Re: [Wikimedia-l] Update on IPv6
Nathan, 13/06/2012 20:37: In my view, no. I think we need to balance the risk argument for anonymity (dissidents, whistleblowers, people editing topics they wouldn't want to be publicly associated with, etc.) with the benefits of partial anonymity. Among these benefits I'd cite the many news items regarding the discovery of fishy editing patterns from Congressional offices, corporate offices, government agencies, political candidates, etc. We're an organization with competing aims: we'd like to be as transparent as possible, and by and large believe in the value of radical transparency, but we also want to protect our users from undue harm. I'm quite surprised that only Nathan seems to be voicing this concern. For many years when people criticized the lack of responsibility in Wikipedia's authors we've repeated that every word and comma is attributed to a person, either by pen name or IP, and that there's no need of a real name policy. The most important feature of MediaWiki is a [user] tracking feature: the diffs, the history, the contributions page; everything is transparent. This is not needed to please some big brother fans but rather for the wiki (the community) to work; replacing IPs with unusable non-identifying strings would be a bad thing and it's not obvious at all that improving privacy is the prevalent aim here. In fact, the main problem with how IPv6 addresses are exposed in MediaWiki is that the bytes of information random users have to digest and remember to identify users are just too much and in a user-unfriendly format (even for the standard sysop). On the other hand, IPv6 will improve identification in a very good way; ISP are already heavily using NAT, and quite often hundreds or thousands of users in my city have been blocked on it.wiki by blocking just a single IPv4 address, not to mention community drama around dubious CheckUser results. That said, we've used domains before IPs and it's surely possible to invent something new, although I don't have enough imagination to find a solution. Nemo ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
2012/6/13 Kim Bruning k...@bruning.xs4all.nl: I noticed that my current IPv6 address appears to be assigned dynamically by XS4ALL. I can probably get static if I choose it. But the dynamic assignment option does alleviate some people's privacy concerns, right? It depends on their OS. On Windows, OSX, iOS and Ubuntu (so over 95% of all traffic considering an equal distribution of IPv6 addresses), I would say yes, since they have enabled the privacy extension by default. For the rest of the world, not really. Even if the first half of the address is dynamic, the last part will be static and linked to your Ethernet adapter. Strainu ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On a separate note about IPv6: I just saw the first IPv6 anon entry appearing on my watchlist. It's exciting! Deryck On 13 June 2012 13:43, Anthony wikim...@inbox.org wrote: On Tue, Jun 12, 2012 at 6:39 PM, Kim Bruning k...@bruning.xs4all.nl wrote: I noticed that my current IPv6 address appears to be assigned dynamically by XS4ALL. I can probably get static if I choose it. But the dynamic assignment option does alleviate some people's privacy concerns, right? One particular concern, which isn't really much different from IPv4. And in something like 90% of browser configurations, you're already giving out a semi-static unique string with every request anyway. (see https://panopticlick.eff.org/) The bigger concern for WMF is the possibility for increased privacy. ps. We all know that everyone needs to switch to IPv6 eventually. Unless IPv7 or IPv8 comes out first. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
IPv6 is designed to operate on a one IP = one device/connection (non-NAT) basis, far more than IPv4. Privacy policy coversd personally identifiable information. An IP becomes personally identifying when it broadly allows a person to be identified. If IPv4 can be personally identifying then IPv6 is guaranteed to be more so, because of its design and intended usage. It looks like the switch to making the UserID on public record more anonymous for non-logged in users (hashing their IP for example) could usefully be brought in, simultaneous with or parallel to IPv6. As Erik says, both are desirable verging on necessary at some point, and the one mitigates against the issues of the other. It serves a second purpose - a good system providing a more anonymous UserID of public record would also mean that IPv4 and IPv6 users would have similar names in the public record and block lists, meaning that the same tools and interfaces would work equally with both. This would simplify matters for future as well. Without second guessing a suitable method, I would like to see unlogged-in users represented by a name of the form IP user XXX or Not logged in Y or some such; there would be difficulties in that we want similar IPs to look similar without providing easy ways to identify the genuine underlying IP (eg by noticing other similar 's whose IPs are known). It's also going to have implications for vandalism and abuse related activities, where it is often helpful that action is easily identified as a similar IP. It would be nice not to lose that sense of similar IP while not exposing the genuine IP. Choice of method is a technical matter, I'd suggest if we move on both, then hopefully IPv6 will mark a step where anonymity improves and is available to logged in and not logged in users. But either way, IPv6 does have privacy implications for non-logged in users. IPv4 did too, but historically we let it alone and it was less severe. With IPv6 it may not be, and action would be much more important. FT2 On Wed, Jun 13, 2012 at 4:34 PM, Deryck Chan deryckc...@wikimedia.hkwrote: On a separate note about IPv6: I just saw the first IPv6 anon entry appearing on my watchlist. It's exciting! Deryck On 13 June 2012 13:43, Anthony wikim...@inbox.org wrote: On Tue, Jun 12, 2012 at 6:39 PM, Kim Bruning k...@bruning.xs4all.nl wrote: I noticed that my current IPv6 address appears to be assigned dynamically by XS4ALL. I can probably get static if I choose it. But the dynamic assignment option does alleviate some people's privacy concerns, right? One particular concern, which isn't really much different from IPv4. And in something like 90% of browser configurations, you're already giving out a semi-static unique string with every request anyway. (see https://panopticlick.eff.org/) The bigger concern for WMF is the possibility for increased privacy. ps. We all know that everyone needs to switch to IPv6 eventually. Unless IPv7 or IPv8 comes out first. