We should set permanent cookies on every pageview except saves, require
cookies for saving pages, assign random account names (anon2349bx29s) to
anonymous editors, and use cookies to block most users.
We should do away with IP numbers in page histories, recent changes etc.
completely.
We should retain the ability to block by IP in emergencies.
This would address several current problems and have several advantages.
1) Having users' IP numbers published all over the place is a quite
serious privacy violation. It would be trivial to scan recent changes for
hosts with open ports and security vulnerabilities. Furthermore, it
reveals geographic information about anonymous editors which they may want
to keep private (such information can be very specific, depending on the
ISP).
2) Banning anonymous users by IP affects anyone who also uses the same IP.
In case of proxies, this may be thousands of individuals. If the first
message we send a new user - because they share a vandal IP - is "You are
banned from editing for serious vandalism", that user is unlikely to
become a regular contributor. Even regulars are frequently pissed off
because they accidentally get blocked.
3) Banning users by IP is also ineffective, as for most users, it is
trivial to get a new dynamic IP address.
4) For repeat vandals, we can set a very high or unlimited expiry without
fear of blocking someone else.
5) Requiring cookies even for anons allows them to change their user
preferences even without creating an account.
6) We can more easily attribute edits to users and easily change anon
edits over to real accounts when people decide to create an account. This
may also address some copyright issues.
Now, regarding some possible criticisms:
1) "They will just delete the cookie and edit away." Yes, some users will
do that. For these users, we should retain the ability to block by IP
(without revealing that IP address to sysops). However, doing so requires
an understanding of how the blocking mechanism works, which most users
don't have. They will have to know how to *remove* cookies, not just
disable them. The user will have to keep deleting the cookie every time it
is re-blocked. And sysops don't have to be hesitant about blocking them,
because no other users can be affected by it. So we can in fact make this
a single-click operation, making it costly for the average user, and cheap
for us.
2) "I have cookies disabled for privacy reasons!" Then you can't be
editing Wikipedia non-anonymously. We already require cookies for signed
in users. Most modern browsers allow enabling cookies on a case-by-case
basis. If a user tries to edit a page without having cookies enabled, we
will let them know that they need to enable them. If you are concerned
about privacy, you should be more concerned about having IP addresses
publicized everywhere, even stored permanently in the page history.
3) "This won't help us to deal with the most egregious vandals." Maybe,
maybe not. A vandal using a script would have to do the same thing as a
malicious user -- get a fresh cookie from a regular pageview, use that
cookie to submit an edit, then discard the cookie. This isn't hard to do,
but I doubt the average kiddie will be able to figure it out. On the other
hand, we can build more extreme anti-vandalism measures on top of this,
like disabling edits by any completely new contributor (= not setting any
new cookies) for a few hours.
All in all, I think this would greatly reduce the time spent on fighting
vandalism, and allow us to focus on more important matters, like creating
an encyclopedia.
Regards,
Erik