Talk:IP Editing: Privacy Enhancement and Abuse Mitigation

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search

Main project page (discuss)
Ideas for privacy enhancement (discuss)  · Improving anti-vandalism tools (discuss)

IP Editing: Privacy Enhancement and Abuse Mitigation Archive index
This page is to collect feedback for the privacy enhancement for unregistered users project.
Hoping to hear from you. You can leave a comment in your language if you can't write in English.
Filing cabinet icon.svg
SpBot archives all sections tagged with {{Section resolved|1=~~~~}} after 7 days and sections whose most recent comment is older than 90 days.

Support and Oppose List[edit]

This list documents who supports and opposes it. It is useful for a numerical summary of the tangled page below, and also to be clear about who thinks what. Feel free to add your own name to it.

Editors in support of this proposal[edit]

  1. Yger
  2. Gnom
  3. Jeblad
  4. There's a lot that can be done to improve the tooling and implementation of IP editing that can improve the workflow (for registered editors) of canonizing or reverting those edits. Not showing IP addresses directly would also improve the current flaw of SPI, that favors logged-out abuse by refusing to connect IP edits to accounts. These avenues are worth exploring and deciding whether to use them when exact solutions are proposed for the issues raised. —Aron Man.🍂 hist🌾 13:01, 7 November 2019 (UTC)

Editors in opposition to this proposal[edit]