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On Wed, Jun 13, 2012 at 1:36 PM, FT2 ft2.w...@gmail.com wrote: IPv6 is designed to operate on a one IP = one device/connection (non-NAT) basis, far more than IPv4. Privacy policy coversd personally identifiable information. An IP becomes personally identifying when it broadly allows a person to be identified. If IPv4 can be personally identifying then IPv6 is guaranteed to be more so, because of its design and intended usage. It looks like the switch to making the UserID on public record more anonymous for non-logged in users (hashing their IP for example) could usefully be brought in, simultaneous with or parallel to IPv6. As Erik says, both are desirable verging on necessary at some point, and the one mitigates against the issues of the other. It serves a second purpose - a good system providing a more anonymous UserID of public record would also mean that IPv4 and IPv6 users would have similar names in the public record and block lists, meaning that the same tools and interfaces would work equally with both. This would simplify matters for future as well. Without second guessing a suitable method, I would like to see unlogged-in users represented by a name of the form IP user XXX or Not logged in Y or some such; there would be difficulties in that we want similar IPs to look similar without providing easy ways to identify the genuine underlying IP (eg by noticing other similar 's whose IPs are known). It's also going to have implications for vandalism and abuse related activities, where it is often helpful that action is easily identified as a similar IP. It would be nice not to lose that sense of similar IP while not exposing the genuine IP. Choice of method is a technical matter, I'd suggest if we move on both, then hopefully IPv6 will mark a step where anonymity improves and is available to logged in and not logged in users. But either way, IPv6 does have privacy implications for non-logged in users. IPv4 did too, but historically we let it alone and it was less severe. With IPv6 it may not be, and action would be much more important. FT2 Why is improving anonymity a goal? Our privacy policy governs the disclosure of non-public information, but the IP addresses of editors without an account have always been effectively public. Are IP editors clamoring for more privacy? Is masking IPv6 addresses more important than the uses to which IP addresses are currently put? Is masking a better way to solve the problem of potentially more identifiable information in IPv6 than, say, a more prominent disclosure and disclaimer? Would masking the IP addresses only for logged-out users be a worthwhile change, given the ease of registering an account? Would they remain masked in the histories of project dumps? There are a lot of questions to answer here before it's reasonable to start suggesting changes be made, and these are only some. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On 13 June 2012 14:09, Nathan nawr...@gmail.com wrote: snipping FT2's comment Why is improving anonymity a goal? Our privacy policy governs the disclosure of non-public information, but the IP addresses of editors without an account have always been effectively public. Are IP editors clamoring for more privacy? Is masking IPv6 addresses more important than the uses to which IP addresses are currently put? Is masking a better way to solve the problem of potentially more identifiable information in IPv6 than, say, a more prominent disclosure and disclaimer? Would masking the IP addresses only for logged-out users be a worthwhile change, given the ease of registering an account? Would they remain masked in the histories of project dumps? There are a lot of questions to answer here before it's reasonable to start suggesting changes be made, and these are only some. I believe that FT2 is saying that we should seriously consider masking the *publicly viewable* IPv6 addresses. The only reason that we publish the IP addresses of any logged-out user is for attribution purposes, although some use it for other reasons (both positive and nefarious). Quite honestly, it doesn't matter what information is put in place in the publicly viewable logs, provided it's consistent. Risker ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On Wed, Jun 13, 2012 at 2:21 PM, Risker risker...@gmail.com wrote: On 13 June 2012 14:09, Nathan nawr...@gmail.com wrote: I believe that FT2 is saying that we should seriously consider masking the *publicly viewable* IPv6 addresses. The only reason that we publish the IP addresses of any logged-out user is for attribution purposes, although some use it for other reasons (both positive and nefarious). Quite honestly, it doesn't matter what information is put in place in the publicly viewable logs, provided it's consistent. Risker Sure, that's the assertion, but it leaves unanswered a lot of why questions. Why should we make publicly viewable attributions less identifiable than they have been for a decade? Is that step valuable at all, given the reality that anyone likely to use the IP address for nefarious reasons would simply register an account? I think a stable, predictable privacy regime that doesn't discourage users is a perfectly good goal which Wikimedia has largely achieved. I'm not sure there is a lot of value in FT2's suggestion from a privacy perspective (it would make far more sense to make the mask applicable to everyone but CUs or admins), let alone whether a significantly more anonymous method for contributing is either necessary or desirable. ~Nathan ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On Jun 13, 2012, at 11:21 AM, Risker wrote: I believe that FT2 is saying that we should seriously consider masking the *publicly viewable* IPv6 addresses. The only reason that we publish the IP addresses of any logged-out user is for attribution purposes, although some use it for other reasons (both positive and nefarious). Quite honestly, it doesn't matter what information is put in place in the publicly viewable logs, provided it's consistent. A couple of weeks ago, Brion Vibber and I started walking through a series of thoughts about eliminating publicly viewable IP addresses altogether, creating Proto Accounts. That is, to completely anonymize anonymous users (by calling them Anonymous XX) and at the same time creating system whereby Anonymous users might be encouraged to become registered users (and retain the edits they did anonymously). This would work by back-loading the account creation process: 1) User makes anonymous edit (as Anonymous 1234). Edit is logged as Anonymous 1234). 