[WikiEN-l] Rethinking vandalism

[Imran Ghory]

On Wed, 10 Mar 2004, Erik Moeller wrote:

> This would address several current problems and have several advantages.
>
> 1) Having users' IP numbers published all over the place is a quite
> serious privacy violation. It would be trivial to scan recent changes for
> hosts with open ports and security vulnerabilities. Furthermore, it
> reveals geographic information about anonymous editors which they may want
> to keep private (such information can be very specific, depending on the
> ISP).

If people want to hide their IP address they can do so by logging in, all
your system would do is force users to login (even if it is under an
assigned name). Also IP address are useful in identifying specific vandals
with dynamic IPs and also in copyvio/NPOV discussion where the users
contribution may relate to their IP address (for example a company IP
editing an article about that compant.).

> 1) "They will just delete the cookie and edit away." Yes, some users will
> do that. For these users, we should retain the ability to block by IP
> (without revealing that IP address to sysops). However, doing so requires
> an understanding of how the blocking mechanism works, which most users
> don't have.

That kind of vandal isn't really a serious problem we spend more time
dealing with persistent vandal with some basic skills then we do with
casual vandals.

While I don't disagree that cookies can be used to better deal with
vandalism, I don't see why they should replace the current methods. I
think the best solution would be a hybrid one allowing for a user to be
blocked either on the basis of IP or of cookie.

Incidently on the proxy issue, one way we could identify users who use
proxies is to deliver a graphic via ftp or https, as most web browsers
will simply bypass the proxy and download the image directly giving
away their IP address.

Imran
-- 
http://bits.bris.ac.uk/imran