  1. Computer Fizz
  2. MER-C
  3. Incnis Mrsi
  4. LightandDark2000
  5. Winged Blades of Godric
  6. Roy17
  7. Johnbod
  8. OhKayeSierra
  9. Vituzzu
  10. Benjamin
  12. Jni
  13. 2001:999:82:9855:DC90:883A:206A:2
  14. GreenMeansGo
  15. Раммон
  16. Veracious
  17. Brandmeister
  18. Millennium bug
  19. PaleoNeonate
  20. Udo T.
  21. Someguy1221
  22. ネイ
  23. Nosebagbear - I'd only support limiting vision to autoconfirmed users.
  24. Ajraddatz
  25. Bbb23
  26. Cullen328
  27. Nick-D
  28. BrownHairedGirl
  29. Ched
  30. Kudpung
  31. Pharaoh of the Wizards
  32. AlasdairW
  33. Llywrch
  34. 2A01:E35:39AE:B540:BD22:78D9:FBE5:D3B9
  35. Camouflaged Mirage
  37. Nyttend
  38. Deepfriedokra
  39. Matthiasb
  40. Blue Rasberry (talk) 20:51, 27 August 2019 (UTC)
  41. Gryllida
  42. Berean Hunter
  43. Edoderoo
  44. Ahmad252
  45. Victar
  46. OJJ
  47. Rschen7754
  48. Smallbones
  49. FocalPoint
  50. Indy beetle
  51. आर्यावर्त (talk) 07:06, 29 August 2019 (UTC)
  52. Arthur Rubin T C (en: U, T). I thought I was clear. I'm opposed, but would be willing to reconsider if better anti-vandalism tools are provided to all (including IPs), and provide better coverage than existing IP-based tools. 05:36, 28 August 2019 (UTC)
  53. Johnuniq (talk) 07:06, 28 August 2019 (UTC) I might have been too subtle below.
  54. Vehemently. Praxidicae (talk) 19:59, 28 August 2019 (UTC)
  55. Strongly, WMF start solving real problems first - you have open bugs and feature requests from 10 years ago. --Dirk Beetstra T C (en: U, T) 07:56, 29 August 2019 (UTC)
  56. Sunny00217
  57. Double sharp (talk) 02:38, 1 September 2019 (UTC)
  58. JFG
  59. Vermont
  60. — Draceane talkcontrib. 07:29, 3 September 2019 (UTC)
  61. Celia Homeford (talk) 12:58, 3 September 2019 (UTC)
  62. Very trivial issue that seems like a pointless chore to implement, let alone put into effect. Do I even need to stress why this will cause more problems than it solves? (Especially when others put it better than I can.) ToThAc (talk) 23:35, 4 September 2019 (UTC)
  63. Vojtasafr (talk)
  64. What a terrible idea Nomad (talk) 16:59, 5 September 2019 (UTC)
  65. Strongly oppose. --Homo ergaster (talk) 17:11, 5 September 2019 (UTC)
  66. All or nothing; implement mandatory registration or leave it as it is. PCHS-NJROTC (talk) 23:46, 8 September 2019 (UTC)
  67. No. Make it possible for the patrollers to also see ip's of logged-in accounts to track puppetry. --Madglad (talk) 03:33, 9 September 2019 (UTC)
  68. * Pppery * it has begun 03:44, 9 September 2019 (UTC)
  69. MrClog (talk) 18:49, 10 September 2019 (UTC)
  70. Trialpears - IP editors are aware that their IP will be shown and if that's a major problem they can register an account without even an email.
  71. Oppose.As noted below is voluntary and it is disclosed that the IP address will be visible to anyone anon making an edit. Now as some other editors have pointed that we can make this more clear to the IP editors by having a checkbox as pointed out below and through it is already clearly mentioned Your IP address will be publicly visible if you make any edits. and Saving the change you are previewing will record your IP address in this page's public edit history. but we can have a checkbox in addition to this to be even more clearer.Pharaoh of the Wizards (talk) 20:12, 15 September 2019 (UTC)
  72. Notrium
  73. nsaa (talk). I really don't see any advantages of doing this masking. One of the cornerstones of the Wikipedia projects has been the ability to edit directly from your IP address. It's easy to handle vandalism from Schools (and help teachers). You can do range blocks, you can create 3rd party services like this Twitter account that send out all editing done from the Norwegian Parliament Stortinget at etc. 06:34, 12 October 2019 (UTC)
  74. Accountability and reputation are good for the projects. Accountability and reputation require a persistent identity, and the only way to have persistent identity is via usernames. This proposal wouldn't make identity less persistent, but it would make it more difficult to make it more so. It would do that by lending fresh legitimacy to shifting identity, as well as increasing our investment in it, whereas we are currently just tolerating what was created in the beginning and has outlived its usefulness; i.e. unregistered editing. Mandruss (talk) 00:23, 15 October 2019 (UTC)