2) User is given call-to-action to convert to a registered account. 3) User fills out account form (username, password, email) (let's call them AwesomeSauce89) 4) Proto account gets renamed to AwesomeSauce89; the edits that were under Anonymous 1234 are now listed as being by AwesomeSauce89 I also spoke with Tim Starling about this in Berlin and he agreed that it was a good idea. However, this would be no small feat. A big part of the problems involved in this type of anonymizing involve how we deal with range blocks. Would this be something people might like to see happen? --- Brandon Harris, Senior Designer, Wikimedia Foundation Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
Wikipedia has held since the start, a philosophy that some aspects of neutral accessible editing are enhanced by pseudonymity. One only need look at early policies and current policies to see they started with strong strict views on this, and retain strong strict views. Reasons where it matters are codified in policies themselves - freedom to edit without fear of social backlash, freedom to edit unpopular views and topics or those which would be professionally harmful, freedom to edit from places and regimes where uninhibited authorship would be dangerous, freedom to be judged by the edits one makes and not the person one is. Obviously there are negatives too - ease of abuse, reduced ease of detecting bad behavior, and so on. None the less over time the view has stuck, pseudonymity is a cornerstone of the environment we offer users and that users may rely upon. In that context, improving pseudonymity is a valid goal. That an area established 10 years ago has not yet been fully revised or brought into the 2010-2020 era is not salient. The same could be said of many Mediawiki functions. Pseudonymity is de facto in the culture, and part of our multi-branched attempt to facilitate neutral open editing. It is an area of interest and an area where improvemenet and advancement are worthwhile to seek. It is odd to rationalize that a user with an account has safeguards which users without accounts should not deserve. Most of the rest of your questiopns are technical - how would this or that be done? Those technical questions need technical consideration, but the basic question is a non technicval one, as is my comment. This is a desirable area to dovetail. How that works and to what extent cost v benefit means we do some things but accept limitations on others, are questions that technical people will need to consider. FT2 On Wed, Jun 13, 2012 at 7:09 PM, Nathan nawr...@gmail.com wrote: On Wed, Jun 13, 2012 at 1:36 PM, FT2 ft2.w...@gmail.com wrote: (snip) Why is improving anonymity a goal? Our privacy policy governs the disclosure of non-public information, but the IP addresses of editors without an account have always been effectively public. Are IP editors clamoring for more privacy? Is masking IPv6 addresses more important than the uses to which IP addresses are currently put? Is masking a better way to solve the problem of potentially more identifiable information in IPv6 than, say, a more prominent disclosure and disclaimer? Would masking the IP addresses only for logged-out users be a worthwhile change, given the ease of registering an account? Would they remain masked in the histories of project dumps? There are a lot of questions to answer here before it's reasonable to start suggesting changes be made, and these are only some. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On Wed, Jun 13, 2012 at 2:29 PM, Brandon Harris bhar...@wikimedia.orgwrote: On Jun 13, 2012, at 11:21 AM, Risker wrote: I believe that FT2 is saying that we should seriously consider masking the *publicly viewable* IPv6 addresses. The only reason that we publish the IP addresses of any logged-out user is for attribution purposes, although some use it for other reasons (both positive and nefarious). Quite honestly, it doesn't matter what information is put in place in the publicly viewable logs, provided it's consistent. A couple of weeks ago, Brion Vibber and I started walking through a series of thoughts about eliminating publicly viewable IP addresses altogether, creating Proto Accounts. That is, to completely anonymize anonymous users (by calling them Anonymous XX) and at the same time creating system whereby Anonymous users might be encouraged to become registered users (and retain the edits they did anonymously). This would work by back-loading the account creation process: 1) User makes anonymous edit (as Anonymous 1234). Edit is logged as Anonymous 1234). 2) User is given call-to-action to convert to a registered account. 3) User fills out account form (username, password, email) (let's call them AwesomeSauce89) 4) Proto account gets renamed to AwesomeSauce89; the edits that were under Anonymous 1234 are now listed as being by AwesomeSauce89 I also spoke with Tim Starling about this in Berlin and he agreed that it was a good idea. However, this would be no small feat. A big part of the problems involved in this type of anonymizing involve how we deal with range blocks. Would this be something people might like to see happen? In my view, no. I think we need to balance the risk argument for anonymity (dissidents, whistleblowers, people editing topics they wouldn't want to be publicly associated with, etc.) with the benefits of partial anonymity. Among these benefits I'd cite the many news items regarding the discovery of fishy editing patterns from Congressional offices, corporate offices, government agencies, political candidates, etc. We're an organization with competing aims: we'd like to be as transparent as possible, and by and large believe in the value of radical transparency, but we also want to protect our users from undue harm. I think we can maintain that balance by having a very stable and predictable approach to privacy, and by being abundantly clear with our disclosures and user education with respect to privacy. The above approach wipes out any transparency in favor of complete privacy, without (to my mind) establishing the particular benefits of that outcome. ~Nathan ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On Wed, Jun 13, 2012 at 3:18 PM, Risker risker...