Last modified: 2006-04-08 19:15:06 UTC
It is a serious privacy flaw to leave ip addresses available where anyone can see them, for example when viewing a documents or users history. I also know that encrypting them is not enough, so I am proposing that instead of displaying IP adresses as a unique marker for tracking vandels, that wikipedia when sending ip addresses to a ciient machine first encrypts the ip address. if a admin or bureaucrat needs to perform administrative action or other tasks as needed, that the server will decrypt the resulting GET or POST parameters.
choose encryption keys daily as part of the solution, sorry i omitted that.
If you don't like it, disable it on your wiki. On a public wiki, open accountability is paramount.
sorry brion, but it is not ressolved, and it is not invalid. I am a registered user on a different name and email, I initially wanted to update my old post to my username and some when i forgot to log in (i am now always logged in). 2 admins told me they don't have the tools to do this, a bureaucrat should be aware of the sitution but the admins doubt they can, one of the admins suggested i go here. What i did was offer a universal, not an individual, solution, and you just blew me off. I am not against holding people responsible, and the proposed solution does not stop the control process. encrypting ip addresses does not inhibit user accountability, leaving them publically unencyrption is unethical, immoral, and unproffesional.
It is only a security 'problem' if someone connects an IP address with you. That seems unlikely.
Actually this privacy flaw is quite easy despite the claim it is unlikely. since this will be the second reopen attempt, for the next who desires to invalidate this, let me know who is above the programmers, and i will go to them.
Anonymous users have a right to create an account, thus avoiding publishing their IP address. Also, other users will more probably better recognize and remember an IP addess than an ecryption key or God forbid a hash.
yes, i am aware of that. but a user can still have his ip address published for multiple reasons, either first posting and then becoming a member, or being a member and forgetting to log in. you click an ip address from the history and and will will do a history of the ip addres included users who posted while having that address.
Users are warned prior to clicking Save that their IP address will be recorded in the absence of other "identification", thus this is not as big an issue as you'd like to hype it up to be. We have used IP addresses to identify users for an incredibly long time, and no doubt, will keep doing so. What idiot added the shell keyword to this?
i am not saying stop using ip addresses, I am saying keep them private and instead offer an encyrption of these markers. I realize this is strike three, so take me to thenext group up in th wiki hierarchy.
Please stop reopening this bug. If you like you could open a new public discussion about whether it's appropriate to be showing IP addresses for those who choose to edit without identifying themselves with a login. You could do this in many places, such as discussion on the village pump of some Wikipedia, or on the Wikimedia Foundation mailing list, etc. (A basic Google search should provide you with specific URLs if you're interested.) However simply reopening this bug report a lot doesn't do any good; the Wikipedia/Wikimedia community has used this privacy model for over four years, and for a year previous to that EVEN LOGGED- IN USERS had their IP addresses shown publicly by the older software. If you're interested in seeing this changed, you need to engage the community and reverse five years of existing practice.
sorry brion, my case is an exception that needs not be discussed publically and I am pi**** that it has taken so long without a remedy. I instead went to the wikipedia wikipedia page and sent an email to the founder, explaining to him reasons why changes need to be implemented and why my ip needs to be hidden ASAP. you ba***** here really don't have a clue what you are doing, and don't have a clue about the needs of the end users.
Since I don't know your IP address, your username, or what wiki you edited on, I can't really do anything about it. Please email me directly at brion@wikimedia.org with this information and I can take care of it.
an email has been sent under a different address. i can't thank you enough. sorry for taking so long, and getting angry in my last post.
(In reply to comment #11) > you ba***** here really don't have a clue what you are doing, and > don't have a clue about the needs of the end users. End users are lucky, with an attitude like that, that "we bastards" give a fuck at all. Seriously, there's absolutely no call for that attitude. You're dealing with volunteer developers in a free project. One of us, precisely one of us, is paid for this. The rest are not. And we're all pretty tuned into our end users' needs in our own areas of coding, so that's rather a silly assumption.
Down, Rob. :) Issue's been resolved.
Woof. :P