  75. Jéské Couriano (v^_^v)
  76. Oppose. Creating an account expresses a wish to be part of the community. If an editor does not want to be part of the community, then we owe them nothing. -- Llywrch (talk) 16:56, 3 November 2019 (UTC)
  77. See EN:WP:SNOW. In other words, "given the overwhelming results here, this doesn't have a snowball's chance in hell". Alsee (talk) 23:58, 7 November 2019 (UTC)
  78. Per IP Editing: Privacy Enhancement and Abuse Mitigation#Q: Will users with advanced permissions such as CheckUsers, Admins, Stewards still have access to IP addresses after this project is complete? I am opposed to preventing trusted admins on a site from being able to see IP addresses. This is critical to preventing abuse and harrasement of participants. --mikeu talk 06:53, 27 November 2019 (UTC)
  79. This would be a mistake. It's easy enough to create an account and we shouldn't give IP editors another reason to refrain from doing so. Also, consensus is pretty clear that this is a no-go, so I suggest that the WMF move on to something else. Lepricavark (talk) 23:14, 28 December 2019 (UTC)
  80. Some vandals may think twice to vandalise if they know the fact that they can be tracked by ip.Ionutzmovie (talk) 20:20, 13 January 2020 (UTC)
  81. This is a solution to a problem that doesn't exist (as any IP editor in good standing can request an account); furthermore it could create a huge raft of problems for vandal fighters and anyone wanting accountability from IP editors. Please don't do it! Mrjulesd (talk) 15:25, 19 January 2020 (UTC)
  82. Per Mike. --Achim (talk) 23:02, 20 January 2020 (UTC)
  83. Dreamy Jazz. How would range blocks even work? How would you be even able to work out what range block is needed? Also how would you be able to connect IPs based on similar addresses? How can regular users prove socking using IPs to justify a CU check for other accounts or to connect accounts when the accounts may not have enough evidence to support a check at SPI on enwiki? How can regular users detect and find abuse by similar IPs? How can range blocks be even seen or vetted by the community (if only administrators (or other trusted roles) have access to the IP addresses affected by the range block)? How can IP addresses affected by a range block see what IP range block is affecting them and how would an administrator be able to determine if the editor is caught up in the range block is close enough to the problem IP addresses or far away enough that it is likley not the problem user(s)? How can abuse by IP editors, by just removing the cookie, stop IPs from just changing their on wiki "name" to avoid blocks or detection? How many anonymous users will be created, especially on busier IP addresses, which may be a computer with potential thousands of different users who could log in using their profile (so have their own cookie) (like a school or work computer)? How can this system prevent spamming of the creation of new "names" for IP addresses (like a person could just set up a script which makes an edit, then removes the cookie and then makes another edit)?
I have many more issues with this and so I in the strongest possible terms oppose this unless all the issues I mention above are no longer a problem. I also think that there is no way to mitigate some the problems and the current proposal is very unlikely to work as well as what is currently in place. This will only make it easier for abuse by IPs and make it harder to detect. I understand the privacy concerns, but perhaps a tick box for an IP to press to confirm that they understand their edit is associated to their IP. Perhaps a cookie could be used to store if the IP agreed to this. If this proposal is implemented without proper fixes to many, many issues, content on the wikis will get worse as IPs are harder to block and undisclosed paid activities will be so so so much easier to carry out. If this is implemented, I see my ability to prevent block evasion and ban evasion before it happens completely gone as a block of a IPs "name" would be so easy to get around. Dreamy Jazz 🎷 talk to me | my contributions 01:26, 21 January 2020 (UTC)


