John at Darkstar wrote: > The interesting thing is "who has interest in which users identity". > Lets make an example, some organization sets up a site with a honeypot > and logs all visitors. Then they correlates that with RC-logs from > Wikipedia and then checks out who adds external links back to > themselves. They do not need direct access to Wikipedia logs or the raw > traffic. > > There is only one valid reason as I see it to avoid certain stat > engines, and that is to block advertising companies from getting > information about the readers. The writers does not have any real > anonymity at all. > > John >
Indeed they could. But even so, they would still have great difficulty in getting more than a small fraction of Wikipedia's readers to both visit the honeypot and make an edit that links to it, and the vast majority of unaffected users will still avoid being bitten by this attack. And even then, they will still only have obtained a mapping between the user's current IP and their Wikipedia account, and will still have to correlate this back to a personal identity, which is often harder than it might seem to be in theory. The world is a dangerous place, but just because privacy and security can never be absolute is not a reason to make good faith efforts to preserve it as much of both as reasonably possible within the limits of time and resources available. Just because a door can be knocked down with a sledgehammer (or a wall demolished with a pneumatic hammer) is not a reason not to have a lock on it, or a door there in the first place. -- Neil _______________________________________________ foundation-l mailing list [email protected] Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
