On Mon, Jun 16, 2008 at 1:21 AM, John Vandenberg <jayvdb(a)gmail.com> wrote:
There is a much more obvious answer: nobody has
written the code to do
otherwise. An IP is a fixed size which helps with storage, and the
properties of IP numbering and re-use are well-known, allowing people
to roughly guess when it is a different person on the same IP.
Any change to mediawiki to remove or obscure IPs needs to also give a
similar ability back to editors; we are human and we like to know how
many editors we are working with, even more so when editing behaviour
is suspicious.
It would be nearly trivial to feed the IP through a 32bit block
cipher, convert that to base 36 (or just an integer), and use that as
the user_text. I'm pretty confident that a reasonably clean solution
wouldn't be hard. ::shrugs:: But does anyone anywhere want that
behavior in mediawiki?
It is very strange that we call IP edits
"anonymous" yet they are
often more revealing than edits made when logged in.
Indeed.
The oversight tool desperately needs finer
granularity. If the IP is
the element that needs to be hidden, it shouldnt be necessary to
pretend that the edit didnt happen. Anyone know when the new
oversight tool is going to land?
https://bugzilla.wikimedia.org/show_bug.cgi?id=3576
note my comment at the bottom of that ticket. :)
Also, many people are not aware that oversight needs
to be done before
the next dump in order to be useful. I often see admins removing six
months old IP talk contribs, for privacy reasons, and are a bit
surprised and annoyed when I show them the dumps.
People are also surprised when deletion fails to successfully hide information.
Considering how trivial it is to run a script that saves every change
as it is made.. all we can really hope to do is minimize the bleeding.
Rather than adding a layer on top of IP to hide the
IP, it would be
less revealing to automatically assign each new IP session with a
cookie managed identifier, i.e. "Guest1234" (or a long random string
that does not repeat, such as a GUID ) and then allow the user to
rename this "guest account" when they finally learn how to. Also when
a user has accidentally logged out, when they log back in from a guest
account to their main account, the system could allow the user to
merge those guest edit into their main account.
It would be less revealing but it would greatly amplify the ability to
hide because it would be far more anonymous. Depending on the
implementation it could be used as a force multiplier with a single
user on a single IP churning out dozens of guest ids by flushing their
cookies.
Obscuring the IP would convert the IPs into effective pseudonymous
names, similar to real account names. The above would create something
much closer to actual anonymous edits. I doubt most Wikimedia Wikis
would support a proposal like that. (though, personally, I suspect
life would go on if it were done).