( incomplete list, will add more later feel free to add your own name ) Computer Fizz (talk) 19:45, 27 August 2019 (UTC)

I have moved this to the top for visibility and collection reasons. Also, to show the WMF because their pronouns and implications imply this is, in some universe, going to pass. Computer Fizz (talk) 02:17, 28 August 2019 (UTC)
Their stated goal here is to develop the anti-abuse infrastructure to the point of no longer needing to reveal IPs. Our anti-abuse infrastructure is not ideal as-is, so this is something that I (and I would hope others) would be open to. But yes, I would oppose implementing IP masking alone. – Ajraddatz (talk) 02:46, 28 August 2019 (UTC)
So are you saying i shouldn't have put your name under oppose? Computer Fizz (talk) 03:18, 28 August 2019 (UTC)
I'm saying that you seem to be reacting to the "privacy enhancement" part of this proposal, not the "abuse mitigation" part. – Ajraddatz (talk) 11:46, 28 August 2019 (UTC)

I don't feel like such lists are useful. This is not a vote and at least I don't want that someone add my name on list based on how he/she see my opinion. That's why I took off my name from there. Stryn (talk) 20:42, 28 August 2019 (UTC)

Yeah, that's not usually how RFC's work. Normally people add themselves. I think others have objected to being spoken for as well. SQLQuery me! 16:04, 29 August 2019 (UTC)
I never said this list would be the final decider in whether or not it passes. it's just a proof of concept, a visual representation of who thinks what, and to show to those who act like people enjoy this idea. And i'm sorry if you felt like i was trying to speak for you, when prepopulating the list from discussion i left out a lot of editors who i wasn't entirely sure what they thought. if you want to remove your name i won't be offended but i also don't see the harm in keeping it. Computer Fizz (talk) 23:26, 29 August 2019 (UTC)
I haven't checked every name in the list, but a quick scan of this page for the exchange between and suggests this list is going to be highly dubious. Let's put it another way Computer Fizz. Do you oppose improvements to anti-vandalism tools if it resulted in increased privacy? It's fine to suggest that you've explored all the options and have ruled out any alternatives to publicly displaying IP addresses. But I don't think that's really the case for the majority here. Not wanting change is an understandable reaction, but at this point we don't even know what the proposed change is going to be, so opposing it without fully understanding all the implications doesn't really make much sense. -- zzuuzz (talk) 23:57, 29 August 2019 (UTC)
My proposed change is to require people to create an account. The only real downside is that those ips that just make like one or two edits like fixing a typo then disappear forever probably won't wanna do that and it'll just go unfixed. That said, i still think it's miles better than the current proposal. Computer Fizz (talk) 08:02, 22 September 2019 (UTC)

Simpler solution - turn off IP editing[edit]

All of the privacy concerns identified here could be addressed by disallowing anonymous editing. In 2019, registering an account (with no requirement for email or any other kind of validation) is a ridiculously low bar. There would be substantial cost savings, since all of the design, specification, and creation of software necessitated by this "enhancement" would be eliminated. More to the point, Wikipedia volunteer administrators would not experience a substantial shift in their decades long practice. All of this seems obvious, but someone had to say it. Bitter Oil (talk) 18:34, 1 August 2019 (UTC)

