We have a long-standing problem with AOL, which is that they insist on being a single giant cluster of anonymizing proxies. Should we consider sending a cookie to AOL browsers which issue edit requests, to give them some kind of identity? This would, of course, mean some loss of privacy, but no more than that of any other IP user who is not behind an anonymizing proxy.

We could simply give them a random number, generated from a high-quality PRNG, and send it to them as a resonably long-lived cookie when they make their first edit request. This could then be used in lieu of an IP address. So, we would have three types of name:

* IP addresses (with addresses in dotted-quad or IP6 notation) for normal anons * Logged-in users (names starting with a capital letter) * Anons with cookies (dotless strings starting with a digit, say, generated from a _hash_ of the cookie we sent)

Note that we only display a hash of the cookie contents. This allows us to verify that the cookie is a genuine one sent by us, making spoofing very hard to do. This could be as simple as keeping a table of valid cookies; alternatively, some digital-signature scheme could be used to remove the need for a database lookup. This would also prevent mischevious users from impersonating AOL users by stealing their cookie.

All of this could be done with very little change to the code, if I understand correctly how it works. This would let us watch and block AOL users in much the same way as logged-in or IP users. The downside is that we would probably have to block AOL users without cookies set from editing to get the full benefit from this policy. We could easily send them a message "Dear AOL user: you currently have cookies disabled; you will need to enable cookies to edit this page. See here for more information...".

Benefits: * we can track AOL users for vandalism, at last * they can still browse without needing cookies set * no need for extra user interaction, if they have cookies set (which they do by default) * no other anons need to have cookies set at all * this scheme can be extended to other totally anonymising ISPs, if needed, including schools/colleges with proxy servers

Downside: * AOL users lose a bit of anonymity (but, hey, that's the upside, too!). * highly clueful AOL users could still work around this somewhat by technical means, but: re-read the first clause of this sentence -- and it will still deal with 99%.of the problem

Note that they are still _pseudonymous_, so there's no way of tracing through to their real identities save through the AOL abuse department, so we are still protecting their privacy.

So, this provides a nice tier between 'open' and 'blocked' that should go a long way towards preventing the need for indiscriminate range-blocks.

How about it?

-- N.