The check user special page is used by administrators investigating certain forms of abuse. It can be particularly useful when a user is suspected of editing using multiple accounts illegitimately.
All uses of the check user facility are logged as they involve accessing potentially sensitive information. You should always state the reason for your request on the "check user" form. The form then provides a number of options:
- You can give a username and click on "Get IPs". This will give a list of all the IPs used by the specified user in the time covered by the "Recent changes" log. Each IP will be a link. Clicking on one of these links will return you to the "check user" form with that IP filled in. It may be useful to open up each of these links in a separate window.
- You can give an IP address and click on "Get edits". This will give a list of all the edits made from that IP address regardless of whether or not the user was logged on.
- You can give an IP address and click on "Get users". This will give a list of all users who have edited from that IP address. For each user, links are given to their user and talk pages, and their list of contributions. You can also see the date and time of their first and last contributions.
Note that you can check an IP range between /16 and /24 using CIDR format.
Multiple users on a single IP address does not prove that they are sock puppets. They may be users from a single school, university or employer. It is not unusual for such users to appear to share an IP address.
Equally, users using different IP addresses does not prove that they are not sock puppets. Some ISPs allocate IP addresses dynamically, so users may get a new IP address from time to time. AOL are the worst, giving a different IP address for each page request.
However, whilst "check user" does not give proof, it may provide additional evidence to supplement suspicions raised by editing patterns. It also gives information that you can use with tools such as whois, traceroute and nslookup to determine the location of the user. It would be highly suspicious if several users claimed to be from different locations but evidence from "check user" showed that they are all from the same location.