As someone who has spent a lot of time blocking autoconfirmed vandalsocks, I have to also say that blocking new accounts is like playing Whac-A-Mole. There are good reasons for keeping unregistered users on IP addresses - namely being able to effectively block them. zzuuzz (talk) 18:47, 1 August 2019 (UTC)
If anyonymous editing were just turned off, or changes were sufficiently disruptive, I could forsee that on EnWiki the practice of warning vandals before blocking would be abandoned under a deluge of vandalism. Sentimentally, I would support a zero-tolerance approach to vandalism, but in reality this would breed even more trigger-happy admins, further reducing the wiki's welcomingness and diversity. BethNaught (talk) 19:14, 1 August 2019 (UTC)
I think the WMF is telling us that they are going to hide IP addresses. Leaving things as is does not seem to be an option. Turning off IP editing is much less work to accomplish the same goals. Perhaps they could use the budget for this project to work on better tools for admins instead. Bitter Oil (talk) 20:27, 1 August 2019 (UTC)
Your edit summary is unappreciated. I know very well that the WMF can play games, but I also know that the community is a match for them. Whether the WMF is being deceptive or not with this initiative, we have an opportunity to steer the direction or even stop it. As to whether they are being deceptive, I am not going to engage in any drama-mongering at this stage.
Ironically, if it hadn't been for the edit summary, I would have been sympathetic towards your comment. BethNaught (talk) 20:41, 1 August 2019 (UTC)
Community consultations don't have sections called "implementation plans" and don't say things like "We'd like to figure out sensible early steps that a development team could work on soon" and don't have the "Director of Engineering" fielding questions. It isn't drama-mongering to point out this is a done deal. Accepting that will greatly reduce the drama potential. Bitter Oil (talk) 21:21, 1 August 2019 (UTC)
I can really see where this looks like a done deal. It looks like that to me too. The phab ticket looks like a developed plan to implement it, the research paper looks like a prepared justification, it appears input is mostly being solicited on how to implement it - and not if it should be implemented, and it looks like this has been discussed privately for at least a year if not longer. Even as someone that thinks that this could be implementable with lots of hard work, a few to several years down the line - that's how this appears. SQLQuery me! 02:09, 5 August 2019 (UTC)
Of course, the drawback of "accepting something to avoid drama" is that the accepted thing may be a bad one. And turning off IP editing is likely going to be bad, since it will reduce participation, and we don't know what the impact will be. Jo-Jo Eumerus (talk, contributions) 21:34, 1 August 2019 (UTC)
  • Turning off IP editing is an awful idea that goes against Wikimedia's ethos of "anyone can contribute". We already have so many editor retention problems across the spectrum that adding another bar to initial participation would severely exacerbate our biggest problem. — Bilorv (talk) 18:44, 2 August 2019 (UTC)
  • I support this proposal. Speaking as an EnWiki admin, vandals seem much more likely to operate from unregistered accounts than registered ones. Requiring people to take the simple step of registering an account will considerably thin out the amount of vandalism volunteer admins need to respond to, for almost zero loss to content improvements. As noted above, it would also be simple and very low cost to implement. Nick-D (talk) 02:06, 3 August 2019 (UTC)
  • While the concern of barring new editors further is valid (there are people who prefer not to have an account tied to their edits), considering most people already make accounts for social media and other websites, it won't be a barrier to most. Thus, the removal of anon editing may be the right choice.
Additionally, just hiding IP addresses will hurt our current system (at least, on the English Wikipedia) - for instance, marking shared IPs or finding proxies will be exponentially more difficult as we will only be able to find them based on behavioral evidence, which is subjective and not as good as a "whois" search that can provide a definitive answer.
Both of these do provide a good reason to remove anon editing, but there is the spirit of Wikipedia at stake here as well. Ultimately it will be up to those who created said spirit to decide if it will change. Kirbanzo (talk) 14:13, 9 August 2019 (UTC)
  • As a member of the English Wikipedia, I endorse this idea for ironically the same reason User:Bilorv opposes it. In the past few years, I've been seeing some absolutely ridiculous blocks on shared IPs and even /16 ranges by ignorant administrators who are more interested in attempting to prevent school children (and immature adults for that matter) from ever being able to write silly comments on articles (which will never work on an open wiki) than promoting the fundamental Wikipedian philosophy of an open encyclopedia project where any person in the world can contribute to human knowledge. It's 2019, an increasing number of people only have internet through their cell phone, yet admins are thinking nothing of blocking /16 ranges belonging to the top four American cell companies because the likes of some punk 13 year olds circumventing their six year school block grinds their nerves so much that stopping them outweighs recruiting and retaining new users in their minds. It only takes a minute to register an account, and doing this will restrict IP blocks to CheckUsers, who should be experienced in recognizing patterns of abuse rather than blocking four year high schools for "repeat vandalism" because some girl wrote how awesome she thinks she is on an article *one time* after the expiration of a five year block. There has to be a better way to address vandalism than these massive blocks, and with privacy issues in mind, requiring registration seems to be a no-brainer at this point. PCHS-NJROTC (talk) 11:48, 8 September 2019 (UTC)
    It takes one minute to create an account and then you forget the details the next time you come back and have to sign up again, and that's too much hassle and then we lose an editor. The solution to admins making uneducated blocks is to educate those admins. Even 60 seconds to create an account is a genuinely very high barrier to the average first productive edit, which is something like "this sentence is missing a full stop" that the reader expects to take 10 seconds to fix, not a full 3 minutes (sign up, now it's redirected you to another page so find your way back, try to find the mistake again and click edit and then the code on the editing screen makes no sense to you so you either give up or have to spend another minute working out which bit the actual text is). I think it's quite rare for someone to go "I absolutely and unequivocally want to start editing Wikipedia as a hobby". More common is someone seeing things they can improve and gradually being drawn in. Forcing account creation cuts off that low entry bar. — Bilorv (talk) 15:03, 8 September 2019 (UTC)
    Finally someone gets it. I've literally made the same argument about people not waking up in the morning with a burning desire to become a Wikipedian, yet the admins on the English Wikipedia continue to say "oh, if someone wants to edit from the IP I blocked that represents 50,000 people, they can always submit a request to create an account." I particularly see this with school networks, but it is becoming an increasing problem on wireless networks and corporate networks too; admins argue that schools do nothing but vandalize, but that's simply not true. Personally, if a school gives us 15 edits in a month, 14 of which are vandalism, I think it's worth minimizing blocks on it because that one person who fixes vandalism for the first time from the school library may become a valuable administrator who fixes 100,000 articles but may never make that first edit if greeted with "to edit, please create an account at home and log in with it here" while the 14 troublemakers can always find another network to act stupid from. Not to mention, its easier from a vandal fighter's prospective when youth do their vandalism from school than at home or somewhere else because I can always watch the /24 range for Sarasota County Schools or the /16 range for the Florida Information Resource Network for silliness and get rid of it, whereas a DSL range with a couple of regular contributors who refuse to create an account is more difficult to monitor for garbage. Unfortunately, no matter how much I scream at admins for making foolish blocks, their behavior continues and I begin to look like the bad guy over there beating a dead horse. Eliminating IP editing knocks out two birds with one stone by addressing this privacy concern and discouraging administrative stupidity, and while having to create an account probably will create an inconvenience for newbies, people who are serious about wanting to participate are more likely to take a minute to create an account the usual way than to request an account be created for them. PCHS-NJROTC (talk) 18:02, 8 September 2019 (UTC)