@gmail.com wrote: The original Wikipedia platform (lo those long years ago) published only partial IP addresses. Today, significantly less transparency seems to mean create an acccount to many people. However, that is antithetical to the anyone can edit principle on which our projects are based. Anyone can edit, as long as they don't mind that everyone in the world will know where they're from, what ISP they use, and possibly even the physical location from which they are editing and what equipment they're using to do so, unless they create an account is what it has become. I'm not sure I understand how create an account is antithetical to anyone can edit. Are you saying there is some bar to creating an account that prevents some people from editing? People can choose to use an account name or choose to edit from an IP address. You're suggesting making account names mandatory and dynamic, I'm not seeing how that is a necessary outgrowth of anyone can edit. We want the edits. We don't need to know the rest, and never have. If we needed to know that information, we would have decided not to permit account-based editing in the first place. There's no template at the bottom of the talk pages of editors with accounts that allows identification and geolocation of their IP. If it's useful for logged-out editors, it is just as useful for logged-in ones, according to the transparency logic. Sure - the same principle that makes IP information useful for transparency purposes works as well on IP editors as it does on account holders. But account holders have chosen to restrict access to that information, and IP editors have not. A better solution to mandating automatically assigned account names is to provide reasonable education and disclosure (say, a pop-up on first edit or something else fairly prominent) to people editing without an account. That way we let users judge privacy for themselves, and preserve the usefulness of IP data when a user chooses to disclose it. Risker wrote: I am struggling to think of any other website of any nature that I have ever visited that publicly identifies editors/posters by their IP address, except for a few other wikis. I've seen unregistered user before, and similar nomenclature. Can anyone think of another site (regardless of purpose) that links the editor/poster publicly to their full IP address? IP address, no. Facebook profile (which is, as for most people, under my real name)? Sure. Even so, a comparison between Wikimedia and Google or the NY Times or Facebook or Gawker etc. fails because it does not recognize the many philosophical and practical differences between those sites and a Wikimedia project. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On Wed, Jun 13, 2012 at 3:49 PM, Risker risker...@gmail.com wrote: Nathan, I'm still trying to come up with *any* site that permits unregistered users to post but also publishes their full IP address. Can you think of any at all? Let's not limit it to the big guys, let's really think this through and explore what is going on outside of our own bailiwick. Just because we've done things for a long time doesn't mean we shouldn't improve ourselves. Well, there are many sites (my local newspaper for instance) that permit users with no site-specific registration to comment, but only using a Facebook profile. Assuming the commenter is following Facebook's account policies, that is at least as revealing as an IP address. And we can just as easily look at it from the other direction - are there really other sites out there like Wikipedia, with our mix of mission and global impact for a user-generated product? I think Wikipedia is unique in many ways, and I believe that renders the comparison you're attempting to make not useful. And finally, you take for granted a principle that I have challenged - mandating complete anonymity for all users (other than those who edit using a real name) is not, in my view, the same as improv[ing] ourselves. I'd like to get other opinions on this, so I'm going to hold off on posting again in this thread... at least for as long as I can stand it :-P ~Nathan ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On Fri, Jun 01, 2012 at 11:12:58PM +0200, Erik Moeller wrote: Hi all, We're planning to do limited production testing of IPv6 during the Berlin Hackathon 2012 (June 2-3). Provided that the number of issues we encounter are manageable, we may fully enable IPv6 on IPv6 day, and keep it enabled. What with XS4ALL (my ISP) now also offering IPv6 out-of-the-box, there's at least one extra IPv6 anon on en.wp. ;-) I noticed that my current IPv6 address appears to be assigned dynamically by XS4ALL. I can probably get static if I choose it. But the dynamic assignment option does alleviate some people's privacy concerns, right? sincerely, Kim Bruning ps. We all know that everyone needs to switch to IPv6 eventually. Don't be surprised when people in your neighborhood decide to do so, with or without additional warning. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
Hi folks, Mark Bergsma just shared the following recap with me, for those who are interested in the details of what happened at the hackathon and next steps. tl;dr: If all goes well we'll be ready to launch full production deployment on Wednesday, starting around 10AM UTC (MediaWiki engineers will be working closely with the ops team Wednesday to monitor bugs/issues). Keep an eye on the server admin log and the puppet repo if you want to know what's going on in full detail: http://wikitech.wikimedia.org/view/Server_admin_log https://gerrit.wikimedia.org/r/#/q/status:merged+project:operations/puppet,n,z Erik - - - The last few days we've worked on getting the software ready (mainly PyBal/LVS) as well as Puppet support for provisioning of IPv6 addresses to servers and configuration changes for IPv6 connectivity. That's now 90% done. What remains is mostly to actually roll this out for all services in all data centers, which we will be doing tomorrow. Besides that, we have a few would be nice to haves left to do, such as having our own 6to4 and miredo relays. I just got the first LVS service running with IPv6, and am now