ID do Relatório: Gv2k0v0e7IOI0zXNlwEX

Beyond the Edit: An Investigative Report on Digital Privacy and Administrative Overreach on Wikipedia

1. Introduction: The Digital Panopticon within the "Free Encyclopedia"

The global success of Wikipedia is predicated on a delicate balance: a mission to provide universal access to free knowledge that relies entirely on a self-governing community of volunteers. However, a strategic tension has emerged where the tools designed to protect this open ecosystem are increasingly being weaponized against its contributors. When administrative power is left unchecked, the "Free Encyclopedia" transforms into a digital panopticon, where technical security protocols are repurposed for personal surveillance. This is not a theoretical concern; in the Brazilian project, the intersection of volunteer governance and national law has become a volatile frontier for digital rights.

This investigation explores how administrative tools, specifically the "CheckUser" function, are being used for "doxxing" and personal persecution. We examine cases where administrators move beyond editorial oversight into the realm of identity-based investigation. In specific disputes involving accounts such as "WazzimaGiygg" (Pedro Henrique Cardona Peres) and administrators like "Chronus," the shift from monitoring site edits to "unmasking" individuals represents a profound breach of trust. While community governance provides the day-to-day framework for the platform, the legal structures of the Brazilian state supersede internal policies when fundamental rights are violated.

2. The Brazilian Legal Shield: Marco Civil and LGPD

In the Brazilian digital landscape, the Marco Civil da Internet and the LGPD serve as the primary legal safeguards against data misuse. These laws ensure that digital platforms are not lawless enclaves, regardless of their internal guidelines or the perceived "sovereignty" of their administrators.

Statutory Protections for Users

The following legal principles constitute the baseline of protection for every contributor within Brazilian jurisdiction:

• Marco Civil da Internet (Law 12.965/2014): Known as the "Constitution of the Internet," it mandates that the storage and use of personal data must strictly respect the preservation of intimacy and private life.
• LGPD (Law 13.709/2018): The General Data Protection Law protects individuals against the inadequate processing of their data.
• Princípio da Finalidade (Principle of Purpose): Under the LGPD, any processing of personal data—including digital identifiers like IP addresses—must be conducted for specific, legitimate, and disclosed purposes.
• Preservation of Intimacy: Both laws reinforce that technical access does not grant a right to invade an individual's private sphere or conduct biographical cross-referencing.

Technical Usage vs. Identity Correlation

A critical violation occurs when administrators move beyond the Princípio da Finalidade. The table below illustrates where legitimate maintenance ends and illicit data processing begins:

Action Type	Description	Legal Status
Technical Usage	Using CheckUser tools to obtain an IP address strictly to prevent technical abuse (e.g., vandalism, sockpuppetry).	Legitimate / Permitted
Identity Correlation	Using administrative IP data to link a pseudonym to a real-world identity via social media searches without consent.	Violation of Purpose (Desvio de Finalidade)

When an administrator uses their position to initiate a "biographical investigation" between technical data and external social platforms, they transition from site security to illegal data processing, triggering civil liability for the individual and potentially the platform.

3. Digital Persecution: The Criminality of Online Stalking

The shift from monitoring "on-site edits" to investigating "who the person is in real life" transcends editorial disagreement; it enters the territory of criminal conduct. Since the introduction of Article 147-A to the Brazilian Penal Code in 2021, digital "investigations" of an individual can be legally classified as stalking.

The Case for Stalking (Art. 147-A)

Under the 2021 amendment, stalking is defined as pursuing someone repeatedly by any means—including digital—resulting in the invasion or disturbance of the individual’s sphere of liberty or privacy. In the case involving the user "WazzimaGiygg," the administrator "Chronus" allegedly engaged in persistent searches across external platforms to "unmask" a user who had chosen to operate under a pseudonym. This behavior—shifting from "what is being edited" to "who is editing"—qualifies as a criminal disturbance of the private sphere.

