there be an ulterior motive in their report (backing up a friend who is in conflict, exaggerating a situation to make somebody look bad)?
  • What is this person's history and what, if anything, might you know about their approach to contentious situations? They may be known as someone superbly level-headed or as someone who overreacts; either of those being true will have some bearing on how you interpret the way they present their report
• Regarding the alleged harasser:
  • Has your team dealt with this person before? Do they have a history of being reported for harassment? Have they been harassed themselves in the past?
  • Does this person have any known friction with either the reporter or the target? It may be that this reported harassment is simply the latest front in a long-term war.
  • What is this person's history in the community, and are the events in this report related to that history? Perhaps they have a history of being blocked or sanctioned when editing on a particular topic, or perhaps the reported behavior seems very unusual for them. Search the archives of relevant noticeboards and look at the block log and talk page of the user to help you determine whether that history may be related to your current case.

Adequate background research will not stop at just the two or three involved parties, however; it will also take into account the relationships those parties may have to other editors or groups, as well as any general history of the point of dispute (if any) in the harassment:

• Any organizations that any of the involved parties are affiliated with, and whether those organizations may also be in conflict
• Any off-wiki activities any of the involved parties may be involved with that are relevant (for instance, someone may be known to participate in a forum that enjoys publishing the personal information of others, or may be open about having a certain gender identity or political view)
• Whether the harassment report reflects a known long-term pattern of thematic conflict involving broader groups of users; for example, homeopathy-related editorial controversies.

A caveat on background research: Context is not synonymous with rationalization or excusing. Your background and context research will help you understand the situation at hand, and they may explain why harassment occurred in a situation, but they will not make a valid report invalid and they will not justify harassment that has taken place. All contributors are responsible for their words and actions, no matter the context of a situation. A long history of quality contributions does not excuse bad behavior, nor does being objectively "in the right" or having been victimized in the past. Likewise, a history of bad behavior does not make a contributor "automatically" guilty when accused. Therefore, your analysis of a report's validity should focus on the facts described within the report rather than the parties involved in it.

Investigating reports: Useful tools for gathering evidence[edit | edit source]

Editor interaction analyzers can help you see where and how two users have interacted on a specific wiki. It can be useful in examining the background of a dispute between editors or claims of long-term harassment.

Revision history tools (sometimes referred to as "Wiki Blame") can help you locate the appearance of text strings within revisions on a specific page and can be helpful finding a specific comment or edit.

Knowing how to search subpages of a given page (that is, to search pages under a certain prefix) will let you narrow an on-wiki search to the content of only those pages. For instance, if you wished to search all archives of the Meta Wikimedia Forum, and only those archive pages, for a specific term, you would put your search term in the search box, followed by "prefix:Wikimedia Forum/Archives/". The results Search returns to you will be occurrences of the search term only in pages whose names begin with Wikimedia Forum/Archives/.

Investigating reports: Understanding "actionable" versus "non-actionable"[edit | edit source]

Not everything you investigate will ultimately turn out to be actionable. Even in situations where wrongdoing is confirmed, you may simply not be able to take measures against the reported user. For instance, if an attack has happened on social media and you are unable to reasonably connect the social media account with a Miraheze one, you may have no options for on-wiki action. In other cases, the target may have been subjected to negative treatment by another editor, but the actions don't meet the standard for harassment or rise to a level that merits action under local policies and guidelines.

In such cases, the best of your available courses of action is not to punish the alleged attacker, but rather to provide support to the reporter. Keep in mind that not taking action against a reported aggressor doesn't mean the reporter was necessarily wrong to report this as harassment. Nor does it mean the report was inaccurate, or that either party is totally innocent. A "non-actionable" report is not the same as a false report – it is simply one that you cannot take direct action to resolve.

Investigating reports: Documentation[edit | edit source]

Documentation of what you have learned and done in harassment cases is very important for a few reasons. First, private investigations performed off-wiki, as most harassment investigations will need to be, are not automatically documented the way on-wiki edits would be; all the future will know is what you record. Second, no single person or set of people who performed an investigation can be expected to remain in their role forever; if you drift away from your role in the future, others will need a way to find out what happened and why it happened in any given investigation.