browsing upload.wikimedia.org over IPv6 (local /etc/hosts entry of course, not in DNS yet). ipv6 support for LVS in Ubuntu Precise was the last major uncertain factor on the infrastructure side; besides a few quick tests in labs we had not really tested this yet in our production setup. Fortunately, it appears to be working fine. Tomorrow the remaining (inactive) LVS balancers will be reinstalled with Precise and made IPv6-ready to support all other services, while the currently active IPv4 balancers will keep their current setup for some time to come - so we won't hit any surprises on IPv4 at least. But, we haven't done any production tests with MediaWiki yet. We can do some dark testing and actual edits tomorrow. Assuming we see no surprises there, we can enable it for the all wikis and the general public on Wednesday. To conclude, we're on track on the infrastructure side. It is tight, though. Assuming the MediaWiki side has no unwelcome surprises for us, I expect to be able to make it. -- Erik Möller VP of Engineering and Product Development, Wikimedia Foundation Support Free Knowledge: https://wikimediafoundation.org/wiki/Donate ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On Jun 2, 2012, at 6:13, Anthony wikim...@inbox.org wrote: On Sat, Jun 2, 2012 at 8:49 AM, Thomas Dalton thomas.dal...@gmail.com wrote: On 2 June 2012 13:44, Anthony wikim...@inbox.org wrote: On Fri, Jun 1, 2012 at 7:27 PM, John Du Hart compwhi...@gmail.com wrote: What personal information do you think is contained in an IPv6 address? Don't they sometimes contain MAC address information? I don't know, but I wouldn't consider my MAC address to be personal information... you might be able to work out what brand of computer I'm using, but I can live with that. I'm not sure what you're defining personal information as, then. Is your vehicle's VIN personal information? It becomes a global unique publicly visible identifier if you always use the same connect method (wireless, ethernet) and don't enable privacy extensions. In WMF relevant senses, unaware abusers with multiple ISPs become easier to find. And privacy is different, because many end users are IDed that way. But the implications of that are unclear. Someone being outed to an employer or government by MAC? ... George William Herbert Sent from my iPhone ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
John Du Hart wrote: On Fri, Jun 1, 2012 at 7:08 PM, Risker risker...@gmail.com wrote: Erik, what time is this scheduled to go live? And on which projects? Please be specific here. I am gravely concerned about the privacy issues that are attached to IPv6 IP addresses, as they are in many cases almost personally identifying information, something that is not permitted to be released under our privacy policy. Have arrangements been made to hash these IP addresses to prevent them from being publicly available? What personal information do you think is contained in an IPv6 address? I wondered what Risker was referring to as well, so I looked up IPv6 + privacy: https://en.wikipedia.org/wiki/IPv6#Privacy. After reading that section, it's still unclear to me whether IPv6 is significantly more privacy invasive than IPv4. MZMcBride ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On 02/06/12 05:04, Hersfold wrote: I'm very concerned that this is what's going to happen with the IPv6 change - something major is going to fail, and the wiki will become inaccessible, or some major security feature (blocking or protection, for example) will be rendered inoperable, leaving the wikis vulnerable to attack from all fronts. The latter situation seems to be more likely based on past issues, and unfortunately more problematic; once these issues get noted, it'll take only minutes for /b/, GNAA, and a long list of other vandals to figure it out and launch a full-scale attack that'll take weeks to clean up. We could just allow blocking of arbitrarily large IPv6 ranges. Then if there is some emergency, you can just block everyone who is using IPv6 from editing. The collateral damage would be smaller than the IPv4 /16 blocks which admins apply routinely. -- Tim Starling ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
Hi Risker et al, a few important points: * IPv6 adoption is still below 1% globally [1]. * It's likely that we'll encounter network-level issues well before we hit application-level issues during limited production testing. * In the event that we manage to resolve all issues, it's likely that we'll only see very limited use/abuse of IPv6 addresses and that we'll have plenty of time to adjust procedures and documentation. * We can abort this fairly easily, or as Tim suggests, employ global blocks of IPv6 addresses to manage abuse. As noted, the plan is to engage in limited production testing this weekend, with possible full deployment by IPv6 Day (Wednesday). I should also note that the degree to which all the complex network and software interactions of a deployment like this can be tested without actually changing or affecting production operations is limited. We're going to be debugging issues in real-time. I appreciate that this is very short notice for lots of people and apologize for that; thanks to Tilman for helping with the global notice dissemination. There's pretty good likelihood that aside from maybe some brief service interruptions, the user impact is going to be close to nil, either due to an abort early on, or due to very limited IPv6 usage. Moving towards full IPv6 support is part of our responsibility as a good Internet citizen, and this has been in the works for a long time. It's never been an option not to do this as IPv4 addresses are being exhausted. Regarding privacy, both IPv4 and IPv6 addresses can be dangerously revealing in terms of personal identity (e.g. some ISPs even tie street address information to your IPv4 address). It's always been fundamentally problematic that MediaWiki reveals this information nakedly, and it's what enabled past large-scale investigations like WikiScanner, for good and for ill. In the mid to long term, I believe we need to investigate moving away from full disclosure of IP addresses when editing without logging in, but this is independent of IPv4/IPv6. All best, Erik [1] https://www.google.com/intl/en/ipv6/statistics/ -- Erik Möller VP of Engineering and Product Development, Wikimedia Foundation Support Free Knowledge: https://wikimediafoundation.org/wiki/Donate ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On Sat, Jun 2, 2012 at 8:49 AM, Thomas Dalton thomas.dal...