zero 0000 wrote:
--- Tim Starling ts4294967296@hotmail.com
wrote:
Anonymous proxies are regularly used for vandalism, and once we block one, the vandal just moves to another one. On meta recently we've had a bot operating to vandalise tens of articles, via an anonymous proxy.
Would there be any objections to systematically blocking all anonymous proxies on a site-wide basis?
I would object to it being done without a study to determine how many genuine editors use anonymizers. There are quite legitimate possible reasons. One is an editor who writes in Wikipedia from work but doesn't want his/her employer's IP to be associated with it. Another is someone who wants to be anonymous on Wikipedia but has a fixed IP address that uniquely identifies him/her.
An editor who wants to obscure their IP address can always use a transparent proxy. If the user accidentally (or by choice) edits when logged out, the address displayed publicly will be the address of the proxy. However, a sufficiently motivated developer could capture the "forwarded for" header and determine the actual address, thereby thwarting any vandalism. Developers already have a policy of not giving out IP addresses without a very good reason.
Perhaps a tutorial on transparent proxies would be helpful, if people want to do this.
I have no sympathy whatsoever for people who want to write exposes about their employers, of the kind that the employers would want to follow up with a subpoena for logs. Wikipedia is not the place for original research or unverifiable insider information.
We should not ban this practice unless we have a global policy that anonymity is forbidden.
There are varying degrees of anonymity. The kind of anonymity which holds up under legal requests or vandalism prevention actions by developers should be forbidden. The costs are far too high, and easily outweigh the negligible benefits. However, we should continue to allow people to keep their IP addresses hidden from the general public.
That's not to say that I don't sympathize with the problem you describe. On the other hand, how much of this problem would exist if it wasn't for the practice of allowing people to edit articles without logging in? Every time this matter is raised there are screams about the sky falling in, but I have yet to see a single convincing reason why we can't restrict editing to logged-in users.
Sunir Shah has suggested a method for making it blindingly obvious that a user is about to edit anonymously. Specifically, if the user is logged out, a username/password box is shown on the edit page. I made a mockup of this for demostration purposes, at:
http://www.ph.unimelb.edu.au/~tstarling/EditPage_with_login.html
-- Tim Starling