Make registration compulsory[edit]

Feel it is better to make registration compulsory further no email or verification is required for anyone wishing to edit this project and anyone can do it within a minute rather than this. Further vandalism from an account is easy to detect and total privacy is there. Pharaoh of the Wizards (talk) 11:51, 2 August 2019 (UTC)

Never ever. Fundamentally anti-wiki. Winged Blades of Godric (talk) 12:16, 2 August 2019 (UTC)
It could be an automatic registration, with automatic username, linked to IP address, which is used every time this IP address uses WP without registration. This way, the IP is protected the same way a registered user is, and these accounts are managed with the same tools than registered users. No big changes, but the IP are protected. --Jean-Christophe BENOIST (talk) 12:35, 2 August 2019 (UTC)
How do we determine sock-hops or do range block and all that ..... Winged Blades of Godric (talk) 13:14, 2 August 2019 (UTC)
Maybe a smart algorithm can generate username from which we cannot infer IP, but that are close together when they are in the same IP range.. Feasible for IPV4 IMO but hard for IPV6.. --Jean-Christophe BENOIST (talk) 08:25, 3 August 2019 (UTC)
For example, if we use "WhoIs" on an IPV4 or V6, it gives us the CIDR/Range of the IP network. The algorithm could generate a random ID for this network. Then, the weak bits (the place in the network) can also be obfuscated in a deterministic way (hash for example). For example, WhoIs => => AEXFUU4XAB. 48 => EFFC8. Username => AEXFUU4XAB-EFFC8. MediaWiki retains of course a private table which can do the reverse. --Jean-Christophe BENOIST (talk) 08:42, 3 August 2019 (UTC)
I agree that compulsory registration goes against the wiki way, and I think that the value of allowing anonymous and easy contribution has been discussed often over Wikip/media's existence. The idea that Jean-Christophe puts forward is one possible solution, though it would still make identifying contributions from a range very difficult. A compromise might be to strongly encourage account creation, through a pop-up message when saving an edit while logged out that says "hey, this will make your IP address visible, are you sure you want that?" That combined with making the account creation process easier (for example, a check to confirm username availability before pressing the register button would be nice) might be the right balance between privacy and maintaining our anti-abuse systems. – Ajraddatz (talk) 12:55, 2 August 2019 (UTC)

Wake up folks, it's 2019. People have no problem registering for Instagram, Telegram, Facebook, etc. Registering an account is a very low bar to participation. Make up a username, solve a captcha, you're done. All the concerns expressed here about privacy and access to information are solved. This project is an unnecessary waste of resources. Bitter Oil (talk) 14:43, 2 August 2019 (UTC)

Sure but from an enwiki perspective (forgive me) it will result in a lot of backlogs, particularly at SPI. If I had to guess, a lot of IP edits are one off interested editors correcting a minor spelling error, adding a source, generally improving an article. So let's say someone finds a spelling error at Apple, they'd be forced to make an account to correct it. They come back 3 weeks later, can't remember the password, didn't register with an email, so they create another, then another, then another and it looks like sock puppetry. I don't see an issue for the most part with the current IP editing system and think that creating barriers to good faith editors (particularly those that work in anti-spam and anti-vandalism) is better for any project. The exception to this is the handful of sensitive IPs, like people editing accidentally (or intentionally) from their work address but that doesn't seem like a good reason to throw out the entire system. I would be really interested in a report on IP statistics before any serious changes are even proposed that outline the percentage of IP edits vs. account edits (if this already exists, my apologies.) Praxidicae (talk) 14:54, 2 August 2019 (UTC)
  • I think there are (at least) two objections to making registration compulsory. One is political, in that "the encyclopedia anyone can edit" is a key part of the Wikipedia proposition. OK, I know it's not literally anyone and never has been, but eliminating unregistered editing would be a big political move and I think many Wikipedia critics would see it as evidence of failure. The other objection is as Praxidicae suggests, that it prevents people who are predominantly readers from fixing typos, spelling and grammar errors casually in the course of their reading - and having to register an account to fix a typo you've just spotted would surely make it so that a lot of people wouldn't bother. Do we have any stats anywhere for the number of edits made that way? I suspect it's a lot. Instagram, Telegram, Facebook etc are all well and good, but people want the full social service from those and unregistered use of them doesn't make any real sense. Boing! said Zebedee (talk) 15:47, 2 August 2019 (UTC)
One would think that the quantity and quality of IP edits would be something well understood by the WMF, especially before proposing a project like this. But it is not. If you read the research report associated with this project, it states

A ​2007 study​, conducted by a Wikipedia user, indicated that about 80% of vandalism comes from unregistered users, but that vandalism represented only about 20% of total edits made byunregistered users.

