koyaanis qatsi wrote:
Oh, it's not hypothetical at all; they'll even "detain" (or, more properly, "disappear" [and q.v. Argentinian history for those not understanding that term]) people for something as innocuous as contributing to certain charities. It happened recently with an Intel employee.
All the more reason that we should not give people the impression of anonymity when their IP addresses are, in fact, being logged by us indefinitely.
I'd argue that now is the time to be proactive, while it's still legal. I think it woul be great to encrypt *all* IP addresses in the database, and to *chronjob scrap server logs every 24 hours.
Despite what I've said in other posts, I actually agree with you. But this is a significant undertaking, to consistently attempt to provide secure anonymity for our contributors. I will support it ... ... BUT, until it's done, we should make IP addresses visible and make it clear on the every edit page that contributions are NOT anonymous yet.
IOW, you're proposing to change the reality, and that's fine with me. But I am proposing to insist that reality match appearances. Indeed, regardless of whether IPs are encrypted in the database, whatever's in the database should be shown publicly. If that's an encrypted ID, great -- we have anonymity. If that's not encrypted, then people realise that they're not anonymous. The fundamental principle to avoid fooling people -- which is actually a basic wiki principle in general -- is to make the information in the database publicly available. Then if we want to provide anonymity -- and it is a good idea -- then the only way to give even the *appearance* of anonymity is to actually provide anonymity in *reality* -- by encrypting IPs before putting them into the database, as you suggested.
-- Toby