Last modified: 2006-04-08 19:15:06 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 5486 - ip addresses are exposed
ip addresses are exposed
Product: MediaWiki
Classification: Unclassified
Interface (Other open bugs)
All All
: Highest critical with 2 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
Depends on:
  Show dependency treegraph
Reported: 2006-04-07 02:36 UTC by sepheroth jenova
Modified: 2006-04-08 19:15 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Description sepheroth jenova 2006-04-07 02:36:14 UTC
It is a serious privacy flaw to leave ip addresses available where anyone can see them, for example when 
viewing a documents or users history.  I also know that encrypting them is not enough, so I am proposing that 
instead of displaying IP adresses as a unique marker for tracking vandels, that wikipedia when sending ip 
addresses to a ciient machine first encrypts the ip address.  if a admin or bureaucrat needs to perform 
administrative action or other tasks as needed, that the server will decrypt the resulting GET or POST parameters.
Comment 1 sepheroth jenova 2006-04-07 02:38:35 UTC
choose encryption keys daily as part of the solution, sorry i omitted that.
Comment 2 Brion Vibber 2006-04-07 06:37:13 UTC
If you don't like it, disable it on your wiki.

On a public wiki, open accountability is paramount.
Comment 3 sepheroth jenova 2006-04-07 10:23:56 UTC
sorry brion, but it is not ressolved, and it is not invalid.  I am a registered user on a different 
name and email, I initially wanted to update my old post to my username and some when i 
forgot to log in (i am now always logged in).  2 admins told me they don't have the tools to do 
this, a bureaucrat should be aware of the sitution but the admins doubt they can, one of the 
admins suggested i go here.
  What i did was offer a universal, not an individual, solution, and you just blew me off.  I am 
not against holding people responsible, and the proposed solution does not stop the control 
process.  encrypting ip addresses does not inhibit user accountability, leaving them 
publically unencyrption is unethical, immoral,  and unproffesional.
Comment 4 Zhen Lin 2006-04-07 17:36:27 UTC
It is only a security 'problem' if someone connects an IP address with you. That
seems unlikely.
Comment 5 sepheroth jenova 2006-04-07 20:45:36 UTC
  Actually this privacy flaw is quite easy despite the claim it is unlikely.  since this will 
be the second reopen attempt, for the next who desires to invalidate this, let me 
know who is above the programmers, and i will go to them.
Comment 6 Filip Maljkovic [Dungodung] 2006-04-07 21:01:14 UTC
Anonymous users have a right to create an account, thus avoiding publishing
their IP address. Also, other users will more probably better recognize and
remember an IP addess than an ecryption key or God forbid a hash.
Comment 7 sepheroth jenova 2006-04-07 21:06:02 UTC
yes, i am aware of that.  but a user can still have his ip address published for 
multiple reasons, either first posting and then becoming a member, or being a 
member and forgetting to log in.  you click an ip address from the history and and will 
will do a history of the ip addres included users who posted while having that 
Comment 8 Rob Church 2006-04-07 21:26:01 UTC
Users are warned prior to clicking Save that their IP address will be recorded
in the absence of other "identification", thus this is not as big an issue as
you'd like to hype it up to be. We have used IP addresses to identify users for
an incredibly long time, and no doubt, will keep doing so.

What idiot added the shell keyword to this?
Comment 9 sepheroth jenova 2006-04-07 21:52:59 UTC
  i am not saying stop using ip addresses, I am saying keep them private and 
instead offer an encyrption of these markers.  I realize this is strike three, so take me 
to thenext group up in th wiki hierarchy.
Comment 10 Brion Vibber 2006-04-08 01:09:23 UTC
Please stop reopening this bug.

If you like you could open a new public discussion 
about whether it's appropriate to be showing IP 
addresses for those who choose to edit without 
identifying themselves with a login.

You could do this in many places, such as discussion 
on the village pump of some Wikipedia, or on the 
Wikimedia Foundation mailing list, etc. (A basic 
Google search should provide you with specific URLs 
if you're interested.)

However simply reopening this bug report a lot 
doesn't do any good; the Wikipedia/Wikimedia 
community has used this privacy model for over four 
years, and for a year previous to that EVEN LOGGED-
IN USERS had their IP addresses shown publicly by 
the older software.

If you're interested in seeing this changed, you 
need to engage the community and reverse five years 
of existing practice.
Comment 11 sepheroth jenova 2006-04-08 02:51:39 UTC
  sorry brion, my case is an exception that needs not be discussed 
publically and I am pi**** that it has taken so long without a remedy.  
I instead went to the wikipedia wikipedia page and sent an email to 
the founder, explaining to him reasons why changes need to be 
implemented and why my ip needs to be hidden ASAP.
  you ba***** here really don't have a clue what you are doing, and 
don't have a clue about the needs of the end users.  
Comment 12 Brion Vibber 2006-04-08 04:13:55 UTC
Since I don't know your IP address, your username, or what wiki 
you edited on, I can't really do anything about it. Please 
email me directly at with this information 
and I can take care of it.
Comment 13 sepheroth jenova 2006-04-08 07:18:32 UTC
  an email has been sent under a different address.

  i can't thank you enough.  sorry for taking so long, and getting angry 
in my last post.  
Comment 14 Rob Church 2006-04-08 14:21:34 UTC
(In reply to comment #11)
>   you ba***** here really don't have a clue what you are doing, and 
> don't have a clue about the needs of the end users.  

End users are lucky, with an attitude like that, that "we bastards" give a fuck
at all. Seriously, there's absolutely no call for that attitude. You're dealing
with volunteer developers in a free project. One of us, precisely one of us, is
paid for this. The rest are not. And we're all pretty tuned into our end users'
needs in our own areas of coding, so that's rather a silly assumption.
Comment 15 Brion Vibber 2006-04-08 18:57:48 UTC
Down, Rob. :)

Issue's been resolved.
Comment 16 Rob Church 2006-04-08 19:15:06 UTC
Woof. :P

Note You need to log in before you can comment on or make changes to this bug.