Talk:IP Editing: Privacy Enhancement and Abuse Mitigation/Persistence

From Meta, a Wikimedia project coordination wiki

Example[edit]

Let me start by giving just one example: in my volunteer capacity, I’m a recent changes patroller and admin. On my home wiki, we have a big problem with middle schools being a major source of vandalism but not seeing a lot of useful editing. Instead of having to deal with this year-round, we have identified the IPs behind many schools. When we see recurrent vandalism, we block them until the end of the school year, which is one of the pre-specified amounts of time when blocking someone on Swedish Wikipedia. That way, we don’t waste time fighting vandalism again and again until we do a longer block. This builds on the individual schools having fairly long-term IPs that we can connect to previous years, so we need this connection to somehow remain. /Johan (WMF) (talk) 13:24, 15 October 2020 (UTC)[reply]

Research[edit]

Also, I'll copy a few research notes from User:CLo (WMF) here.

Persistent identity

Important for flagging static public IPs, e.g. public libraries; lets patrollers, admins, other editors know to expect certain kinds of behaviour and a very specific communication challenge For long-term editors who don’t want to register (for whatever reason), the IP address becomes their identifier - this will go away with masking, unless they somehow tie their masked IP to the address, thus negating the entire point of masking Recognizing IPs with a mixture of good/problematic editing behaviours: in this case the IP address is really functioning the same way a persistent username would, only in this case it’s an IP address.

Anti-vandalism

  • Identification of sleeper alt accounts
  • Inactive IPs suddenly being used again after a significant period of dormancy is suspicious in its own right: can be evidence of compromised device, botnet etc.
  • Establishing patterns of behaviour for LTAs: IP range is one of the identifying characteristics of an LTA

In all of these instances the assumption is that a single device (which may or may not have multiple users) is using the same IP indefinitely. This assumption is severely complicated when it comes to dynamic or shared IPs, especially for mobile devices where a single IP address can easily be used and reused by multiple otherwise unconnected devices. /Johan (WMF) (talk) 13:24, 15 October 2020 (UTC)[reply]

Range issues[edit]

Some users change their Ipv6 address while editing, making it possible to only persistently track them using higher ranges, and to only be able to effectively block them using range blocks. For example [[1]] Is a Seoul IP address range, while some of the editing made on the range is constructive, the majority of edits are made by a single anonymous user who makes unconstructive unexplained edits to Dinosaur related articles. While their IP address is consistent within a session, the IP address would be a different address within the same range when they would return to make the same edits a few days later, meaning that simply blocking the exact IP address (and therefore the anonymous identity after masking is implemented) is ineffective in dealing with them. Would there be some way of preserving range functionality when dealing with persistant vandals who have dynamic IP addresses on the same range? Hemiauchenia (talk) 23:11, 17 October 2020 (UTC)[reply]

Apparently using Crypto-PAn would anonymise the IP addresses while preserving range structure. Hemiauchenia (talk) 23:43, 17 October 2020 (UTC)[reply]