Investigative Checklist of Harassment

• [ ] Persistent searches across multiple platforms to expose a user's private sphere.
• [ ] Efforts to "unmask" a user who has chosen pseudonymity.
• [ ] Publicly connecting an anonymous account to real-life names, photos, or professional profiles without consent.

The "So What?" Factor: If an administrator commits a crime using platform tools, the Wikimedia Foundation (WMF) faces significant civil liability in Brazil. Shifting the focus to off-site identity creates a direct legal liability for the individual administrator, moving the conflict from an internal community dispute to a criminal matter regarding the victim’s honor and reputation.

4. The "CheckUser" Paradox: Tool Utility vs. Administrative Malpractice

The CheckUser tool is a strategic necessity for detecting "sockpuppets." However, its power creates a paradox: the same tool required for security is easily weaponized in personal disputes.

Legal Checklist for Challenging Administrative Misconduct

To challenge the misuse of these tools, the following four arguments (Desvio de Conduta) are essential:

1. Desvio de Finalidade (Deviation of Purpose): The tool is for technical data (IPs, Cookies). Using this as a starting point for social media "detective work" to link accounts like "WazzimaGiygg" to "Pedro Henrique Cardona Peres" is an action outside the tool's scope.
2. Doxxing and Outting: Wikipedia global policies forbid "outting." Attempting to identify a user who wishes to remain pseudonymous—especially when the administrator in question (e.g., "Chronus") demands privacy for their own real identity—is a grave violation of equity and conduct.
3. Right to be Forgotten and Data Minimization: Under LGPD, re-linking inactive accounts from months or years ago to a current user for the purpose of "exposure" or "punishment" is an abusive practice.
4. Impedimento (Conflict of Interest): Administrators must declare themselves "impeded" if they are involved in personal disputes. Using tools for "vengeance" (vindicatividade) is grounds for the immediate removal of privileges (desysop).

5. Institutional Accountability and Global Policy Overlap

Local decisions made by administrators do not exist in a vacuum; they are subject to the Wikimedia Foundation (WMF) global privacy standards, which often offer higher protection than local community consensus.

The "OSINT" Fallacy

Administrators frequently argue that "if the information is on the internet, it is not doxxing." This is a fundamental misunderstanding of WMF policy. Using non-public administrative data (CheckUser logs) to "confirm" external suspicions found on social media constitutes a violação da confiança da ferramenta (violation of the tool's trust). Using access data for any purpose other than protecting the project from technical harm is an explicit breach of global policy.

Pathways to Redress: The Institutional Vacuum

In the Brazilian project, the Comitê de Arbitragem (Arbitration Committee) is currently deactivated. This creates a dangerous lack of local oversight, making external and global intervention the only remaining options:

• Oversight (OS): Requesting the concealment of private information inappropriately exposed.
• Ombuds Commission: The only body capable of auditing CheckUser logs to determine if an administrator accessed private data out of vindicatividade (animosity) rather than legitimate need.

6. Conclusion: Reclaiming the Boundary Between Governance and Law

Digital administrators are not "above the law." This investigation reveals that the misuse of data tools for the purpose of doxxing represents a significant civil and criminal risk under Brazilian law. When an investigation shifts from protecting an encyclopedia to pursuing an individual's private identity, the boundary of legitimate governance has been crossed.

Strategic Takeaways for Challenging Overreach

1. Invoke LGPD Violations: Explicitly highlight the Desvio de Finalidade when technical tools are used for biographical research or social media cross-referencing.
2. Apply Stalking Statutes: Document persistent off-site identity searches as a criminal violation under Article 147-A of the Penal Code (2021).
3. Bypass Local Failure: Given the deactivation of the Comitê de Arbitragem, escalate directly to the Ombuds Commission to audit logs for evidence of personal animosity.
4. Denounce the OSINT Defense: Emphasize that using administrative data to confirm external suspicions is a violação da confiança da ferramenta, regardless of what is publicly available on the internet.

Maintaining the integrity of digital communities requires absolute transparency and strict legal compliance. Without these, the tools of protection inevitably become the tools of persecution.