Wikidata talk:Requests for comment/IP Masking Engagement

I think this is a good idea, as it's not safe for people's IP addresses to be publicly visible (and stored permanently in revision histories). However, IP addresses should be visible to admins only, to not impact moderation. I read about the auto-generation of nicknames for unregistered users, however their IP should be recorded and be accessible to administrators. MavropaliasG (talk) 12:49, 10 May 2021 (UTC)[reply]

MavropaliasG, thank you for noting this. Do you think a means like the IP Info tool will help give a win-win situation for both privacy and moderation? Or would you like to propose a new tool all together? I am interested in any concept you have. Looking forward to hearing from you again. ––– STei (WMF) (talk) 22:06, 25 May 2021 (UTC)[reply]

Hello MavropaliasG, I have some new information. In this update, there are details on the proposal for sharing IP addresses with those who need access and there’s also an update on tool development. Please pass by and check the new details out and give your feedback. STei (WMF) (talk) 15:32, 14 June 2021 (UTC)[reply]

It looks good! I'm not sure why registered users with 1-year-old accounts should be able to access that information, as then basically everyone will be able to access it, so it defeats the purpose. But I like this proposal much more! MavropaliasG (talk) 08:48, 21 June 2021 (UTC)[reply]

If someone need to mask their IP for whatever reason, why not create an account that not even requires and email and mask their IP that way? I strongly oppose. Mauricio V. Genta (talk) 14:31, 10 May 2021 (UTC)[reply]

"If someone need to mask their IP for whatever reason, why not create an account that not even requires an email and mask their IP that way?" Yes Mauricio V. Genta, I have been thinking the same thing. But I have something for you here. It's a report on the value of IP Editing (editing without an account).

Also, I have heard some community folk share stories of how IP Editing (and not bothering with creating an account) on their first-day of editing gave them easy access and kept them coming back. Maybe we are still considering such people? That made me pause for a bit.

However, we still need to agree on the future, and this engagement will assist us to do this. You can check out DKinzler (WMF)'s comment about Temporary Accounts. Is that something of interest? Gracias! ––– STei (WMF) (talk) 22:16, 25 May 2021 (UTC)[reply]

Hello Mauricio V. Genta, I have some new information. In this update, there are details on the proposal for sharing IP addresses with those who need access and there’s also an update on tool development. Please pass by and check the new details out and give your feedback. STei (WMF) (talk) 15:33, 14 June 2021 (UTC)[reply]

As far as I can see, this would make it impossible to effectively combat vandalism, without adding any benefit. There are some IP-Ranges, whose recent contributions I regularly check, cause they are the frequent source of vandalism. It seems to me, that you want to take away the possibility to do so. This will also give anonymous users the possibility to harass other people, and hindering fast detection. There are some IP ranges, that are known to add insulting statements (i.e. harassment) to items about certain living people. But since this has already been decided by the foundation without achieving consensus in the community, it's probably pointless to elaborate any further. It's just very frustrating to spend hundreds of hours combating vandalism, just to have the foundation that I am paying to help the community is instead putting a lot of unnecessary obstacles in the way. It's usually not my style to write a rant like this, but after reading this absurd "RfC" i really felt the need to vent about this decision. If you don't want to have your IP address publicly logged, create an account, for gods sake. -- Dr.üsenfieber (talk) 22:32, 10 May 2021 (UTC)[reply]

Dr.üsenfieber yours fears are real and hey, feel free to rant. Volunteer editors build these wikis and you should be able to speak your mind. And your notion of this engagement is about absurdity because you would prefer that we make account registration a take it or leave affair. But you know this Movement, we discuss everything and not just that, we have people who are worried about the missing value of IP editing and also the barrier of account creation. And then lastly, while we are internally figuring this out, the times are calling for more privacy for users. Hard decisions need to be taken. –––STei (WMF) (talk) 22:44, 25 May 2021 (UTC)[reply]

