While it is tempting to start with cons, I think for most of the community members, the question will be: 'what alternatives are there to accomplish more or less the same' with regards to fighting vandalism and sockpuppetry. And answering that question would start with describing how we actually do make use of this data. Sounds like a good process to go through, but this puts more emphasis on 2).
Lodewijk 2016-11-12 21:36 GMT+01:00 Vi to <vituzzu.w...@gmail.com>: > Point #1, with current means, will simply imply the end of countervandalism > with IPs. > > Vito > > 2016-11-12 21:02 GMT+01:00 Brion Vibber <bvib...@wikimedia.org>: > > > The biggest privacy problem in Wikipedia has always been the permanent > > public exposure of casual editors' IP addresses. > > > > Secondarily, we store logged-in editors' IP addresses for a limited time, > > exposing all editors' IP addresses to access by staff and volunteer > > accounts which could be stolen or misused as well as to any potential > > attacker who gains sufficient access to the database systems. > > > > I would like to suggest that the Wikimedia editor community, along with > the > > Wikimedia Foundation as steward of the software and servers, have a > serious > > consultation about committing to fix this: > > > > > > 1) Eliminate IP address exposure for non-logged-in editors. Those editors > > should be either given a random, truly anonymous identifier, or required > to > > create a pseudonym as a login. > > > > 2) Seriously think about how this will affect workflows tracking and > > fighting vandalism, and provide tools that do not depend on public > exposure > > of network addresses. > > > > 3) Avoid public exposure or long-term logging of any other > > location-specific or network-specific information about anonymous users. > > > > 4) Consider stronger controls on storage of IP addresses in the databases > > and how they are secured, in the face of possible attacks through social > > engineering, security vulnerabilities, or state action. Think about what > > really needs to be stored and what types of data recovery are possible > when > > storing truly personal-private data in shared databases. > > > > > > -- brion vibber (brion @ pobox.com / brion @ wikimedia.org) > > Lead Software Architect, Wikimedia Foundation > > _______________________________________________ > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > > wiki/Mailing_lists/Guidelines > > New messages to: Wikimedia-l@lists.wikimedia.org > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> > _______________________________________________ > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > wiki/Mailing_lists/Guidelines > New messages to: Wikimedia-l@lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> > _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
