Page MenuHomePhabricator

ip addresses are exposed
Closed, DuplicatePublic


Author: astmbio

It is a serious privacy flaw to leave ip addresses available where anyone can see them, for example when
viewing a documents or users history. I also know that encrypting them is not enough, so I am proposing that
instead of displaying IP adresses as a unique marker for tracking vandels, that wikipedia when sending ip
addresses to a ciient machine first encrypts the ip address. if a admin or bureaucrat needs to perform
administrative action or other tasks as needed, that the server will decrypt the resulting GET or POST parameters.

Version: unspecified
Severity: critical



Event Timeline

bzimport raised the priority of this task from to Unbreak Now!.Nov 21 2014, 9:10 PM
bzimport set Reference to bz5486.
bzimport added a subscriber: Unknown Object (MLST).

astmbio wrote:

choose encryption keys daily as part of the solution, sorry i omitted that.

If you don't like it, disable it on your wiki.

On a public wiki, open accountability is paramount.

astmbio wrote:

sorry brion, but it is not ressolved, and it is not invalid. I am a registered user on a different
name and email, I initially wanted to update my old post to my username and some when i
forgot to log in (i am now always logged in). 2 admins told me they don't have the tools to do
this, a bureaucrat should be aware of the sitution but the admins doubt they can, one of the
admins suggested i go here.

What i did was offer a universal, not an individual, solution, and you just blew me off.  I am

not against holding people responsible, and the proposed solution does not stop the control
process. encrypting ip addresses does not inhibit user accountability, leaving them
publically unencyrption is unethical, immoral, and unproffesional.

lowzl wrote:

It is only a security 'problem' if someone connects an IP address with you. That
seems unlikely.

astmbio wrote:

Actually this privacy flaw is quite easy despite the claim it is unlikely.  since this will

be the second reopen attempt, for the next who desires to invalidate this, let me
know who is above the programmers, and i will go to them.

Anonymous users have a right to create an account, thus avoiding publishing
their IP address. Also, other users will more probably better recognize and
remember an IP addess than an ecryption key or God forbid a hash.

astmbio wrote:

yes, i am aware of that. but a user can still have his ip address published for
multiple reasons, either first posting and then becoming a member, or being a
member and forgetting to log in. you click an ip address from the history and and will
will do a history of the ip addres included users who posted while having that

robchur wrote:

Users are warned prior to clicking Save that their IP address will be recorded
in the absence of other "identification", thus this is not as big an issue as
you'd like to hype it up to be. We have used IP addresses to identify users for
an incredibly long time, and no doubt, will keep doing so.

What idiot added the shell keyword to this?

astmbio wrote:

i am not saying stop using ip addresses, I am saying keep them private and

instead offer an encyrption of these markers. I realize this is strike three, so take me
to thenext group up in th wiki hierarchy.

Please stop reopening this bug.

If you like you could open a new public discussion
about whether it's appropriate to be showing IP
addresses for those who choose to edit without
identifying themselves with a login.

You could do this in many places, such as discussion
on the village pump of some Wikipedia, or on the
Wikimedia Foundation mailing list, etc. (A basic
Google search should provide you with specific URLs
if you're interested.)

However simply reopening this bug report a lot
doesn't do any good; the Wikipedia/Wikimedia
community has used this privacy model for over four
years, and for a year previous to that EVEN LOGGED-
IN USERS had their IP addresses shown publicly by
the older software.

If you're interested in seeing this changed, you
need to engage the community and reverse five years
of existing practice.

astmbio wrote:

sorry brion, my case is an exception that needs not be discussed

publically and I am pi**** that it has taken so long without a remedy.
I instead went to the wikipedia wikipedia page and sent an email to
the founder, explaining to him reasons why changes need to be
implemented and why my ip needs to be hidden ASAP.

you ba***** here really don't have a clue what you are doing, and

don't have a clue about the needs of the end users.

Since I don't know your IP address, your username, or what wiki
you edited on, I can't really do anything about it. Please
email me directly at with this information
and I can take care of it.

astmbio wrote:

an email has been sent under a different address.

i can't thank you enough.  sorry for taking so long, and getting angry

in my last post.

robchur wrote:

(In reply to comment #11)

you ba***** here really don't have a clue what you are doing, and

don't have a clue about the needs of the end users.

End users are lucky, with an attitude like that, that "we bastards" give a fuck
at all. Seriously, there's absolutely no call for that attitude. You're dealing
with volunteer developers in a free project. One of us, precisely one of us, is
paid for this. The rest are not. And we're all pretty tuned into our end users'
needs in our own areas of coding, so that's rather a silly assumption.

Down, Rob. :)

Issue's been resolved.