On Wed, Jun 13, 2012 at 1:36 PM, FT2 ft2.wiki@gmail.com wrote:
IPv6 is designed to operate on a "one IP = one device/connection" (non-NAT) basis, far more than IPv4. Privacy policy coversd "personally identifiable information". An IP becomes personally identifying when it broadly allows a person to be identified. If IPv4 can be "personally identifying" then IPv6 is guaranteed to be more so, because of its design and intended usage.
It looks like the switch to making the "UserID on public record" more anonymous for non-logged in users (hashing their IP for example) could usefully be brought in, simultaneous with or parallel to IPv6. As Erik says, both are desirable verging on necessary at some point, and the one mitigates against the issues of the other.
It serves a second purpose - a good system providing a more anonymous "UserID of public record" would also mean that IPv4 and IPv6 users would have similar "names" in the public record and block lists, meaning that the same tools and interfaces would work equally with both. This would simplify matters for future as well.
Without second guessing a suitable method, I would like to see unlogged-in users represented by a "name" of the form "IP user XXXXXXX" or "Not logged in YYYYY" or some such; there would be difficulties in that we want similar IPs to look similar without providing easy ways to identify the genuine underlying IP (eg by noticing other similar XXXX's whose IPs are known). It's also going to have implications for vandalism and abuse related activities, where it is often helpful that action is easily identified as a similar IP. It would be nice not to lose that sense of "similar IP" while not exposing the genuine IP.
Choice of method is a technical matter, I'd suggest if we move on both, then hopefully IPv6 will mark a step where anonymity improves and is available to logged in and not logged in users. But either way, IPv6 does have privacy implications for non-logged in users. IPv4 did too, but historically we let it alone and it was less severe. With IPv6 it may not be, and action would be much more important.
FT2
Why is "improving anonymity" a goal? Our privacy policy governs the disclosure of non-public information, but the IP addresses of editors without an account have always been effectively public. Are IP editors clamoring for more privacy? Is masking IPv6 addresses more important than the uses to which IP addresses are currently put? Is masking a better way to solve the problem of potentially more identifiable information in IPv6 than, say, a more prominent disclosure and disclaimer? Would masking the IP addresses only for logged-out users be a worthwhile change, given the ease of registering an account? Would they remain masked in the histories of project dumps? There are a lot of questions to answer here before it's reasonable to start suggesting changes be made, and these are only some.