Edición de IP: Mejora de Privacidad y Mitigacion de Abusos

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search
This page is a translated version of the page IP Editing: Privacy Enhancement and Abuse Mitigation and the translation is 44% complete.
Other languages:
English • ‎Türkçe • ‎español • ‎français • ‎italiano • ‎polski • ‎беларуская (тарашкевіца)‎ • ‎български • ‎中文 • ‎日本語


Main project page (discuss)
Ideas for privacy enhancement (discuss)  · Improving anti-vandalism tools (discuss)


Nota: Esta propuesta de proyecto está en etapa de borrador temprano. Vuestros comentarios son muy bienvenidos en la Página de discusión.

Resumen

El mundo está avanzando en la técnica y en la conciencia de la privacidad. Los usuarios son más conscientes que nunca del conjunto de su información personal y su uso, y como su incorrecto uso puede desembocar en acoso o abuso. Muchos sitios web, incluyendo los proyectos de Wikimedia, estan continuamente trabajando para reevaluar y mejorar las protecciones de privacidad de los usuarios. Como parte de ese esfuerzo, la Fundación Wikipedia se está embarcando en una mejora técnica de los proyectos, y nos gustaría vuestra opinión.

MediaWiki almacena y publica las direcciones IP de colaboradores no registrados (como parte de su firma, en el historial de la pagina y en los logs), visibles para cualquiera que visite nuestros sitios. La publicacion de dichas direcciones IP pone en riesgo la seguridad y anonimato de esos usuarios y, en algunos casos, pueden incluso llevar al peligro de la persecución gubernamental hacia esas personas. Debería ser posible proveer una protección de privacidad mejorada para los contribuyentes no registrados ocultando su IP cuando contribuyen a los proyectos.

Indiscutiblemente, los proyectos de Wikimedia tienen una muy buena razón para guardar y publicar las direcciones IP: juegan un papel crítico a la hora de mantener el vandalismo y el acoso fuera de nuestras wikis. Es muy importante que los contribuyentes, admins y funcionarios tengan herramientas que permitan identificar y bloquear vandalos, títeres, editores con conflicto de intereses y otros malos actores.

La Fundación Wikimedia cree que, trabajando con checkusers, ayudantes y anti-vándalos, es posible encontrar una manera de proteger la privacidad de nuestros usuarios mientras mantenemos nuestras herramientas anti-vandalismo trabajando como lo están haciendo ahora. A partir de ahí, se ha decidido en trabajar sobre como proteger las direcciones IP de nuestras wikis -- incluyendo restringir el número de personas que pueden ver las direcciones IP de otros usuarios, y reduciendo el tiempo que esas direcciones IP están almacenadas en nuestras bases de datos y en nuestros logs. Es importante indicar que una parte critica de este trabajo será para asegurar que nuestras wikis mantengan el acceso al mismo (o mejor) nivel de herramientas anti-vandalismo y que estén fuera del riesgo de afrontar abusos.

La Fundación Wikimedia no tiene todavía planes definidos sobre como abordar esta doble meta de proteger la privacidad del usuario manteniendo las herramientas a nuestros contribuyentes para proteger de forma efectiva nuestras wikis de vandalismos y abusos. Es vital que los desarrolladores trabajen en colaboracion con los checkusers, ayudantes y otros contribuyentes para identificar los cambios necesarios que se tienen que aplicar a las herramientas de proyecto y procedimientos de Wikimedia. Mientras hay algunas discusiones sobre las implicaciones técnicas y de seguridad de este proyecto, la Fundación Wikipedia está esperando oir de las comunidades Wikimedia acerca de las implicaciones sociales antes de decidir los siguientes pasos a tomar en este proyecto.

Este es un gran desafio, y es por eso que ha sido pospuesto año tras año. Pero en vista de la evolucion de los estándares de privacidad de los datos en Internet, la Fundación Wikimedia cree que es ahora el momento de atajar este problema.

Motivación

Una dirección IP puede ser usada para encontrar la ubicación geográfica de un usuario y/o institución, asi como otra información personal que permite identificarle, dependiendo de como y a través de quien se haya asignado la dirección IP. Esto muchas veces implica que dicha dirección IP pueda ser usada para fijar quien hizo exactamente una edición y desde donde, sobre todo si el pool del usuario es pequeño en una zona geográfica.

Concerns around exposing IP addresses on our projects have been brought repeatedly by our communities and the Wikimedia movement as a whole has been talking about how to solve this problem for at least fifteen years. Here’s a (non-exhaustive) list of some of the previous discussions that have happened around this topic:

Investigación

"Véase tambien:Research:IP masking impact report."

A Wikimedia Foundation-supported report on the impact that IP masking will have on our community.

