This is one of those perennial proposals that never quite seems to take off; I can remember having some version of this discussion back in 2008, and I know that some of our earliest edits show a partially obscured IP address, not the whole thing. It might require Brion or Tim or someone else of that length of experience to explain the original thinking.
Some of the "pros" of keeping the IP address as the "username" for unregistered users: - Even in this day and age, there are plenty of people with stable IPs; they choose to edit as unregistered users for philosophical reasons, and their IP's edit history is essentially their own editing history - Especially on smaller projects (but also big ones), range blocks are usually calculated and applied by administrators, not checkusers/stewards. Some of the "cons" of publishing the IP address as the username: - Privacy - IPv6 addresses in particular are including more and more very specific information that could be used to link RealLife Name with the edits. (My own ISP now gives enough information in many cases to narrow geolocation down to a one-block radius - a big change from 2 years ago when geolocation was about an 800 mile radius.) - Privacy - more and more jurisdictions consider a person's IP address to be "private" information. Our page histories could be considered one gigantic privacy violation. - Increasingly dynamic IP addresses, often rotating within very large ranges that no longer link with any certainty to geolocation - Freaked out new users who didn't really get that their IP address was going to be very publicly displayed. I'm pretty sure there are a whole pile more pros and cons that we can pull out of the archives from various mailing lists, and I know that there have periodically been discussions amongst developers and the rest of the engineering team to try to come up with a "better way" - but like many other interesting, good and even potentially necessary ideas, it's never made it to the top of the priority heap. Putting on my checkuser hat for just a minute...it's essential information for having any chance at all of identifying multiple accounts or pattern editing; however, the tables used by checkusers are non-public so Checkusers continuing to have access to IP data should not be an issue. Risker/Anne On 11 July 2014 10:25, Tyler Romeo <tylerro...@gmail.com> wrote: > I agree that it’s a double standard, but looking at the bright side, it > becomes a big encouragement to anonymous users to register and log in. The > Account Creation Experience Team (or whoever the hell is in charge of that) > can correct me, but I would imagine that we would see a big drop in > registered accounts if IPs were hashed. > > Also, it’d be really annoying to have hashes as usernames, so we’d have to > think of an alternative scheme that makes things more readable. > -- > Tyler Romeo > 0x405D34A7C86B42DF > > From: Gilles Dubuc <gil...@wikimedia.org> > Reply: Wikimedia developers <wikitech-l@lists.wikimedia.org>> > Date: July 11, 2014 at 9:34:18 > To: Wikimedia developers <wikitech-l@lists.wikimedia.org>> > Subject: [Wikitech-l] Anonymous editors & IP addresses > > This interesting bot showed up on hackernews today: > https://news.ycombinator.com/item?id=8018284 > > While in this instance the access to anonymous' editors IP addresses is > definitely useful in terms of identifying edits with probable conflict of > interest, it makes me wonder what the history is behind the fact that > anonymous editors are identified by their IP addresses on WMF-hosted wikis. > > IP addresses are closely guarded for registered users, why wouldn't > anonymous users be identified by a hash of their IP address in order to > protect their privacy as well? The exact same functionality of being able > to see all edits by a given anonymous IP would still exist, the IP itself > just wouldn't be publicly available, protected with the same access rights > as registered users'. > > The "use case" that makes me think of that is someone living in a > totalitarian regime making a sensitive edit and forgetting that they're > logged out. Or just being unaware that being anonymous on the wiki doesn't > mean that their local authorities can figure out who they are based on IP > address and time. Understanding that they're somewhat protected when logged > in and not when logged out requires a certain level of technical > understanding. The easy way out of this argument is to state that these > users should be using Tor or something similar. But I still wonder why we > have this double standard of protecting registered users' privacy in > regards to IP addresses and not applying the same for anonymous users, when > simple hashing would do the job. > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
