Ivan Krstic <krstic <at> fas.harvard.edu> wrote:
You can hide the IP completely from visitors,
and just allow the admins to see it, or you can use an asymmetric cipher
with a site-wide password. The latter option has the advantage that you
can salt with another known property of the edit - say, timestamp - to
get a new per-edit identifier for the same IP each time, avoiding the
problem with Brent's solution.
I'm not sure you understand the problem we're trying to deal with here.
The idea is to make sure edits by the same person are connected
somehow. Even as a non-admin, when I revert some vandal's work, I
need to be able to see what else that person has done, so I can figure
out if he's vandalized any other pages. I need to know that it's one
person who keeps editing the same text into the page, not three. What
I *don't* need is enough information to hack the person's computer or
figure out if he's a political dissident in my own country. Hence, I
don't need the IP, but I need *something* that's constant for that
person.
If every edit will get a different "anonymous identity" (so to speak),
we might as well just list "Anonymous" as the editor.
Also, some people have asked why even sysops need access to IP
addresses. The reason is that they need to be able to block entire
subnets occasionally, and to do that they need to know the IP.
Brent,
Thanks for putting it nicely!
MD5 hash is good for showing a consistent unique number but its now allowing me
to ban. It says "user doesnt exist" when I try to ban that hash.
I would greatly appreciate if you allow me to contact you and seek your help in
this as you are going to do the same thing I need too: Show an anonymous IP,
only admin sees the real IP and ban the blocks if people are being consistent
vandals, etc.
thanks a lot
Eric