On the other hand, be aware that "documentation" doesn't – and shouldn't – mean "public documentation". It also should not mean that you or your team compile a permanent dossier about any involved editors. The parties involved in an investigation are entitled to as much privacy as you can reasonably give them while still doing your job, and it is your responsibility to protect information about them and the investigation by storing it somewhere reasonably secure and not recording or saving extraneous information.

Investigating reports: What does appropriate documentation look like?[edit | edit source]

To a certain extent, what "appropriate documentation" looks like will depend on who is performing the investigation. If you are performing an investigation as part of a team (such as the CoCC), your team should:

• Record a summary of your investigation on your team's private wiki, if appropriate based on that wiki's policies.
• Record the names of those who investigated and/or voted on outcomes for the investigation.
• Take screenshots or gather diff links of evidence that informed any eventual outcomes of the investigation. Store these somewhere accessible to your team, such as on a private wiki or in an email to your team's secure, archived mailing list.

If you are evaluating an initial complaint before passing it on to users with advanced rights or to an appropriate team at Miraheze, make sure that your communication to the other investigating group contains:

• Contact information for you
• Contact information for the reporting party and/or victim
• A summary of the complaint
• Functional links to any relevant URLs
• Functional diff links to any specific on-wiki edits relevant to the complaint (if you have them)
• A summary of any preliminary investigation work you may have done

Investigating reports: Where should the documentation be stored?[edit | edit source]

The answer to this question depends on your role. Some groups, such as the CoCC, may have their own "private" wiki. Other groups may primarily use email in their communications. Individuals receiving reports may have no designated place to document. So, work either in your team's designated space or in a secure document of your own creation to store the information.

Do not use an on-wiki "sandbox" for this, and avoid hosting your documents in publicly accessible places, such as an unsecured "cloud" storage account. Collaborative documents such as Google Docs can be useful; however, you should pay careful attention to the "sharing" or security settings (see Google's help page on this topic). Your documents may well contain personally identifying information, and a "leak" could permanently damage the reputation and public trust that users have in your group.

Closing cases: Documentation[edit | edit source]

We've covered a lot of skills that are important for closing a case in previous lessons in this module. Let's review them now.

Any case closure will need to start with documentation. Your documentation should have information about what the case was about, who investigated the report and what they found, and what the outcome was.

This documentation may be stored on your team's private wiki, or in a post to your team's private, secured mailing list. Do not document your cases publicly or in a low-security location like an etherpad. Information that is private and personal should not be made public.

Closing cases: Closing non-actionable reports[edit | edit source]

Even in a case where you and your team take no action, there are some steps you will need to carry out as you close a case.

First, you will need to notify the target of the outcome of your investigation. Remember to communicate with empathy and to offer the target further resources for help if such resources exist. You may wish to provide some detail about why the case was deemed non-actionable, but do not become over-detailed: it is rarely a good idea to go into detail about whether you, personally, believed their report or whether a particular piece of evidence was found lacking.

After this, you may need to notify the subject of the report. Whether this is necessary will depend on the situation: was the report obviously mistaken, and you closed it at a glance without needing to do a full investigation? In that case, the subject of the report may not know a complaint was even filed, and will be surprised to hear from you. On the other hand, did you do a full investigation, including speaking to the subject and/or witnesses about the existence of the case? In that case, you owe it to the subject to let them know that the case is closed and what the outcome is.

Closing cases: Closing actionable reports[edit | edit source]

Closing an actionable report is a bit more involved, though it is based on most of the same steps.

Usually, your first step in closing an actionable case will be to take any on-wiki action your team has decided on. The timing of this step is important; if it has become necessary to place a block or ban on a user, you want to avoid leaving them in a state of "nothing left to lose," especially if they have advanced user rights that could be misused in retaliation. That will mean placing any blocks or bans first, before notifying the sanctioned user.

There should not be a gap in time where the sanctioned user is left wondering why a sanction has been placed on them; immediately after placing any blocks or bans that are needed, you should notify relevant parties. This will include the sanctioned editor, first; the target or person who reported the case to you, second; and possibly any on-wiki venues your community requires sanctions to be posted in.

