With hashing, a given IP would always give the same hash. So this
uniqueness property would remain for people with stable IPs.
On Fri, Jul 11, 2014 at 10:55 AM, Risker <risker.wp(a)gmail.com> wrote:
This is one of those perennial proposals that never
quite seems to take
off; I can remember having some version of this discussion back in 2008,
and I know that some of our earliest edits show a partially obscured IP
address, not the whole thing. It might require Brion or Tim or someone else
of that length of experience to explain the original thinking.
Some of the "pros" of keeping the IP address as the "username" for
unregistered users:
- Even in this day and age, there are plenty of people with stable IPs;
they choose to edit as unregistered users for philosophical reasons, and
their IP's edit history is essentially their own editing history
- Especially on smaller projects (but also big ones), range blocks are
usually calculated and applied by administrators, not
checkusers/stewards.
Some of the "cons" of publishing the IP address as the username:
- Privacy - IPv6 addresses in particular are including more and more
very specific information that could be used to link RealLife Name with
the
edits. (My own ISP now gives enough information in many cases to narrow
geolocation down to a one-block radius - a big change from 2 years ago
when
geolocation was about an 800 mile radius.)
- Privacy - more and more jurisdictions consider a person's IP address
to be "private" information. Our page histories could be considered one
gigantic privacy violation.
- Increasingly dynamic IP addresses, often rotating within very large
ranges that no longer link with any certainty to geolocation
- Freaked out new users who didn't really get that their IP address was
going to be very publicly displayed.
I'm pretty sure there are a whole pile more pros and cons that we can pull
out of the archives from various mailing lists, and I know that there have
periodically been discussions amongst developers and the rest of the
engineering team to try to come up with a "better way" - but like many
other interesting, good and even potentially necessary ideas, it's never
made it to the top of the priority heap.
Putting on my checkuser hat for just a minute...it's essential information
for having any chance at all of identifying multiple accounts or pattern
editing; however, the tables used by checkusers are non-public so
Checkusers continuing to have access to IP data should not be an issue.
Risker/Anne
On 11 July 2014 10:25, Tyler Romeo <tylerromeo(a)gmail.com> wrote:
I agree that it’s a double standard, but looking
at the bright side, it
becomes a big encouragement to anonymous users to register and log in.
The
Account Creation Experience Team (or whoever the
hell is in charge of
that)
can correct me, but I would imagine that we would
see a big drop in
registered accounts if IPs were hashed.
Also, it’d be really annoying to have hashes as usernames, so we’d have
to
think of an alternative scheme that makes things
more readable.
--
Tyler Romeo
0x405D34A7C86B42DF
From: Gilles Dubuc <gilles(a)wikimedia.org>
Reply: Wikimedia developers <wikitech-l(a)lists.wikimedia.org>>
Date: July 11, 2014 at 9:34:18
To: Wikimedia developers <wikitech-l(a)lists.wikimedia.org>>
Subject: [Wikitech-l] Anonymous editors & IP addresses
This interesting bot showed up on hackernews today:
https://news.ycombinator.com/item?id=8018284
While in this instance the access to anonymous' editors IP addresses is
definitely useful in terms of identifying edits with probable conflict of
interest, it makes me wonder what the history is behind the fact that
anonymous editors are identified by their IP addresses on WMF-hosted
wikis.
IP addresses are closely guarded for registered users, why wouldn't
anonymous users be identified by a hash of their IP address in order to
protect their privacy as well? The exact same functionality of being able
to see all edits by a given anonymous IP would still exist, the IP itself
just wouldn't be publicly available, protected with the same access
rights
as registered users'.
The "use case" that makes me think of that is someone living in a
totalitarian regime making a sensitive edit and forgetting that they're
logged out. Or just being unaware that being anonymous on the wiki
doesn't
mean that their local authorities can figure out
who they are based on IP
address and time. Understanding that they're somewhat protected when
logged
in and not when logged out requires a certain
level of technical
understanding. The easy way out of this argument is to state that these
users should be using Tor or something similar. But I still wonder why we
have this double standard of protecting registered users' privacy in
regards to IP addresses and not applying the same for anonymous users,
when
simple hashing would do the job.
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l