@gmail.com wrote: On 2 June 2012 13:44, Anthony wikim...@inbox.org wrote: On Fri, Jun 1, 2012 at 7:27 PM, John Du Hart compwhi...@gmail.com wrote: What personal information do you think is contained in an IPv6 address? Don't they sometimes contain MAC address information? I don't know, but I wouldn't consider my MAC address to be personal information... you might be able to work out what brand of computer I'm using, but I can live with that. I'm not sure what you're defining personal information as, then. Is your vehicle's VIN personal information? ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On Sat, Jun 2, 2012 at 6:13 AM, Anthony wikim...@inbox.org wrote: On Sat, Jun 2, 2012 at 8:49 AM, Thomas Dalton thomas.dal...@gmail.com wrote: On 2 June 2012 13:44, Anthony wikim...@inbox.org wrote: On Fri, Jun 1, 2012 at 7:27 PM, John Du Hart compwhi...@gmail.com wrote: What personal information do you think is contained in an IPv6 address? Don't they sometimes contain MAC address information? I don't know, but I wouldn't consider my MAC address to be personal information... you might be able to work out what brand of computer I'm using, but I can live with that. I think that having a problem with the implementation of IPv6 is about 10 years too late now ;) The IPv4 space is being exhausted, and we're going to soon run into the opposite problem that IPv4 addresses will be not identifiable enough as ISP's use NAT. If someone cares about their mac address information, they can use privacy extensions - http://en.wikipedia.org/wiki/Ipv6#Privacy . Considering that in the vast, vast majority of the consumer (versus production) world, you have to purposefully enable IPv6 (usually with some sort of tunneling), and that these are turned on in most operating systems by default, mac addressing is starting to only become applicable in production environments. Leslie -- Leslie Carr Wikimedia Foundation AS 14907, 43821 http://as14907.peeringdb.com/ ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On Jun 2, 2012, at 5:06 AM, Erik Moeller e...@wikimedia.org wrote: Moving towards full IPv6 support is part of our responsibility as a good Internet citizen, and this has been in the works for a long time. It's never been an option not to do this as IPv4 addresses are being exhausted. This is the relavent point. For what it is worth I, who am less inclined to follow technical discussions than other kinds, remember that there was enough talk about approaching IPv6 day last year to feel it was settled that WMF was unprepared to participate at that time would make it happen in 2012. It was either here or on wikitech-l. I am not sure how someone who has strong opinions on the subject would be left unable to follow this when I followed with no such interest. Moe importantly, I don't understand what exactly the objectors see as a better option. No one will fix the scripts until they are broken, it is just the nature of the beast. It seems the whole point of IPv6 day is that no one is very confident about level of breakage of things with IPv6 and no one will be able to gain this confidence until a significant number of sites turn it on and there is not another choice on the matter. Objecting to turning on IPv6 because things will break does not seem to be very informed. This is the point. If anyone doesn't trust that WMF will only make a day of it if the breakage is unmanageable, then they've bigger issues than IPv6. And even still, the sun will rise and we will have a few less IPv4 addresses everyday; there are much better battles to pick. Birgitte SB ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On Fri, Jun 1, 2012 at 5:12 PM, Erik Moeller e...@wikimedia.org wrote: Hi all, June 6, 2012 is IPv6 Day ( http://www.worldipv6day.org/ ). The goal of this global event is to move more ISPs, equipment manufacturers and web services to permanent adoption of IPv6. We're planning to do limited production testing of IPv6 during the Berlin Hackathon 2012 (June 2-3). Provided that the number of issues we encounter are manageable, we may fully enable IPv6 on IPv6 day, and keep it enabled. Thanks Erik and all who are working on this! It's important work and I'm glad to see us joining the community of sites and organizations who are prepared for this necessity. (Acknowledging the potential issues others have mentioned, I'm also glad to see it while there are still few users who will be using IPv6, so the problems that arise will be much smaller than they would be in the future.) Cheers, Kat -- Your donations keep Wikipedia free: https://wikimediafoundation.org/wiki/Donate Web: http://www.mindspillage.org Email: k...@wikimedia.org, k...@mindspillage.org (G)AIM, Freenode, gchat, identi.ca, twitter, various social sites: mindspillage ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On Fri, Jun 1, 2012 at 11:20 PM, Huib Laurens sterke...@gmail.com wrote: In our case here we give away /48 IPV6 to users by default. So I'm wondering, when a IP vandalize Wikipedia or any other project and a block will be placed, how is this done? Will the block just hit the IP or will it block a complete range to start with? My understanding is that it currently doesn't apply a range by default, so it would just hit the specific IP unless you apply a CIDR suffix like /48 or /64. This is discussed in more detail here: https://bugzilla.wikimedia.org/show_bug.cgi?id=24294 -- Erik Möller VP of Engineering and Product Development, Wikimedia Foundation Support Free Knowledge: https://wikimediafoundation.org/wiki/Donate ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On 1 June 2012 17:12, Erik Moeller e...