[Wikimedia-l] Update on IPv6

Wed Jun 13 18:37:03 UTC 2012

On Wed, Jun 13, 2012 at 2:29 PM, Brandon Harris <bharris at wikimedia.org>wrote:

>
> On Jun 13, 2012, at 11:21 AM, Risker wrote:
>
> > I believe that FT2 is saying that we should seriously consider masking
> the
> > *publicly viewable* IPv6 addresses.  The only reason that we publish the
> IP
> > addresses of any logged-out user is for attribution purposes, although
> some
> > use it for other reasons (both positive and nefarious).  Quite honestly,
> it
> > doesn't matter what information is put in place in the publicly viewable
> > logs, provided it's consistent.
>
>
>         A couple of weeks ago, Brion Vibber and I started walking through
> a series of thoughts about eliminating publicly viewable IP addresses
> altogether, creating "Proto Accounts".  That is, to completely anonymize
> anonymous users (by calling them "Anonymous XXXXXX") and at the same time
> creating system whereby Anonymous users might be encouraged to become
> registered users (and retain the edits they did anonymously).
>
>        This would work by "back-loading" the account creation process:
>
>                1) User makes anonymous edit (as "Anonymous 1234").  Edit
> is logged as "Anonymous 1234").
>                2) User is given call-to-action to convert to a registered
> account.
>                3) User fills out account form (username, password, email)
> (let's call them "AwesomeSauce89")
>                4) Proto account gets renamed to "AwesomeSauce89"; the
> edits that were under "Anonymous 1234" are now listed as being by
> "AwesomeSauce89"
>
>        I also spoke with Tim Starling about this in Berlin and he agreed
> that it was a good idea.  However, this would be no small feat.  A big part
> of the problems involved in this type of anonymizing involve how we deal
> with range blocks.
>
>        Would this be something people might like to see happen?
>
>
>
In my view, no. I think we need to balance the "risk" argument for
anonymity (dissidents, whistleblowers, people editing topics they wouldn't
want to be publicly associated with, etc.) with the benefits of partial
anonymity. Among these benefits I'd cite the many news items regarding the
discovery of fishy editing patterns from Congressional offices, corporate
offices, government agencies, political candidates, etc.  We're an
organization with competing aims: we'd like to be as transparent as
possible, and by and large believe in the value of radical transparency,
but we also want to protect our users from undue harm. I think we can
maintain that balance by having a very stable and predictable approach to
privacy, and by being abundantly clear with our disclosures and user
education with respect to privacy. The above approach wipes out any
transparency in favor of complete privacy, without (to my mind)
establishing the particular benefits of that outcome.

~Nathan