On Wed, Jun 13, 2012 at 1:36 PM, FT2 <ft2.w...@gmail.com> wrote:

> IPv6 is designed to operate on a "one IP = one device/connection" (non-NAT)
> basis, far more than IPv4.  Privacy policy coversd "personally identifiable
> information".  An IP becomes personally identifying when it broadly allows
> a person to be identified.  If IPv4 can be "personally identifying" then
> IPv6 is guaranteed to be more so, because of its design and intended usage.
> It looks like the switch to making the "UserID on public record" more
> anonymous for non-logged in users (hashing their IP for example) could
> usefully be brought in, simultaneous with or parallel to IPv6.  As Erik
> says, both are desirable verging on necessary at some point, and the one
> mitigates against the issues of the other.
> It serves a second purpose - a good system providing a more anonymous
> "UserID of public record" would also mean that IPv4 and IPv6 users would
> have similar "names" in the public record and block lists, meaning that the
> same tools and interfaces would work equally with both.  This would
> simplify matters for future as well.
> Without second guessing a suitable method, I would like to see unlogged-in
> users represented by a "name" of the form "IP user XXXXXXX" or "Not logged
> in YYYYY" or some such; there would be difficulties in that we want similar
> IPs to look similar without providing easy ways to identify the genuine
> underlying IP (eg by noticing other similar XXXX's whose IPs are known).
> It's also going to have implications for vandalism and abuse related
> activities, where it is often helpful that action is easily identified as a
> similar IP.  It would be nice not to lose that sense of "similar IP" while
> not exposing the genuine IP.
> Choice of method is a technical matter, I'd suggest if we move on both,
> then hopefully IPv6 will mark a step where anonymity improves and is
> available to logged in and not logged in users.   But either way, IPv6 does
> have privacy implications for non-logged in users. IPv4 did too, but
> historically we let it alone and it was less severe. With IPv6 it may not
> be, and action would be much more important.
> FT2
Why is "improving anonymity" a goal? Our privacy policy governs the
disclosure of non-public information, but the IP addresses of editors
without an account have always been effectively public. Are IP editors
clamoring for more privacy? Is masking IPv6 addresses more important than
the uses to which IP addresses are currently put? Is masking a better way
to solve the problem of potentially more identifiable information in IPv6
than, say, a more prominent disclosure and disclaimer? Would masking the IP
addresses only for logged-out users be a worthwhile change, given the ease
of registering an account? Would they remain masked in the histories of
project dumps? There are a lot of questions to answer here before it's
reasonable to start suggesting changes be made, and these are only some.
Wikimedia-l mailing list
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l

Reply via email to