Without being familiar with the whole picture solutions to the one problem you know have the potential to increase problems in every other aspect, to create new problems and to surface problems that have been kept in relative control for a long time. I am not going to deny that the way IPs are dealt with in our wikis is a delicate matter, but it does not make sense to me that we talk about changing the way we "do IPs" without talking about anti-harassmant tools, procedures etc. Anyone who has taken part in anti-vandalism campaigns, newbie patrolling, toxic editor pushbacks or similar knows how hard this job is with the possibilities we have had so far. What I urge for is not just a promise that there is awareness for these issues but for "whole picture solutions" that come along with what is planned here. → «« Man77 »» 16:55, 11 May 2021 (UTC)[reply]

«« Man77 »» would you like to propose tools? You can look at this page and let me know what you think will work, or even build your own ideas. You should also look at the two proposed in the RFC (Sockpuppet Detection Tool and IP Info Tool). You can email me, or we can document what you have; just let me know. ––– STei (WMF) (talk) 22:44, 25 May 2021 (UTC)[reply]

Hello «« Man77 »» , I have some new information. In this update, there are details on the proposal for sharing IP addresses with those who need access and there’s also an update on tool development. Please pass by and check the new details out and give your feedback. STei (WMF) (talk) 15:34, 14 June 2021 (UTC)[reply]

The only way to find that out is to have the new API available along for the old API for a good portion of time and see whether the old API is still needed.

The general idea of software development is to make minimum viable products. You deploy the minimum viable products and see whether they do the job and where they need to be improved. There's no reason to use the waterfall approach here. Deploy the new API's and well see whether they do the job or whether there's still something for which the old API's are needed. Wait a few months, ask for what the old API's are needed and then work on solving those usecases. Only when all the usecases are solved, the old API should be shut off. ChristianKl ❪✉❫ 10:50, 11 May 2021 (UTC)[reply]

Hello ChristianKl ❪✉❫, I have some new information. In this update, there are details on the proposal for sharing IP addresses with those who need access and there’s also an update on tool development. Please pass by and check the new details out and give your feedback. STei (WMF) (talk) 15:36, 14 June 2021 (UTC)[reply]

Over the past months and years, I have heard two things discussed in this context: IP masking (representing an anonymous editor by a random string rather than their network address) and temporary account creation (creating an account with a random name).

I think it's important to understand that these two things are quite different, and have very different implications for the engineering as well as for admin workflows. They achieve a similar thing, but in very different ways. IP masking is easier to implement, but has less potential for improving experience and engagement for new users. Temporary accounts are more of a chellange technically, and require us to re-think a critical aspect of edit patrolling workflows: identifying anonymous edits.

If we automatically create accounts, there are no more anonymous edits. But we still need some easy way to flag "casual edits" for patrolling, so we would need some kind of "temporary user" flag. Would that be synonymous with "anonymous"? Would the two concepts live side by side?

Anyway, my point is: we have to make sure we always know which of the two options we are discussing, and what the implications are. -- DKinzler (WMF) (talk) 10:53, 11 May 2021 (UTC)[reply]

Hello DKinzler (WMF), I have some new information. In this update, there are details on the proposal for sharing IP addresses with those who need access and there’s also an update on tool development. Please pass by and check the new details out and give your feedback. STei (WMF) (talk) 15:37, 14 June 2021 (UTC)[reply]

Forcing myself to be more wholesome, then earlier. I tried to compile a (non-exhaustive) list of requirements that I'd see, to minimize the harm, that the decision of the foundation does to anti-vandalism work.

Non-functional Requirements

• Accessibility: A lot of counter-vandalism is done by non-admins, who do not have elevated privileges other then autoconfirm/rollbacker. Information that is necessary to identify and track vandals (i.e. all features mentioned below) must be accessible to all users who need it, not just admins.
• Compatibility: All changes should be implemented in ways that do not break existing third-party counter-vandalism-tools.

Functional Requirements

• Pseudonymity: There must be a possibility to identify all contributions from the same IP. IPs could be replaced with a pseudonym in version histories. Pseudonyms must enable everyone to ping contributors and leave them a message on their talk page.
• Range checks: Long-term vandals tend to use the same IP range for a long period of time. There must be a feature that enables vandalism-fighters to see the AS a user is accessing from. The ASN can be replaced with a pseudonym. There must be a possibility to see the recent contributions from a given AS.