When communicating with someone you are sanctioning, keep your statements factual and as non-judgmental as you reasonably can given the situation. Communicate clearly what action is being taken against them and, in general terms, why, and what they can do if they wish to appeal your decision. Even in the context of explaining how to appeal, however, it is not appropriate to provide a sanctioned user with the name of, or detailed information provided by, their accuser or target. As always, you should attempt to communicate with both targets and reported users with empathy.

Remember that in severe cases that involve advanced user rights, you may need to contact a steward or bureaucrat to request removal of those rights, and that these teams may not make instantaneous decisions on such requests. In a case where you must reach out to stewards or bureaucrats for higher-level action, you needn't delay closing your case or taking any necessary local actions unless you have reason to believe that the need for these actions will be affected by the decisions made by the stewards or bureaucrats.

Reporting out: Deciding whether a public announcement is necessary[edit | edit source]

Once you have finished placing any necessary sanctions, you may need to make a public notice of the case outcome. Doing so will not be necessary in all cases, and you will need to use your best judgment and the local policies of your project when deciding what to say publicly about a case and how to say it.

Some projects, like English Wikipedia, publicly announce all removals of advanced user rights via a noticeboard. If your case's closure included one of these actions, your team will be expected to make a public statement about it. Other projects rely more heavily on individual administrator discretion, or on private discussion about these topics. If your project is one of those types, you should not make an undue spectacle of your case's closure.

Reporting out: Choosing what details to release in a public announcement[edit | edit source]

When making public announcement about a case closure, you are not obligated to – and in nearly all cases, should not – release the entirety of the case, evidence, or investigation; most of these will contain private or sensitive information that may lead to either the reporter or the perpetrator being targeted in the future. A public announcement should be factual and as neutral as possible. It is your responsibility to make yours in a way that will not harm the involved parties.

It is also important to remember, though, that most people who see your announcement will not be aware of the detailed background of the case that you have had access to. Do your best to make your statement understandable to community members in this position; failing to do so may undermine the community's trust in your team's decisions. Use your judgment to find the right balance of an announcement that is understandable but not overly reliant on sensitive information.

Things your announcement should contain:

• The username of the sanctioned user
• The basis of the case (for example, "harassment" or "misuse of private information")
• The outcome of the case (for example, "user is banned" or "user's administrator rights are revoked")

Things that might be appropriate to include in your announcement:

• On-wiki diffs of problematic behavior by the sanctioned user if and only if they are vital to describing this case, and they contain no private or hurtful information about either the targeted editor or others

Things that are not appropriate to include in your announcement:

• Personal details of, or links to content that includes the personal details of, parties involved in the case.
• The content of, or links to the content of, the harassment. The reason you or your team handled the case privately was because this content was potentially hurtful or embarrassing to the target.
• Explicit descriptions of things you believe the sanctioned user has done. While your announcement should provide some information about why you are sanctioning the person, be aware of the fact that an internet pseudonym is not an impenetrable shield, and there is potential for any accusations you make to harm the real life of the person about whom you make them.

Be cautious! In extreme cases, you could be held legally liable for inaccurate or unprovable statements you publicly make about someone.

Reporting out: Responding to third-party questions about a case[edit | edit source]

Remember after you release the statement that community members who see your announcement do not know the details of the case and may not know much about any of the involved parties. It is understandable that members of a transparency-centric movement might want more information about an investigation that was conducted off-wiki and without public discussion. Your team's decisions in such a situation may appear shocking or unjustified. Community members may want you to answer questions ranging from the general ("Does this outcome affect how we apply this policy?") to the very specific ("Is this about that post they made on Reddit?")

Though these community questions are understandable, when attempting to answer them, you should remember that there is a reason that your community charged your team with handling these investigations in private when needed. A question being asked does not mean you are obligated to fully answer it if doing so would reveal case details that are best kept private.

In a situation where third parties are asking you questions about a case, aim to provide as much detail as you safely can, but no more. Use your best judgment to determine where to draw the line; below are some general guidelines, but if you're not sure whether a question can be answered without stepping outside those lines, always check with your team or a colleague.

