Hi,
I'd like to suggest two solutions to the blocking of dynamic IP addresses or proxies that may affect innocent users.
Solution #1: IP address blocks should expire after n days unless renewed by someone. That way, instead of forgetting to unblock people, at worst we forget to re-block them. In my opinion, it's better to fail to punish somone effectively than to punish someone who's innocent.
Solution #2: We should give blocked users a way to re-gain access to the site, namely by creating an account. I don't know if this is currently possible, but it should be. We can block accounts a lot easier than IP addresses. So we could basically say on the block page: "Because IP addresses cannot be reliably linked to individuals, it may be that you receive this message in error. In that case, or if you want to change your behavior, please create an account and sign in, and you can continue to use Wikipedia."
We might still reserve complete IP&account bans for those who abuse the account "backdoor", but this should be the exception, not the rule.
This would make our security softer, and hopefully more effective.
Regards,
Erik
Solution #2: We should give blocked users a way to re-gain access to the site, namely by creating an account. I don't know if this is currently possible, but it should be. We can block accounts a lot easier than IP addresses. So we could basically say on the block page: "Because IP addresses cannot be reliably linked to individuals, it may be that you receive this message in error. In that case, or if you want to change your behavior, please create an account and sign in, and you can continue to use Wikipedia."
I definitely agree with this. I was quite surprised to find that when my (proxy server) IP was banned, I was banned too - even though I was logged in.
Incidentally, my (default) proxy (194.117.133.196 cache-haw.cableinet.co.uk) is banned again - my ISP also caters to the recent goatse.cx vandal. I know how to manually change my proxy, but other valid users on Blueyonder in south west England ([[user: Nosrail]] for example) may not.
Rob user:rbrwr
On Mon, Nov 04, 2002 at 07:36:48PM +0000, Rob Brewer wrote:
Incidentally, my (default) proxy (194.117.133.196 cache-haw.cableinet.co.uk) is banned again - my ISP also caters to the recent goatse.cx vandal. I know how to manually change my proxy, but other valid users on Blueyonder in south west England ([[user: Nosrail]] for example) may not.
Perhaps there's a way we can make use of the 'Client-ip' and 'X-forwarded-for' headers which are added by many ISPs' proxies.
I think it would be necessary to decide whether the actual IP address seemed to be a shared proxy or not when imposing the ban -- simply matching against these headers whenever they were persent would just make it easier for people with fixed IP addresses to avoid the ban.
It wouldn't help people with short-term IP address leases at all, of course.
-M-
On Monday 04 November 2002 16:31, Matthew Woodcraft wrote:
Perhaps there's a way we can make use of the 'Client-ip' and 'X-forwarded-for' headers which are added by many ISPs' proxies.
If you do that, you'll run afoul of me - I'm running Squid on the laptop, so the client ip is 127.0.0.1.
I think it would be necessary to decide whether the actual IP address seemed to be a shared proxy or not when imposing the ban -- simply matching against these headers whenever they were persent would just make it easier for people with fixed IP addresses to avoid the ban.
My criterion for banning is, if there are 3 vandalisms from an IP address, I check a sample of the IP's contributions. If there are no good-looking edits, I ban.
I suggest that IPs that have been unbanned because they're proxies be put on a list, and if someone tries to ban that IP, he be warned that he's banning a proxy.
phma
At 18:08 04/11/02 -0500, Pierre Abbat wrote:
My criterion for banning is, if there are 3 vandalisms from an IP address, I check a sample of the IP's contributions. If there are no good-looking edits, I ban.
This is a good policy, except that (as far as I can tell) when you check contribs for an IP address you only see edits made anonymously from that IP, but when you ban an IP you ban both anonymous and signed-in users at that IP. If a proxy or a shared computer has been used by an anonymous vandal and a useful signed-in user, the signed-in user will be blocked, and Wikipedia will lose the benefit of his edits.
Rob (rbrwr)
On Tuesday 05 November 2002 04:13, Rob Brewer wrote:
This is a good policy, except that (as far as I can tell) when you check contribs for an IP address you only see edits made anonymously from that IP, but when you ban an IP you ban both anonymous and signed-in users at that IP. If a proxy or a shared computer has been used by an anonymous vandal and a useful signed-in user, the signed-in user will be blocked, and Wikipedia will lose the benefit of his edits.
This needs to be changed, then. Either we have to see the signed-in contributions from an IP address, or blocking an IP address needs to not block signed-in users and we need a way of blocking signed-in users.
phma
wikitech-l@lists.wikimedia.org