Last modified: 2014-03-24 10:42:34 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T64979, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 62979 - Make anon IPs anonymous
Make anon IPs anonymous
Status: UNCONFIRMED
Product: MediaWiki
Classification: Unclassified
History/Diffs (Other open bugs)
unspecified
All All
: Lowest enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-23 12:31 UTC by Subfader
Modified: 2014-03-24 10:42 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Subfader 2014-03-23 12:31:58 UTC 
Is it actually legal to display anon IPs?

It maybe didn't matter so much in IPv4 but def in IPv6 since these are no more dynamic (besides being very long and ugly).

Privacy first! Actually the IP could be converted to an anonoymous but unique string, no?

I'm not talking about "93.128.5.XXX" but "df76tj6A" or "93.df76tj6A".
Comment 1 Andre Klapper 2014-03-23 13:16:30 UTC 
(In reply to Subfader from comment #0)
> Is it actually legal to display anon IPs?

Please provide an example link.
For legal questions, please discuss them on wikipages first ( https://meta.wikimedia.org/w/index.php?title=Wikimedia_Forum#toc or whatever is more appropriate) or with the legal team - they don't get answered in this bugtracker.
Comment 2 Bawolff (Brian Wolff) 2014-03-24 02:31:44 UTC 
(In reply to Subfader from comment #0)
> Is it actually legal to display anon IPs?

We do warn people. I have no idea why showing IP addresses would be illegal unless we disallowed it in our privacy policy.

> 
> It maybe didn't matter so much in IPv4 but def in IPv6 since these are no
> more dynamic (besides being very long and ugly).

People should register accounts if they want privacy. Changing this would be a very fundamental change to how MediaWiki works, as well as how we handle abusive edits. This is the sort of thing that should be proposed on mailing list or in an RFC, not on bugzilla

> 
> Privacy first! Actually the IP could be converted to an anonoymous but
> unique string, no?
> 
> I'm not talking about "93.128.5.XXX" but "df76tj6A" or "93.df76tj6A".

I'm not sure, but I feel like you would have to be careful with such a system, since the tokens would be very long lived to track abuse (Or would it? I don't know), and (for IPv4) the space of all possible tokens is small. Thus you would have leaking of the "real" address over time, which one wouldn't be able to do much about once the corresponding IP is exposed. Have to make sure there is no way to trick the system into converted an IP address to a token without actually editing, since the IPv4 address space is small enough to be brute forced. I would consider a poorly designed token system worse than just showing IPs, since there is no expectation of IP privacy when its just shown and people can act accordingly, which is much better then telling people its private if it really isn't. Of course that's moot if a good token system could be come up with, which could for all I know entirely be possible.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links