Puntos clave

IP addresses are valuable as a semi-reliable partial identifier, which is not easily manipulated by their associated user. Depending on provider and device configuration, IP address information is not always accurate or precise, and deep technical knowledge and fluency is needed to make best use of IP address information, though administrators are not currently required to demonstrate such fluency to have access. This technical information is used to support additional information (referred to as “behavioural knowledge”) where possible, and the information taken from IP addresses significantly impact the course of administrative action taken.

On the social side, the issue of whether to allow unregistered users to edit has been a subject of extensive debate. So far, it has erred on the side of allowing unregistered users to edit. The debate is generally framed around a desire to halt vandalism, versus preserving the ability for pseudo-anonymous editing and lowering the barrier to edit. There is a perception of bias against unregistered users because of their association with vandalism, which also appears as algorithmic bias in tools such as ORES. Additionally, there are major communications issues when trying to talk to unregistered users, largely due to lack of notifications, and because there is no guarantee that the same person will be reading the messages sent to that IP talk page.

In terms of the potential impact of IP masking, it will significantly impact administrator workflows and may increase the burden on CheckUsers in the short term. If or when IP addresses are masked, we should expect our administrators' ability to manage vandalism to be greatly hindered. This can be mitigated by providing tools with equivalent or greater functionality, but we should expect a transitional period marked by reduced administrator efficacy. In order to provide proper tool support for our administrators’ work, we must be careful to preserve or provide alternatives to the following functions currently fulfilled by IP information:

  • Block efficacy and collateral estimation
  • Some way of surfacing similarities or patterns among unregistered users, such as geographic similarity, certain institutions (e.g. if edits are coming from a high school or university)
  • The ability to target specific groups of unregistered users, such as vandals jumping IPs within a specific range
  • Location or institution-specific actions (not necessarily blocks); for example, the ability to determine if edits are made from an open proxy, or public location like a school or public library.

Depending on how we handle temporary accounts or identifiers for unregistered users, we may be able to improve communication to unregistered users. Underlying discussions and concerns around unregistered editing, anonymous vandalism, and bias against unregistered users are unlikely to significantly change if we mask IPs, provided we maintain the ability to edit projects while logged out.

Plan de implementación

El proyecto actualmente está en fases muy tempranas de discusión y no tenemos todavía un plan concreto para el. Esperamos tener una gran implicacion por parte de la comunidad activa mientras decidimos entre distintas ideas sobre que podría funcionar mejor.

The general idea is that edits will be recorded using an automatically-generated, unique, human-readable identifier instead of the IP address when an edit is made by an unregistered user. This identifier will stay consistent over a session and possibly longer, depending on implementation details. We will keep a mapping of the identifier to the IP address in the database for a limited time period and surface it as required for our functionaries.

Preguntas frecuentes

Q: Will users with advanced permissions such as CheckUsers, Admins, Stewards still have access to IP addresses after this project is complete?

A: We don’t yet have a definitive answer to this question. Ideally, IP addresses should be exposed to as few people as possible (including WMF staff). We hope to restrict IP address exposure to only those users who need to see it.

Q: How would anti-vandalism tools work without IP addresses?

A: There are some potential ideas for achieving this goal. For one, we may be able to surface other pertinent information about the user instead of the IP to the functionaries that provide the same amount of information. In addition, it may be possible to automatically verify if two separate user accounts link to the same IP, without exposing the IP - in cases of sockpuppet investigations. It’s also possible that anti-vandalism tools will continue to use IP addresses, but will have restricted access. We will need to work closely with the community to find the optimal solutions.

Q: If we don’t see IP addresses, what would we see instead when edits are made by unregistered users?

A: Instead of IP addresses, users will be able to see a unique, automatically-generated, human-readable username. This can look something like “Anonymous 12345”, for example.

Q: Will a new username be generated for every unregistered edit?

A: No. We intend to implement some method to make the generated usernames at least partially persistent, for example, by associating them with a cookie, the user’s IP address, or both.

Q: Will you also be removing existing IP addresses from the wikis as part of this project?

A: We will not be hiding any existing IP addresses in history, logs or signatures for this project. It will only affect future edits made after this project has been launched.

Q: Is this project the result of a particular law being passed?

A: No. Data privacy standards are evolving in many countries and regions around the world, along with user expectations. We have always worked hard to protect user privacy, and we continue to learn from and apply best practices based on new standards and expectations. This project is the next step in our own evolution.

Q: What is the timeline on this project?

A: As mentioned above, we will not be making any firm decisions about this project until we have gathered input from the communities. We'd like to figure out sensible early steps that a development team could work on soon, so we can get started on what we think will be a long project, but we're not hurrying to meet a particular deadline.

Q: How do I get involved?

A: We would love to hear if you have ideas or feedback about the project! We would especially like to hear if you have any workflows or processes that might be impacted by this project. You can drop your thoughts on the talk page or fill out this form and we’ll reach out to you. Some of us will be at Wikimania and would love to meet you there as well.