@wikimedia.org wrote: Hi all, June 6, 2012 is IPv6 Day ( http://www.worldipv6day.org/ ). The goal of this global event is to move more ISPs, equipment manufacturers and web services to permanent adoption of IPv6. We're planning to do limited production testing of IPv6 during the Berlin Hackathon 2012 (June 2-3). Provided that the number of issues we encounter are manageable, we may fully enable IPv6 on IPv6 day, and keep it enabled. MediaWiki has been used with IPv6 by third party wikis for some time. Wikimedia uses a set of additional features (GlobalBlocking, CheckUser, etc.) which weren't fully IPv6-ready until recently. In addition, we're working to ensure that all of Wikimedia's various services (mailing lists, blogs, etc.) are IPv6-ready. == What's the user impact going to be? == At least in the June 2-3, 2012 time window, you may see a small number of edits from IPv6 addresses, which are in the form 2001:0db8:85a3:::8a2e:0370:7334. See [[w:IPv6 address]]. These addresses should behave as any other IP adress would: You can leave messages on their talk pages; you can track their contributions; you can block them. CIDR notation is supported for rangeblocks. An important note about blocking: A single user may have access to a much larger number of addresses than in the IPv4 model. This means that range blocks (e.g. address with /64) have to be applied in more cases to prevent abuse by more sophisticated users. In the mid term, user scripts and tools that use simple regular expressions to match IPv4 addresses will need to be adapted for IPv6 support to behave correctly. We suspect that IPv6 usage is going to be very low initially, meaning that abuse should be manageable, and we will assist in the monitoring of the situation. User:Jasper Deng is maintaining a comprehensive analysis of the long term implications of the IPv6 migration here: https://en.wikipedia.org/wiki/User:Jasper_Deng/IPv6 We've set up a test wiki where you can see IPv6 IP addresses. This works by assigning you a fake IPv6 address the moment you visit the wiki, and allows you to see the behavior of various tools with the new address format: http://ipv6test.wmflabs.org/wiki/index.php/Main_Page The best way to report issues is to register them in Bugzilla and to ensure that they are marked as blockers for the IPv6 tracking bug: https://bugzilla.wikimedia.org/show_bug.cgi?id=35540 We'll post updates to wikitech-l and elsewhere as appropriate. All best, Erik Erik, as I am sure has been conveyed to you, some very serious concerns have been identified with respect to this from the checkuser corps (and I mean the global level, not just one or two projects). In particular, the lack of notification, the inability to suddenly redevelop hundreds of tools and scripts that are not IPv6-friendly, and the fact that there is significant uncertainty as to exactly how various standard tools such as CheckUser and Block actually will work, all mitigate against a full, WMF-wide implementation, even for the short term. I would very strongly urge two things: 1) Get the global notice up and running now. Mailing lists reach less than 0.05% of regular users. 2) Consider implementation on only a small segment of projects, preferably ones that have a small but active Checkuser/Admin team who is interested in participating in this experiment. Frankly, I do not believe that many of the aspects of this proposed implementation have been considered; in particular, there are pretty significant privacy issues that have not been discussed or addressed. When one is giving a Bugzilla link to illustrate that something has been discussed, it demonstrates pretty soundly that probably no more than 40 users (out of tens of thousands) have any knowledge whatsoever about the proposal. Let's try to find some middle ground here, okay? Risker/Anne ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
On 2 June 2012 00:08, Risker risker...@gmail.com wrote: Fully enabling IPv6 has been coming a *long* time - over a year, with months of planning and work before even that - as Erik's first message in this thread notes, and it was hardly a secret. Your objections may be entirely too late - it is vanishingly unlikely that two years' effort will suddenly be thrown away. Were you literally unaware until now that this was in the works? - d. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
Indeed, a long time. Discussed on Mediawiki and bugzilla; it's not even discussed on Wikitech-L. Neither of which 99.9% of users, including many volunteer developers, have time to follow. This is not just a technical change, it's a cultural one. I've long stood up for the Engineering Department when it is making changes that have only minor effects on the public face of the project; I know that sometimes users can be hyperactive about minor points. But this isn't a minor point. I'd compare it to Vector - something that there was longterm, active communication about throughout its development cycle, with lots of outreach to volunteer developers and to the community, and opportunities to test things out. I can't stand up for them this time, though. It's not even discussed well on Mediawiki, and is mostly in passing on the Roadmap.[1] And the few community-based questions that have come up, specifically on Erik's meta userpage, have not been given the courtesy of a reply. Risker [1] http://www.mediawiki.org/wiki/Roadmap On 1 June 2012 19:35, David Gerard dger...@gmail.com wrote: On 2 June 2012 00:08, Risker risker...@gmail.com wrote: Fully enabling IPv6 has been coming a *long* time - over a year, with months of planning and work before even that - as Erik's first message in this thread notes, and it was hardly a secret. Your objections may be entirely too late - it is vanishingly unlikely that two years' effort will suddenly be thrown away. Were you literally unaware until now that this was in the works? - d. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
I've got about 18 months worth of Wikitech-L in my archives, and there are two threads that talk about IPv6; one from March, that didn't provide a lot of information, and this one. There may be others, but they're not popping up on my search. Forgive me for failing to read this week's signpost from cover to cover yet; it refers to the previous coverage from June 2011, and quotes Erik Moeller from some unknown and unspecified source. I don't know where he told the community that. Do you? Risker On 1 June 2012 20:10, John phoenixoverr...@gmail.com wrote: Wow Risker, you obviously don't read any mailing lists/ blogs or sign posts. I just did a quick search of my email records for wiki tech and ipv6 the first result that I see is from July 2007. Almost 5 years ago, I also remember a big push last year about this same time for ipv6. On Friday, June 1, 2012, Risker wrote: Indeed, a long time. Discussed on Mediawiki and bugzilla; it's not even discussed on Wikitech-L. Neither of which 99.9% of users, including many volunteer developers, have time to follow. This is not just a technical change, it's a cultural one. I've long stood up for the Engineering Department when it is making changes that have only minor effects on the public face of the project; I know that sometimes users can be hyperactive about minor points. But this isn't a minor point. I'd compare it to Vector - something that there was longterm, active communication about throughout its development cycle, with lots of outreach to volunteer developers and to the community, and opportunities to test things out. I can't stand up for them this time, though. It's not even discussed well on Mediawiki, and is mostly in passing on the Roadmap.