Ben Brockert wrote:
YA-feature request: how about making it more private for the users? Instead of the utility taking one username and giving IP addresses, have it take two usernames and have it say whether or not they are the same IP? Or the same /24, to catch the dialup users. I don't think all sysops should have access to all user's IPs (I say that as a sysop, not as a tinfoil'd user), but I also think kicking sockpuppets should occur well before arbitration.
Unfortunately the situation is more complex than that. Many users are behind proxies, either mandated by their ISP or by choice. Occasionally two legitimate users may use the same public or school computer. Partial IP matches, such as someone using the same regional ISP, are very useful despite not being certain. Two users using regional ISPs from different regions is an excellent indication that they are not the same person. Dialup pools and DHCP pools for DSL users are usually larger than /24. If we could make a magic script that somehow compared two IP addresses and produced a percentage likelihood that they were the same person, then maybe we could avoid releasing IP addresses. But at present, allowing competent humans to compare hostnames and traceroutes, check for open ports, request whois information, visit ISP webpages, etc. is the only way to produce useful information.
-- Tim Starling