Menu
▾
▴
#542 Hide IP address by unique encoding
I was new to WIKI and made some changes in a
controversial section of WIKI. My opponent and I were in
an another forum and he told everyone that he knows
my location and I was shocked. Later I knew WIKI keeps
the IP addresses of any user edit without a WIKI login.
Exposing an anonymous WIKI user's IP address and thus
location and possibly real identity for all to see is not
something a user would want. Often people want to
remain anonymous. The real IP address should only be
able to be accessed by special system administrators
and not any Sysop.
The WIKI system should allot unique identification
numbers to IP addresses, instead of giving the real IP
address. Technically, this would be simple to achieve:
Have a seperate column in the database Table for
Encoded IP address. Generate a random "Encoded IP" for
every real IP. Each real IP should have a unique Encoded
IP.
The aim is to protect the privacy of WIKI editors. I have
the right to keep my privacy.
Logged In: YES
user_id=446709
Create a user account then.
You do *not* have to provide an e-mail address (though if you don't, you
won't be able to recover a lost password).
Logged In: NO
I know I can create a useraccount. The fact remains: privacy
of anonymous users is being displayed publicly on a website
and this information can be used by malicious users to their
ends.
There is no need to display the real IP address. If the real IP
is being displayed, the location and possibly even the identity
of the user can be found out. I have been threatened myself
with such a threat just recently.
The best solution as I said, is to keep an encoded IP, or a
random number.
Logged In: YES
user_id=446709
This is the norm on wikis.
Logged In: NO
I agree to this feature.
Sometimes people forget to login. And then their IP is exposed.
I know you can allow only logged in users to edit. But it will
sometimes discourge users to give useful infomation.
Logged In: NO
I agree to this feature.
Sometimes people forget to login. And then their IP is exposed.
I know you can allow only logged in users to edit. But it will
sometimes discourge users to give useful infomation.
Logged In: NO
vibber wrote:
"This is the norm on wikis."
Once it was norm for people to beleive the Earth was flat. It
doesnt matter if its a norm or not, you have to see whether it
makes sense or not.
If the edit was done by a malicious user and the meaning of
IP addresses is to give sysops clues as to whether they
should ban the whole IP range, then IP ranges e.g. 210.10.*
can be named as random numbers, still generated as a unique
IP and this is trackable in the same way as any real IP
address.
Again: IP addresses should be encoded as other number, just
like you have some organizations creating their own ID
numbers for employees rather than using their SS# and
creating security risks for indentity thefts. This is the same
principle being used over there.
Logged In: YES
user_id=1071899
There is no obligation for you to create a user-id and log
in with it, but it provides you with this function. Yes,
there are times when you might not want people to realise it
was you who made the edit but that has to be balanced by the
nature of wikis being something that anyone can add to (or
destroy) thus needing a quick and simple way to track and
deal with problems.
If it is "special system administrators" who is to say how
long it might take someone to be able to assist ("not any
Sysop" means there is more likely to be a delay anyway) by
which time it could well be way too late. Wikis, like WP,
are self-healing only because there are enough people around
who care. Encoding would mean they still cared buyt couldn't
do anything about it!
I see no strong reason to create this option and stronger
reasons not to do so.
Logged In: NO
vampwillow
You didnt give any reason as to why a fake Psuedo IP
should'nt replace the real IP address. The real IP address
should only be accessible to a select FEW super-ops or
administrators incase they want to report action to the ISP.
Currently, IP addresses are there for any hacker or malicious
person to exploit. They can be used to track location and find
out the identity (yes its possible if you know something about
the person and then you also got the location it helps a lot).
I see no one wants to do this because it didnt effect them so
they think I'm talking plain junk.
I was nearly EXPOSED on a controversial discussion forum.
My location was to be leaked out, perhaps its been done
already - all because of WIKI put put my IP address for
everyone to see. I could learn to program and get into WIKI
and make this feature myself and no one would stop me, I
can gaurantee you but I dont have time. I thought I'd just
give a suggestion.
Thats how is it. Your son dies from lung cancer, only then
you start an anti-smoking organization. Otherwise no one
gives a jack about it. If you were in my situation you would
understand the important of this.
Tell me another thing: Why do you think all discussion forums
hide the real IP from the public? They have a good reason to
hide it from the regular public, dont they? Should WIKI expose
the real IP too then?
Again, no one has offered ANY logical reason as to why the
real IP should not be hidden from the masses. If sysops want
to TRACK people down, like I said, you should use fake IPs.
Only for serious action, super-ops should be allowed to
access the real IP ONLY for *reporting* purposes.
Logged In: YES
user_id=1126276
I still think this is a very good idea. I have this community for
young people. Aged 11-20 . And I would like to give each
profile a link to their own wiki page,which everyone can edit.
But I don't want anyone to be able to see the IP adresses of
the contributers.
The reason for this, is that young people likes to play around,
and destroy things.. And scare others that they know the IP
and can take control, DoS and so on.
Maybe the IP adresse could be presented as an MD5 hash of
the IP? or maybe just the first 7 characters of the has. Only
sysop can see the real ip.
Logged In: YES
user_id=1540616
Originator: NO
Wiki's are for the collaboration of information, nothing should be `controversial` that is what discussion is for. Articles are for information and fact, anything that has you being threatened is probably lacking a neutral point of view as it is.
That being said I find the IP's rather useful for finding vandals and following their trail of vandalism and cleaning it up, not that I couldn't do that with a number instead of an IP address. Also note that as It has been said registering an account hides your IP from all but the sys ops.
Any method used here the source for which will also be posted which depending on the method of token used will probably end up defeating the purpose of anyone determined to do anything. Security by Obfuscation isn't Security. md5 hashes of a ip address (32 bit int, or 7-15 character string with a ridged format) wont hold up long to a brute force ( < 30 mins probally).
Logged In: YES
user_id=1053535
Originator: NO
Please note that this feature request tracker is no longer used by the MediaWiki developers, so comments left here are unlikely to get their attention.
If you wish to request a feature, the correct place to submit it is http://bugzilla.mediawiki.org/