On Thu, 2003-04-03 at 09:51, Jimmy Wales wrote:
Well, I side generally with those who say that we should respect anonymity. But I also still say that allowing sysops to access signed-in-users ip numbers for the purpose of stopping logged-in-vandal-attacks is not a significant compromise of anyone's anonymity.
I have no firm objection to allowing sysops to see users' ips, but I see limited benefit in it and it's not on my list of priorities. If someone else wants to code it up, they're welcome to do so.
But do remember that that's one more magic sysop power for the cabal. I don't like widening the gap like that, even if it is free to join.
People seem to have a wrong idea of how much information an ip number contains. Usually, very little. An ip number gets you as far as an ISP, no further. There may be rare exceptions, but in the main, knowing an ip number doesn't tell you very much that's personally identifiable about a person.
Well, it's rare that an IP will resolve to something as detailed as Joe.Blow.At.34.Sycamore.Street.Idylville.city.CA.US. ;) However IPs that belong to a small school, company, or local ISP can give more localizing information with just a reverse DNS lookup than many people might be comfortable with handing out.
And of course, if _everybody_ shows IP addresses left and right, you're opening up possibilities for cross-referencing and profile-building, which is where the privacy advocates will really start freaking out.
If Joe Blow posts an article under a pseudonym on Wikipedia that's critical of his employer / repressive government, then posts a boring everyday message on some bulletin board under his real name, and the two can be connected by a publicly visible IP address... Goodbye, Joe!
I'm not saying we should shred all records after 24 hours and encrypt our hard drives. ;) But we should pay attention to how our behavior fits into a larger context. If our policy is that sysophood is what everyone should have, but you have to show good faith and ask for it, then allowing sysops to view IP addresses of logged-in users is very nearly equivalent to posting them in public view.
The reason we show IP addresses for "anonymous" edits is in my view not to track and ban vandals. It's just to tack the only identifying information we have available onto edits as an attribution. If that helps to stop vandalism, well that's helpful too.
We should respect anonymity, but we should also recognize that there are a lot of myths about anonymity. Just think how many people refuse to log in because they want to remain anonymous. They don't really get it, I think.
Yes, that's counterproductive. :)
-- brion vibber (brion @ pobox.com)