Page MenuHomePhabricator

Make anon IPs anonymous
Closed, DuplicatePublic

Description

Is it actually legal to display anon IPs?

It maybe didn't matter so much in IPv4 but def in IPv6 since these are no more dynamic (besides being very long and ugly).

Privacy first! Actually the IP could be converted to an anonoymous but unique string, no?

I'm not talking about "93.128.5.XXX" but "df76tj6A" or "93.df76tj6A".


Version: unspecified
Severity: enhancement

Details

Reference
bz62979

Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 22 2014, 2:55 AM
bzimport set Reference to bz62979.
bzimport added a subscriber: Unknown Object (MLST).

(In reply to Subfader from comment #0)

Is it actually legal to display anon IPs?

Please provide an example link.
For legal questions, please discuss them on wikipages first ( https://meta.wikimedia.org/w/index.php?title=Wikimedia_Forum#toc or whatever is more appropriate) or with the legal team - they don't get answered in this bugtracker.

(In reply to Subfader from comment #0)

Is it actually legal to display anon IPs?

We do warn people. I have no idea why showing IP addresses would be illegal unless we disallowed it in our privacy policy.

It maybe didn't matter so much in IPv4 but def in IPv6 since these are no
more dynamic (besides being very long and ugly).

People should register accounts if they want privacy. Changing this would be a very fundamental change to how MediaWiki works, as well as how we handle abusive edits. This is the sort of thing that should be proposed on mailing list or in an RFC, not on bugzilla

Privacy first! Actually the IP could be converted to an anonoymous but
unique string, no?
I'm not talking about "93.128.5.XXX" but "df76tj6A" or "93.df76tj6A".

I'm not sure, but I feel like you would have to be careful with such a system, since the tokens would be very long lived to track abuse (Or would it? I don't know), and (for IPv4) the space of all possible tokens is small. Thus you would have leaking of the "real" address over time, which one wouldn't be able to do much about once the corresponding IP is exposed. Have to make sure there is no way to trick the system into converted an IP address to a token without actually editing, since the IPv4 address space is small enough to be brute forced. I would consider a poorly designed token system worse than just showing IPs, since there is no expectation of IP privacy when its just shown and people can act accordingly, which is much better then telling people its private if it really isn't. Of course that's moot if a good token system could be come up with, which could for all I know entirely be possible.