zero 0000 wrote:
--- Tim Starling <ts4294967296(a)hotmail.com>
wrote:
Anonymous proxies are
regularly used for vandalism, and once we block one, the vandal just
moves to another one. On meta recently we've had a bot operating to
vandalise tens of articles, via an anonymous proxy.
Would there be any objections to systematically blocking all
anonymous proxies on a site-wide basis?
I would object to it being done without a study to determine how many
genuine editors use anonymizers. There are quite legitimate possible
reasons. One is an editor who writes in Wikipedia from work but
doesn't want his/her employer's IP to be associated with it. Another
is someone who wants to be anonymous on Wikipedia but has a fixed IP
address that uniquely identifies him/her.
An editor who wants to obscure their IP address can always use a transparent
proxy. If the user accidentally (or by choice) edits when logged out, the
address displayed publicly will be the address of the proxy. However, a
sufficiently motivated developer could capture the "forwarded for" header
and determine the actual address, thereby thwarting any vandalism.
Developers already have a policy of not giving out IP addresses without a
very good reason.
Perhaps a tutorial on transparent proxies would be helpful, if people want
to do this.
I have no sympathy whatsoever for people who want to write exposes about
their employers, of the kind that the employers would want to follow up with
a subpoena for logs. Wikipedia is not the place for original research or
unverifiable insider information.
We should not ban this
practice unless we have a global policy that anonymity is forbidden.
There are varying degrees of anonymity. The kind of anonymity which holds up
under legal requests or vandalism prevention actions by developers should be
forbidden. The costs are far too high, and easily outweigh the negligible
benefits. However, we should continue to allow people to keep their IP
addresses hidden from the general public.
That's not to say that I don't sympathize with the problem you
describe. On the other hand, how much of this problem would
exist if it wasn't for the practice of allowing people to edit
articles without logging in? Every time this matter is raised there
are screams about the sky falling in, but I have yet to see a single
convincing reason why we can't restrict editing to logged-in users.
Sunir Shah has suggested a method for making it blindingly obvious that a
user is about to edit anonymously. Specifically, if the user is logged out,
a username/password box is shown on the edit page. I made a mockup of this
for demostration purposes, at:
http://www.ph.unimelb.edu.au/~tstarling/EditPage_with_login.html
-- Tim Starling