On Sat, Jun 2, 2012 at 9:59 AM, Leslie Carr lcarr@wikimedia.org wrote:
On Sat, Jun 2, 2012 at 6:13 AM, Anthony wikimail@inbox.org wrote:
On Sat, Jun 2, 2012 at 8:49 AM, Thomas Dalton thomas.dalton@gmail.com wrote:
On 2 June 2012 13:44, Anthony wikimail@inbox.org wrote:
On Fri, Jun 1, 2012 at 7:27 PM, John Du Hart compwhizii@gmail.com wrote:
What personal information do you think is contained in an IPv6 address?
Don't they sometimes contain MAC address information?
I don't know, but I wouldn't consider my MAC address to be personal information... you might be able to work out what brand of computer I'm using, but I can live with that.
I think that having a problem with the implementation of IPv6 is about 10 years too late now ;)
The problem isn't with IPv6. The problem is with the way WMF uses IP addresses.
Of course, it's about 10 years too late for that too. :)
If someone cares about their mac address information, they can use privacy extensions - http://en.wikipedia.org/wiki/Ipv6#Privacy .
I agree. Though it would probably be a good idea to warn people about the problem, before publishing their address for the world to see. A sentence or two added to the IP address warning which already appears would probably put things on par with IPv4 addresses.
Personally II think WMF is far too loose about IP addresses in the first place. But as I said above, it's about 10 years too late for that.
---
http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
Page 2-2
"The following list contains examples of information that may be considered PII."
"Asset information, such as Internet Protocol (IP) or Media Access Control (MAC) address or other host-specific persistent static identifier that consistently links to a particular person or small, well-defined group of people"
"Information identifying personally owned property, such as vehicle registration number or title number and related information"
Granted, it only says "may be considered" PII. Certainly seems definitive to me, though.
And note, of course, that IPv4 addresses also may be considered PII. IPv6 addresses are just sometimes more likely to be persistent/static/consistent, and often link to a smaller, more well-defined group of people. But then, see above, as IPv6 addresses sometimes are more anonymous than IPv4 addresses. It all depends on the implementation.
Anyway, I do think MAC addresses are certainly (in the vast majority of cases), PII. That IPv6 addresses are often PII. And that IPv4 addresses are often PII. I don't think IPv6 addresses are particularly more likely to be PII than IPv4 addresses. So, basically, I think the privacy concern specifically about IPv6 is mostly misplaced. But it would be nice to readdress the privacy concerns over IP addresses in general.