IPv6 is designed to operate on a "one IP = one device/connection" (non-NAT) basis, far more than IPv4. Privacy policy coversd "personally identifiable information". An IP becomes personally identifying when it broadly allows a person to be identified. If IPv4 can be "personally identifying" then IPv6 is guaranteed to be more so, because of its design and intended usage.
It looks like the switch to making the "UserID on public record" more anonymous for non-logged in users (hashing their IP for example) could usefully be brought in, simultaneous with or parallel to IPv6. As Erik says, both are desirable verging on necessary at some point, and the one mitigates against the issues of the other.
It serves a second purpose - a good system providing a more anonymous "UserID of public record" would also mean that IPv4 and IPv6 users would have similar "names" in the public record and block lists, meaning that the same tools and interfaces would work equally with both. This would simplify matters for future as well.
Without second guessing a suitable method, I would like to see unlogged-in users represented by a "name" of the form "IP user XXXXXXX" or "Not logged in YYYYY" or some such; there would be difficulties in that we want similar IPs to look similar without providing easy ways to identify the genuine underlying IP (eg by noticing other similar XXXX's whose IPs are known). It's also going to have implications for vandalism and abuse related activities, where it is often helpful that action is easily identified as a similar IP. It would be nice not to lose that sense of "similar IP" while not exposing the genuine IP.
Choice of method is a technical matter, I'd suggest if we move on both, then hopefully IPv6 will mark a step where anonymity improves and is available to logged in and not logged in users. But either way, IPv6 does have privacy implications for non-logged in users. IPv4 did too, but historically we let it alone and it was less severe. With IPv6 it may not be, and action would be much more important.
FT2
On Wed, Jun 13, 2012 at 4:34 PM, Deryck Chan deryckchan@wikimedia.hkwrote:
On a separate note about IPv6: I just saw the first IPv6 anon entry appearing on my watchlist. It's exciting! Deryck
On 13 June 2012 13:43, Anthony wikimail@inbox.org wrote:
On Tue, Jun 12, 2012 at 6:39 PM, Kim Bruning kim@bruning.xs4all.nl wrote:
I noticed that my current IPv6 address appears to be assigned dynamically by XS4ALL. I can probably get static if I choose it. But
the
dynamic assignment option does alleviate some people's privacy concerns, right?
One particular concern, which isn't really much different from IPv4.
And in something like 90% of browser configurations, you're already giving out a semi-static unique string with every request anyway. (see https://panopticlick.eff.org/)
The bigger concern for WMF is the possibility for increased privacy.
ps. We all know that everyone needs to switch to IPv6 eventually.
Unless IPv7 or IPv8 comes out first.
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l