[Wikimedia-l] Update on IPv6

FT2 ft2.wiki at gmail.com
Wed Jun 13 17:36:08 UTC 2012 

IPv6 is designed to operate on a "one IP = one device/connection" (non-NAT)
basis, far more than IPv4.  Privacy policy coversd "personally identifiable
information".  An IP becomes personally identifying when it broadly allows
a person to be identified.  If IPv4 can be "personally identifying" then
IPv6 is guaranteed to be more so, because of its design and intended usage.

It looks like the switch to making the "UserID on public record" more
anonymous for non-logged in users (hashing their IP for example) could
usefully be brought in, simultaneous with or parallel to IPv6.  As Erik
says, both are desirable verging on necessary at some point, and the one
mitigates against the issues of the other.

It serves a second purpose - a good system providing a more anonymous
"UserID of public record" would also mean that IPv4 and IPv6 users would
have similar "names" in the public record and block lists, meaning that the
same tools and interfaces would work equally with both.  This would
simplify matters for future as well.

Without second guessing a suitable method, I would like to see unlogged-in
users represented by a "name" of the form "IP user XXXXXXX" or "Not logged
in YYYYY" or some such; there would be difficulties in that we want similar
IPs to look similar without providing easy ways to identify the genuine
underlying IP (eg by noticing other similar XXXX's whose IPs are known).
It's also going to have implications for vandalism and abuse related
activities, where it is often helpful that action is easily identified as a
similar IP.  It would be nice not to lose that sense of "similar IP" while
not exposing the genuine IP.

Choice of method is a technical matter, I'd suggest if we move on both,
then hopefully IPv6 will mark a step where anonymity improves and is
available to logged in and not logged in users.   But either way, IPv6 does
have privacy implications for non-logged in users. IPv4 did too, but
historically we let it alone and it was less severe. With IPv6 it may not
be, and action would be much more important.

FT2




On Wed, Jun 13, 2012 at 4:34 PM, Deryck Chan <deryckchan at wikimedia.hk>wrote:

> On a separate note about IPv6: I just saw the first IPv6 anon entry
> appearing on my watchlist. It's exciting!
> Deryck
>
> On 13 June 2012 13:43, Anthony <wikimail at inbox.org> wrote:
>
> > On Tue, Jun 12, 2012 at 6:39 PM, Kim Bruning <kim at bruning.xs4all.nl>
> > wrote:
> > > I noticed that my current IPv6 address appears to be assigned
> > > dynamically by XS4ALL. I can probably get static if I choose it. But
> the
> > > dynamic assignment option does alleviate some people's privacy
> > > concerns, right?
> >
> > One particular concern, which isn't really much different from IPv4.
> >
> > And in something like 90% of browser configurations, you're already
> > giving out a semi-static unique string with every request anyway.
> > (see https://panopticlick.eff.org/)
> >
> > The bigger concern for WMF is the possibility for increased privacy.
> >
> > > ps. We all know that everyone needs to switch to IPv6 eventually.
> >
> > Unless IPv7 or IPv8 comes out first.
> >
> > _______________________________________________
> > Wikimedia-l mailing list
> > Wikimedia-l at lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
> >
> _______________________________________________
> Wikimedia-l mailing list
> Wikimedia-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
>

More information about the Wikimedia-l mailing list