May I suggest one more piece of logic? An IP block is automatically released if a non-banned user logs in on it. (which means that the IP has been reassigned away from the vandal)

Hrmm. I thought part of the joy of IP blocks was that vandal user accounts can't come in from that IP either. I've used this at least once to ban a logged- in vandal.

A vandal shouldn't be able to escape the block by creating new user accounts (or falling back to user accounts that already exist)

I myself would like to suggest a feature: when we get sysop ability to ban logged-in users, the last IP of a banned user should itself be banned for, oh, an hour or so (without actually revealing the IP address to any non-developer, if there are privacy concerns). Is that feasible?

Note the part about not revealing the IP address - this shouldn't become a way for sysops to determine arbitrary users' IP addresses, by banning them briefly (though actually I would like to be able to check IP addresses, but I guess if we're going to have a privacy policy we can't do that).

Evercat