-- Dr.üsenfieber (talk) 20:57, 12 May 2021 (UTC)[reply]

There is also one big problematic group - scholl vandals. On cs.wiki there is abusefilter which marks in RC all edits made from certain IP. And because we know, that some of these IP belongs to "Elementary school in Lower Upper", we can write to this school "Hello, you have some student, which makes stupid edits on WIkipedia every monday between 9-10, please, can you do something with it?" JAn Dudík (talk) 12:27, 17 May 2021 (UTC)[reply]

Hello JAn Dudík, I have some new information. In this update, there are details on the proposal for sharing IP addresses with those who need access and there’s also an update on tool development. Please pass by and check the new details out and give your feedback. STei (WMF) (talk) 15:39, 14 June 2021 (UTC)[reply]

@STei (WMF): Will this be a global right? I.e. will I still be able to hunt cross wiki vandalism, without requesting global adminship? -- Dr.üsenfieber (talk) 06:31, 16 September 2021 (UTC)[reply]

Given the problems at Wikidata, it would be more helpful if WMF staff would help local admins deal with problems generated by IP rathers than making it harder to identify them. --- Jura 06:24, 20 May 2021 (UTC)[reply]

Hello Jura, I have some new information. In this update, there are details on the proposal for sharing IP addresses with those who need access and there’s also an update on tool development. Please pass by and check the new details out and give your feedback. STei (WMF) (talk) 15:40, 14 June 2021 (UTC)[reply]

• Wondering why this should be so difficult. Simply replacing the IP with a code that is unique for that IP would do the trick, won't it? Only checkusers would need to see the naked IP. Whenever an IP'er makes their first edit, they will get a code and they keep it as long as they use that IP. Ideally this code would be human readable, containing the timestamp, e.g. two random consonants, the timestamp and possibly a tail of random numbers. Say XM-2021-05-14--09:23--0982 for someone who made their first ever edit this morning. Such an implementation would actually enhance vandalism control, as the code is much more readable than an IP, especially the v6 variety — bertux 19:37, 14 May 2021 (UTC)[reply]
  • Or does even such a begign code pose a risk for users in repressive countries? Strictly taken a secret agency could infer information about time zone and topics of interest from the code. But I think there are easier ways to track citizens than analyzing their Wikipedia behaviour — bertux 19:46, 14 May 2021 (UTC)[reply]

the problem is that you couldn't check the contributions of an IP range anymore, which will cause a lot of vandalism to go undetected for long periods of time. -- Dr.üsenfieber (talk) 09:32, 15 May 2021 (UTC)[reply]

This may hinge on technicalities. On Dutch Wikipedia talk pages for IPv6-ranges are routinely merged, stripping the last 16 numbers or so, and assuming they belong to the same editor. Perhaps an automated process could do this beforehand?

Hello — bertux, I have some new information. In this update, there are details on the proposal for sharing IP addresses with those who need access and there’s also an update on tool development. Please pass by and check the new details out and give your feedback. STei (WMF) (talk) 15:40, 14 June 2021 (UTC)[reply]

In general I really like the concept idea of IP + (plus) IMEI (or IMAC) address being a unique code, but I would advise for there to be a way to identify countries, perhaps by using a country code like CHN, USA, NLD, Etc. -- Donald Trung/徵國單  (討論 🀄) (方孔錢 💴) 07:07, 26 May 2021 (UTC)[reply]

Hello 討論 🀄, I have some new information. In this update, there are details on the proposal for sharing IP addresses with those who need access and there’s also an update on tool development. Please pass by and check the new details out and give your feedback. STei (WMF) (talk) 15:44, 14 June 2021 (UTC)[reply]

You're mentioning that a new right will be introduced, that enable users who are combating vandalism to see IP addresses. I am wondering: Will this be a global right? From a Wikidata perspective it is crucial to be able to trace vandals across Wikis. Here's an example: 85.192.78.66 was vandalizing Spanish labels on Wikidata. It is likely that they where vandalizing in the Spanish Wikipedia as well, so I need to be able to go to es:Especial:Contribuciones/85.192.78.66 and check their contributions to eswiki, without having to ask for permissions in the local project. -- Dr.üsenfieber (talk) 10:53, 20 November 2021 (UTC)[reply]