On Thu, Nov 17, 2016 at 11:09 PM, Gergo Tisza gtisza@wikimedia.org wrote:
the ability to claim recent anonymous edits when you register.
Here, here. I'm sure my IP address is lying around in lots of places in the wikidump because I forgot to log in or my cookie expired and I never noticed. Automating the task of claiming those edits once you log in would go far toward preventing accidental IP exposure.
I might also suggest thinking of this in terms of architectural change. We have been too casual about IP information inside mediawiki. What if we took as a first step factoring out all IP-related code from the core db and pushing it into a separate db. So instead of "IP edits" we have some sort of automatically-generated pseudonym *but also recorded the IP address associated with this pseudonym in a separate database* -- perhaps this function is actually in an extension, not in core mediawiki. Now we preserve all our abilities to track down sock puppets or do IP blocks, but at the cost of one indirection.
We can then take steps to further protect/limit/purge this IP address database independent of the core mediawiki database, and we don't have "hidden gotchas" in the core code because the core code doesn't manipulate IPs any more. And folks who do routine tasks like processing archive dumps of the core db don't stumble across IPs. --scott