On 30/03/15 09:25, Brian wrote:
I suspect this challenge will be very easy for anyone
who is determined.
Indeed, even if MediaWiki no longer displayed IP addresses, there would
still be enough information to identify people. Completely getting rid of
the edit history would largely solve the problem.
So... what do you actually want? I am having trouble working out how
many layers of sarcasm to strip back here to find your actual point.
There are alternatives to publishing IP addresses that we have
discussed before, for example automatically creating a user account
with a random name and associating it with a persistent cookie. The
user could set a password or just abandon the account by letting the
cookie expire. CheckUser would still provide access to IP addresses. I
would support such a change. I have no idea whether you would.
After reading this post and your posts on wikien-l, here are my
theories on what your non-sarcastic beliefs may be:
1. That we shouldn't store or use IP addresses at all, and that
identification for abuse prevention should be done by some kind of
unspecified cryptographic magic.
2. That disclosure and storage of IP addresses should be limited in
some pragmatic way to reduce the risk of identification by
cross-correlation in the manner you suggest in your $2.50 "prize".
3. That Wikimedia's suit against the NSA is hypocritical and that both
Wikimedia and the NSA have legitimate needs for data collection.
Feel free to narrow it down for me.
-- Tim Starling