On 30/03/15 09:25, Brian wrote:
I suspect this challenge will be very easy for anyone who is determined. Indeed, even if MediaWiki no longer displayed IP addresses, there would still be enough information to identify people. Completely getting rid of the edit history would largely solve the problem.
So... what do you actually want? I am having trouble working out how many layers of sarcasm to strip back here to find your actual point.
There are alternatives to publishing IP addresses that we have discussed before, for example automatically creating a user account with a random name and associating it with a persistent cookie. The user could set a password or just abandon the account by letting the cookie expire. CheckUser would still provide access to IP addresses. I would support such a change. I have no idea whether you would.
After reading this post and your posts on wikien-l, here are my theories on what your non-sarcastic beliefs may be:
1. That we shouldn't store or use IP addresses at all, and that identification for abuse prevention should be done by some kind of unspecified cryptographic magic.
2. That disclosure and storage of IP addresses should be limited in some pragmatic way to reduce the risk of identification by cross-correlation in the manner you suggest in your $2.50 "prize".
3. That Wikimedia's suit against the NSA is hypocritical and that both Wikimedia and the NSA have legitimate needs for data collection.
Feel free to narrow it down for me.
-- Tim Starling