On Wed, 10 Mar 2004, Erik Moeller wrote:
This would address several current problems and have several advantages.
- Having users' IP numbers published all over the place is a quite
serious privacy violation. It would be trivial to scan recent changes for hosts with open ports and security vulnerabilities. Furthermore, it reveals geographic information about anonymous editors which they may want to keep private (such information can be very specific, depending on the ISP).
If people want to hide their IP address they can do so by logging in, all your system would do is force users to login (even if it is under an assigned name). Also IP address are useful in identifying specific vandals with dynamic IPs and also in copyvio/NPOV discussion where the users contribution may relate to their IP address (for example a company IP editing an article about that compant.).
- "They will just delete the cookie and edit away." Yes, some users will
do that. For these users, we should retain the ability to block by IP (without revealing that IP address to sysops). However, doing so requires an understanding of how the blocking mechanism works, which most users don't have.
That kind of vandal isn't really a serious problem we spend more time dealing with persistent vandal with some basic skills then we do with casual vandals.
While I don't disagree that cookies can be used to better deal with vandalism, I don't see why they should replace the current methods. I think the best solution would be a hybrid one allowing for a user to be blocked either on the basis of IP or of cookie.
Incidently on the proxy issue, one way we could identify users who use proxies is to deliver a graphic via ftp or https, as most web browsers will simply bypass the proxy and download the image directly giving away their IP address.
Imran