[1] And the few community-based questions that have come up, specifically on Erik's meta userpage, have not been given the courtesy of a reply. Risker [1] http://www.mediawiki.org/wiki/Roadmap On 1 June 2012 19:35, David Gerard dger...@gmail.com javascript:; wrote: On 2 June 2012 00:08, Risker risker...@gmail.com javascript:; wrote: Fully enabling IPv6 has been coming a *long* time - over a year, with months of planning and work before even that - as Erik's first message in this thread notes, and it was hardly a secret. Your objections may be entirely too late - it is vanishingly unlikely that two years' effort will suddenly be thrown away. Were you literally unaware until now that this was in the works? - d. ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org javascript:; Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org javascript:; Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l ___ Wikimedia-l mailing list Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
Re: [Wikimedia-l] Update on IPv6
Sorry if I'm veering off on a tangent or repeating things here, I only just got added to this list a short while ago but was asked to convey my concerns here. While this has been discussed for some time, it seems as though the announcement that this is getting turned on was only made just recently; the coverage on January 16th John refers to doesn't seem to mention when this was going to be deployed, and I don't recall any mention on-wiki of IPv6 since then. For such a potentially major change, five day's notice is simply not enough for the entire community to digest. As it is, I still don't see any mention of this change on en.wiki's Technical or Miscellaneous Village Pump, nor either Administrator's Noticeboard, the common announcement locations for such changes. My second, and more pressing concern, is how well this will work. Speaking quite frankly, the development team has a bit of a bad habit of deploying something on Labs or the test wiki or whatever, deciding it works, and then deploying it straight to Wikipedia and the other public WMF sites. Unfortunately when they do so, hell breaks loose because all sorts of problems crop up - bugs that didn't crop up because the test wiki receives far less traffic than Wikipedia, issues with the interface that weren't addressed now cause problems because the users of Wikipedia don't use the test wiki, and it takes weeks for the issues to get fixed and/or for the community to adjust to the changes. Considering the traffic Wikipedia receives (it's the 5th most popular website in the world, after all), it seems remarkably inappropriate to treat it as a beta testing ground. I'm very concerned that this is what's going to happen with the IPv6 change - something major is going to fail, and the wiki will become inaccessible, or some major security feature (blocking or protection, for example) will be rendered inoperable, leaving the wikis vulnerable to attack from all fronts. The latter situation seems to be more likely based on past issues, and unfortunately more problematic; once these issues get noted, it'll take only minutes for /b/, GNAA, and a long list of other vandals to figure it out and launch a full-scale attack that'll take weeks to clean up. Can we receive some sort of assurance from the development team that the IPv6 system has been fully stress-tested, at a level comparable to what Wikipedia and the other wikis may face, and that all extensions used by the wikis were part of this test? If such an assurance cannot be made before June 6th, can the deployment of this update be delayed until that testing can be completed? For such a major website, I feel that consistent operation is more important than adhering to the latest standards. User:Hersfold hersfoldw...@gmail.com On 6/1/2012 9:17 PM, George Herbert wrote: I've been a little busy this spring, but I am interested in the IPv6 transition (at work, too) and missed this here as well. I don't object as Anne is here, but I'm not doing the work she's doing on project either. -george On Fri, Jun 1, 2012 at 5:35 PM, Johnphoenixoverr...@gmail.com wrote: Multiple sign posts January 17 this year. There was also a May 2011 foundation announcement along with countless other notes On Friday, June 1, 2012, Risker wrote: I've got about 18 months worth of Wikitech-L in my archives, and there are two threads that talk about IPv6; one from March, that didn't provide a lot of information, and this one. There may be others, but they're not popping up on my search. Forgive me for failing to read this week's signpost from cover to cover yet; it refers to the previous coverage from June 2011, and quotes Erik Moeller from some unknown and unspecified source. I don't know where he told the community that. Do you? Risker On 1 June 2012 20:10, Johnphoenixoverr...@gmail.comjavascript:; wrote: Wow Risker, you obviously don't read any mailing lists/ blogs or sign posts. I just did a quick search of my email records for wiki tech and ipv6 the first result that I see is from July 2007. Almost 5 years ago, I also remember a big push last year about this same time for ipv6. On Friday, June 1, 2012, Risker wrote: Indeed, a long time. Discussed on Mediawiki and bugzilla; it's not even discussed on Wikitech-L. Neither of which 99.9% of users, including many volunteer developers, have time to follow. This is not just a technical change, it's a cultural one. I've long stood up for the Engineering Department when it is making changes that have only minor effects on the public face of the project; I know that sometimes users can be hyperactive about minor points. But this isn't a minor point. I'd compare it to Vector - something that there was longterm, active communication about throughout its development cycle, with lots of outreach to volunteer developers and to the community, and opportunities to test things out. I can't stand up for them