Last modified: 2011-01-25 01:45:35 UTC
The Opera Mini broswer for mobile devices funnels all edits through two ranges, 220.127.116.11/22 and 18.104.22.168/23. For users of the full version of the program, Opera forwards xff headers indicating the real IP of the user. For users of the demo version, the xff headers only contain Opera's IPs. This makes the demo version effectively an open proxy, and both ranges have been blocked on enwiki for this reason, blocking all editors who use the device. If the Opera Mini IPs were added to the list of trusted xff forwarders, my understanding is that blocking the IP range would only affect users of the demo, while users of the full version would be recorded as coming from their home IP and would not be affected by IP blocks on the ranges.
Are these ranges known to be static and reliable, and unlikely to change behavior in the future (e.g. by adding anonymous proxy functionality for paid subscribers or something like that)?
I can't give an informed answer to that. Probably someone should contact Opera. I dislike blocking the range while we wait for them to contact us. Checkuser returns an error message (too many edits) when checking the range, so there are a lot of edits coming from there.
Actually, is that concern relevant? If Opera started a pad proxy service, then either it would be transparent and continue to forward the originating IP, or it would be anonymous. If anonymous, then a block on the Opera Mini range would block users of the demo and users of the proxy service, while not affecting users of the full version, which seems to me to be the correct result anyway.
There's relevant discussion here - http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard/Archive104#Opera_proxies
And here - http://meta.wikimedia.org/wiki/Talk:XFF_project#Opera_Mini
And now here - http://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard#Opera-Mini
And a list of proxies here - http://en.wikipedia.org/wiki/User:Ilmari_Karonen/sandbox/Opera_Mini
(In reply to comment #3)
> Actually, is that concern relevant? If Opera started a pad proxy service, then
> either it would be transparent and continue to forward the originating IP, or
> it would be anonymous. If anonymous, then a block on the Opera Mini range
> would block users of the demo and users of the proxy service, while not
> affecting users of the full version, which seems to me to be the correct result
What if the IP ranges got rejiggered and Opera started using the range for their employees' personal computers, moving the proxies to some other range? They could do that at any time, unless they give a guarantee to the contrary. Then their employees could set their IP addresses on Wikipedia to anything they liked, by manually adding XFF headers.
Closing this as FIXED. Tim's already put a lot of Opera Mini proxies into the TrustedXFF list.