On Saturday 25 June 2005 00:55, Andrew Gray wrote:
On 24/06/05, Jake Waskett jake@waskett.org wrote:
On Friday 24 June 2005 17:53, David Gerard wrote:
As can be readily seen from a reverse DNS query, this IP address is a transparent proxy server, use of which is forced upon NTL users (a large UK telco). manc-cache-5.server.ntli.net
Trouble is that admins can't actually see what IP a username is coming from. So there's no indication until someone calls it to their attention.
Hmm. There seems to be a clash between anonymity and usability here, as is so often the case with security systems.
Perhaps we could allow admins to see part of the reverse DNS, but not all of it. If we strip off the last two parts of the name (in this example, leaving just "manc-cache-5.server"), we'd get something that nine times out of ten would identify a proxy or not, but would not be personally identifiable.
Hmm. Set recent-changes to show only anons; 250 edits comes to about 175 unique IPs (busy people, these - one was there four or five times). Converting them to names, then stripping off the two trailing sections, we get this list - http://www.generalist.org.uk/wiki.txt (somewhere along the line it went to 126 addresses. Buggered if I know why.)
Of those, only 20 have proxy or cache in the name.
Thoughts on how useful this sort of data would be, given the reasonably sized sample above?
Ok, so of 126 addresses, we have about 20 proxies. So about 16% of anonymous Wikipedias users are recognised as being behind a proxy, using this scheme. I don't know the answer to this question, but does anybody know roughly what proportion of web users go through a proxy server? Is it close to 16%? If so, we've got a pretty good scheme here.
Of course, a determined user could create a sub-domain with 'proxy' or 'cache' in the title, which would fool a simple software implementation, but perhaps not a human.
In reply to geni's comment, we're talking about a minor change to the software anyway, so all that's needed is to present the admin with this information at the time that he or she chooses to block a user.
Ideally, the software could give the admin a "no IP block" option, to exercise at his or her discretion (the software may already do this; I don't know). That would enable pests to be banned without banning others behind the same proxy. If I were to implement that, I'd also set a "banned user" cookie that would catch a change of username.
Pros: * Avoid blocking legitimate users * Preserves anonymity, to a reasonable extent * (If "no IP block" option is implemented) Grants more flexibility to admins in their work.
Cons: * Will take a couple of days to implement * Not 100% foolproof (or smart-but-malicious-proof)
Comments, anyone?
Jake