Ivan Krstic <krstic <at> fas.harvard.edu> writes:
Eric wrote:
Jumble up again
add something again
---
And now you have a nonsense IP that's almost impossible to crack.
No. You have a nonsense IP that anyone with the slightest determination
can reverse-engineer. As I previously mentioned, you have two ways of
ensuring strong anonymity. You can hide the IP completely from visitors,
and just allow the admins to see it, or you can use an asymmetric cipher
with a site-wide password. The latter option has the advantage that you
can salt with another known property of the edit - say, timestamp - to
get a new per-edit identifier for the same IP each time, avoiding the
problem with Brent's solution.
While it may well be enough for the level of anonymity you're striving
for, claiming that your makeshift cryptographic hand-waving is "almost
impossible to crack" is, at the very least, ignorant.
-IK
You're probably right about the possibility of cracking the makeshift jumbling i
suggested earlier, and the fixed salt MD5 seems a better option of assigning a
unique number to each IP.
Your two ideas are good for anonymity, however, easily dealing with Vandalism is
an equally important aim I cant afford to compromise with. If the IP's are
hidden, people would not be able to click on that unique number and see all the
edits by that certain number/IP. If the IP's are encrypted uniquely with
different salt each time, that too will disable people from checking the
vandalist acts made by the same IP. So one thing is clear: We need a unique
number for each IP. The chance of someone having the same IP as another person
is very small so that doesnt matter. The asymetric cypher you and others
suggested seems the best choice. Interestingly the anonymous edit tracking works
if the output 'code' (IP) starts with a number. If it starts with a letter (like
f7564ghfdd), it doesnt work. That problem is solved by adding a constant number
to each anonymous code (like 5f7564...).
Anonymity means that ideally, not even Admins should see the real IP so the real
IP should not be stored in the database even if MyPhPadmin is the only way to
access it.
Dealing with vandalism is the remaining issue:
The site will be controversial so there will be lots of vandals. Removing
anoynous editing is an option but I want to see how it goes before I'm forced to
remove anoymous editing.
I dont believe Wiki is equipped to deal with vandals easily. Looking at the case
of a vandal who does 50 edits in a single day and how WIKI itself advises to
deal with it:
- Click on all the rollback links
So we'd have to click 50 times on all the rollback links. Think about dealing
with this daily.
Since same IP's can be used by others, WIKI should add a certain unique random
number that makes that IP and that machine unique. Something that could come
from creating a cookie in that machine. So you'd have 111.111.111.111.PC_ABR34
PC_ABR34 identifies that certain PC so if another person is using another PC
with the same IP, they'll get a different number. The aim is to differentiate 2
people using the same IP and thus differentiate the vandal from the good guy.
With that in place, there should be a way to reject all the changes of a single
IP/PC with a few sysop clicks.
Also, there should be protection from bots which copy paste the same text in the
mass vandalism they do. Detection should be there to catch the same text being
posted in different pages from the same IP and block or atleast postpone
suspicious edits until someone approves it. Flood limits should be set between
edits so we can reduce the number of spam vandal edits. Automatic Alert pages
should be present for anonymous edits, particularly high volume edits from the
same IP.
So I think that WIKI is not well equipped to deal with anonymous vandalism. It
works for most of the information WIKI has which is nuetral, but this is a big
problem for controversial topics where vandals are bound to be more. Removing
anonymous editing has the disadvantage you know of already.
There definitely has to be a way of dealing with anonymous vandalism more
efficiently and quickly.
I'm glad the uniquq salt/code works, so I do have a way to ban a single IP but
dealing the vandalism is the next big problem.
Eric