1. Is the question answerable without violating the privacy of any involved parties? If yes, go to 2. If no, do not answer publicly.
2. Is the question answerable without violating any confidentiality obligations that apply to your team's discussions? If yes, go to 3. If no, do not answer publicly.
3. Is the question directly relevant to the case at hand? If yes, go to 4. If no, suggest the question be brought to a more appropriate venue.
4. Does the question appear to be relevant to helping the community understand your team's decisions, or does it appear to be a matter of curiosity? If relevant, answer the question publicly based upon your best judgment. If it seems to be curiosity, respond by explaining why conducting harassment investigations privately is important.

After a case: Self-care[edit | edit source]

Dealing with harassment cases is tough for all involved. This doesn't just apply to the parties of the case, but to the mediator as well. You should know how to effectively care for yourself after handling a case, no matter what the outcome of the case is.

It's not uncommon to feel personally invested in cases, particularly ones which do not have an easy solution or which uncover information that upsets you. You may experience "secondary trauma" or "caregiver burnout" – a common feeling of guilt or mental exhaustion experienced by those providing care to others. Your ability to care for others depends on you keeping yourself safe and healthy enough to effectively give that care.

Some resources around caregiver burnout include WebMD and Australia's HealthDirect, which provide steps on what to do to deal with this. Many other resources are available to help you deal with stress. It is most recommended to speak with your doctor if you feel this is getting in the way of your activities both on and off the projects.

After a case: Debriefing[edit | edit source]

Immediately after a case, you and the group in which you work (for example, local oversighters or the stewards) should gather to "debrief" on the case you just helped to mediate. Ask yourself questions to help with this, like:

• Was the result the best possible given the circumstances?
• What went well in this case? (Perhaps note down some things you did or said which were received well, or which led to progress.)
• What didn't go well in this case? (Perhaps note down some areas where progress was slow, or where processes made things difficult.)
• How could you work to make things better for next time? Are there policies that could be improved or discussed?

While it may seem odd to discuss a case, finish it, and then return immediately to talking about it, this type of debrief is useful to work out better processes, as well as to keep at least an informal record of how things are going. It is best done soon after the case, before people begin to forget details. It should make future cases that are similar easier should they come up, or it might even prevent them coming up at all. Your debrief doesn't need to be public – it can be done on an email thread or on a platform like IRC. The important thing is to think about whether your processes can be improved, and to start to understand where problems exist.

After a case: Responding to questions from the community or in public venues[edit | edit source]

Cases don't always end with a final decision and a report-out. Sometimes – especially in more controversial cases – your decision or actions taken will be questioned. Information on what to include in your answers to questions like these can be found in this module. Look for 'Reporting Out' sections. There is more to this than just answering the questions, though. You also need to be able to manage your own mental health here, balancing it with the well-being of those involved in the case.

You are never obligated to take an action you aren't comfortable with, particularly in a case that involves the potential for harassment; however, the community should be able to expect that relevant and non-intrusive questions will be answered. If you're concerned that doing something like answering a public question might result in harassment directed at you either onwiki or on external websites, consider asking another team member to answer it, or referring the questioner to a more private venue like email for discussion.

After a case: Follow-up tracking and appeals[edit | edit source]

Once you've finished dealing with a case, there's usually an avenue for the sanctioned party to appeal later. This is usually at some point after their block or ban is placed. (In some cases your team may need to restrict the frequency of or time frame of such appeals.) For the mediator, this means a case might come up again in the future. Even if there is no appeal, it's worth keeping an eye on these cases after they come to a close.

You don't need to keep a personal log of every case you've ever looked at. For the most part, you should just know where to look for records about previous cases, and know how to parse them in the future. For those on Arbitration Committees and on other committees which rely on decisions made in previous cases, this is a key part of your work. In particular, you should know how to find:

• The result of the case
• The parties involved in the case
• The reporter, assuming they weren't otherwise a party in the case

If the case was processed privately for some reason – if it was a sensitive issue, or if revealing any of the above points would be dangerous somehow – then you should at least be aware of these details in case they are needed in future cases.

This page contains a draft of a proposed global policy for Miraheze. The proposal is still a work in progress and/or under discussion, and has not yet reached the consensus for adoption.