On Mon, Jun 16, 2008 at 9:20 AM, Gregory Maxwell <gmaxwell(a)gmail.com> wrote:
On Sun, Jun 15, 2008 at 6:55 PM, David Gerard
<dgerard(a)gmail.com> wrote:
2008/6/15 Gregory Maxwell
<gmaxwell(a)gmail.com>om>:
On Sun, Jun 15, 2008 at 10:31 AM, David Gerard
<dgerard(a)gmail.com> wrote:
> It's also entirely unclear how this proposal would actually cause a
> better encyclopedia, dictionary, media archive, quote database etc. to
> be written. You know, the stuff we're supposed to be here for. Project
> first, then community.
By this logic we should grant access to
Special:Checkuser to everyone.
No? Explain.
You originally claimed something was in need of fixing; support it.
I only asked why we give the equivalent checkuser on half our users to
the general public. So far only Anthony has provided a reasonable
explanation.
There is a much more obvious answer: nobody has written the code to do
otherwise. An IP is a fixed size which helps with storage, and the
properties of IP numbering and re-use are well-known, allowing people
to roughly guess when it is a different person on the same IP.
Any change to mediawiki to remove or obscure IPs needs to also give a
similar ability back to editors; we are human and we like to know how
many editors we are working with, even more so when editing behaviour
is suspicious.
To make you happy I'll go ahead and make an
argument for
fixing something:
I don't see any logical cause for the inconsistency in how we treat
registered and unregistered users. There is no particular reason is
has to be this way, it seems to be historical accident as Anthony
suggested. Instead we could publish the IPs of all edits, we could use
opaque identifiers for anons, or we could completely dissallow
anonymous editing. All of these would be consistent solutions.
It is very strange that we call IP edits "anonymous" yet they are
often more revealing than edits made when logged in.
The current inconsistent situation generates a lot of
problems:
Careful COI pushers are rewarded for being smart enough to log in
while at the same time normal users are harmed by accidentally getting
logged out and having their IP surprisingly leaked.
The edit histories of our articles are frequently sliced and diced to
hide the IPs of established contributors and this sometimes makes the
article history misleading. For example, see my edits on meta today (I
swear I didn't do that intentionally to make a point, I have no clue
how I ended up logged out) ... my IP edits couldn't be hidden without
making the history misleading due to the timing of Cimon's edits. ...
and the service of IP edit oversighting is generally only available to
the Wiki(p|m)edia elite, if for no other reason than few others know
it is available.
The oversight tool desperately needs finer granularity. If the IP is
the element that needs to be hidden, it shouldnt be necessary to
pretend that the edit didnt happen. Anyone know when the new
oversight tool is going to land?
https://bugzilla.wikimedia.org/show_bug.cgi?id=3576
Also, many people are not aware that oversight needs to be done before
the next dump in order to be useful. I often see admins removing six
months old IP talk contribs, for privacy reasons, and are a bit
surprised and annoyed when I show them the dumps.
Unregistered users account for roughly half of the
contributors on at
least one of the largest projects (EnWP). They make many valid and
useful contributions (along with a bunch of junk...). We often
mislead them about their privacy by calling their contributions
"anonymous" when they are far less anonymous than the edits made by
many registered users. Checkuser is by far one of the most highly
regulated activities on all the projects. We keep a very tight fist
over it. Yet, its equivalent is given freely over an enormous subset
of the contributors. This smacks of favoritism.
I think our behavior should probably be changed to remove the
inconsistency. By removing the inconsistency we will prevent
unpleasant surprises. I think the ability to *know* and *understand*
the privacy posture you have when editing Wikipedia is more important
than what the posture is, so I don't care which path to consistency is
taken.
I would presume that of the three I suggested most users would prefer
replacing IPs with unique identifiers. The primary harm this path
would cause is an increase in need for checkusers.
Rather than adding a layer on top of IP to hide the IP, it would be
less revealing to automatically assign each new IP session with a
cookie managed identifier, i.e. "Guest1234" (or a long random string
that does not repeat, such as a GUID ) and then allow the user to
rename this "guest account" when they finally learn how to. Also when
a user has accidentally logged out, when they log back in from a guest
account to their main account, the system could allow the user to
merge those guest edit into their main account.
--
John