[WikiEN-l] Re: Anonymous proxies (was Re: Desysop Morwen)

[Tim Starling]

zero 0000 wrote:
> --- Tim Starling <ts4294967296 at hotmail.com>
wrote:
> >
> > Anonymous proxies are
> > regularly used for vandalism, and once we block one, the vandal just
> > moves to another one. On meta recently we've had a bot operating to
> > vandalise tens of articles, via an anonymous proxy.
> >
> > Would there be any objections to systematically blocking all
> > anonymous proxies on a site-wide basis?
>
> I would object to it being done without a study to determine how many
> genuine editors use anonymizers.  There are quite legitimate possible
> reasons.  One is an editor who writes in Wikipedia from work but
> doesn't want his/her employer's IP to be associated with it.  Another
> is someone who wants to be anonymous on Wikipedia but has a fixed IP
> address that uniquely identifies him/her.

An editor who wants to obscure their IP address can always use a transparent
proxy. If the user accidentally (or by choice) edits when logged out, the
address displayed publicly will be the address of the proxy. However, a
sufficiently motivated developer could capture the "forwarded for" header
and determine the actual address, thereby thwarting any vandalism.
Developers already have a policy of not giving out IP addresses without a
very good reason.

Perhaps a tutorial on transparent proxies would be helpful, if people want
to do this.

I have no sympathy whatsoever for people who want to write exposes about
their employers, of the kind that the employers would want to follow up with
a subpoena for logs. Wikipedia is not the place for original research or
unverifiable insider information.


>We should not ban this
> practice unless we have a global policy that anonymity is forbidden.

There are varying degrees of anonymity. The kind of anonymity which holds up
under legal requests or vandalism prevention actions by developers should be
forbidden. The costs are far too high, and easily outweigh the negligible
benefits. However, we should continue to allow people to keep their IP
addresses hidden from the general public.

>
> That's not to say that I don't sympathize with the problem you
> describe.  On the other hand, how much of this problem would
> exist if it wasn't for the practice of allowing people to edit
> articles without logging in?  Every time this matter is raised there
> are screams about the sky falling in, but I have yet to see a single
> convincing reason why we can't restrict editing to logged-in users.
>

Sunir Shah has suggested a method for making it blindingly obvious that a
user is about to edit anonymously. Specifically, if the user is logged out,
a username/password box is shown on the edit page. I made a mockup of this
for demostration purposes, at:

http://www.ph.unimelb.edu.au/~tstarling/EditPage_with_login.html

-- Tim Starling