But that 2007 study involved a total of 250 edits (of which 89 were from anonymous users). A tiny study over a decade ago is a very questionable basis for any assumptions. It seems to me that the idea of IP editing being beneficial is an ideological one, not an observed conclusion. Bitter Oil (talk) 16:05, 2 August 2019 (UTC)
The point discussed here is anonymous is not anonymous for an IP and only for a registered logged-in user.Pharaoh of the Wizards (talk) 20:12, 2 August 2019 (UTC)
I'd like to dispute People have no problem registering for Instagram, Telegram, Facebook, etc. on the grounds that a) they are social networks and not encyclopedias so not an apples to apples comparison and b) we have no evidence that Instagram, Telegram, Facebook et al would not receive more input if they allowed unregistered users. It's a quantitative judgment that is needed here. Jo-Jo Eumerus (talk, contributions) 20:20, 2 August 2019 (UTC)
I was not suggesting that the sites are the same, just pointing out registering for sites is something that people understand in 2019. This was not the case when Wikipedia began, but much has changed since then. I have no doubt that Instagram, Telegram, Facebook et al would receive more "input" if they allowed unregistered users but it would not be the kind of content that they want. Bitter Oil (talk) 21:38, 2 August 2019 (UTC)
  • You realize that compulsory registration will create exactly the same problems as masked IP editing, don't you? There's no difference in the impact of anti-vandal work, of identifying socks, of not being able to track edits by a specific IP or IP range whether the IP is masked or the potential editor has to create an account. The only difference is in the likelihood that someone will succeed in making the first edit without jumping through the "create an account" hoop. Risker (talk) 01:40, 4 August 2019 (UTC)
    I agree on that: registering an account only masks the IP (which can be done in other ways as well). This limits just the occasional vandalisms, for which CUs and other elaborate verification is pointless. That's true that there is a limit on the number of accounts that an IP can make, but I don't think that's sufficient to limit the attacks from LTAs. --Ruthven (msg) 14:03, 6 August 2019 (UTC)
  • Requiring registration would be a negation of the entire point of the project. It would be completely unacceptable. --Yair rand (talk) 02:23, 5 August 2019 (UTC)
  • Each site may separately decide whether to allow edits (or other activity) without registration. It is up to the whole Wikimedia people to decide on specifications of unregistered edits—where they are permitted—because fighting abuse requires coordination. Imagine editors’ IPs were hashed/encrypted on the site X, left open on the site Y, and hidden from the world on the site Z. Confusion and chaos among Wikimedia volunteers would arise from it. Incnis Mrsi (talk) 08:36, 5 August 2019 (UTC)
  • There seems to be at least two theories as to what would happen if we switch off IP editing and require everyone to create an account. The optimists think that none of the goodfaith edits will be lost and that many vandals will be deterred by this step. The pessimists fear that some readers will remain readers and not make those first edits as an IP that precede creating an account, and that the vandals and spammers will still be with us, but just a little harder to spot as they will now all create throwaway accounts. I'm very much with the pessimists, but willing to see a proper research project to test this out. But if it is true that IP editing is part of the "secret sauce" of this site and is one of the things that allowed us to see off rivals such as Citizendium, then it would be a mistake to lose it. WereSpielChequers (talk) 04:55, 7 August 2019 (UTC)
  • I remember a study being posted in en:WP:SIGNPOST maybe a year ago that found that a few registered editors were responsible for more than half the total edits, but that their edits were mostly WikiGnoming and the burden of content creation actually fell on IPs and accounts with a couple edits. The IPs' adding a sentence here and there well outweighed all the concerted content creation efforts such as FA/GA. DaßWölf 08:25, 10 August 2019 (UTC)
  • Re: the idea of IP editors willing to jump through more hoops to edit, the general UX wisdom in the e-commerce world is that hoops such as registration before the call to action can easily drive off the vast majority of the potential users. While WP's IP editors might be more "ideologically motivated" so to say, that sentiment can realistically take them only so far. DaßWölf 08:25, 10 August 2019 (UTC)

In my personal experience as a long-time volunteer and bureaucrat on, lots of our hard-to-detect minor typos and scanning errors are fixed by a random passer-by who came to read a text and encountered the typo in the middle of reading. This user will most definitely not bother to register (or log into their account even if the do have one already) just to fix that typo. The benefits of allowing anonymous editing far outweighs the cost of monitoring them.--Naḥum (talk) 16:31, 21 August 2019 (UTC)

To be honest, I don't like this idea, however, if it ties the hands of two specific administrators on the English Wikipedia (who I am not going to name as a courtesy to them) who think making a significant portion of the world population request an account in order to edit Wikipedia is good for our project, I'm for it. Some admins seem to see blocking as punishment rather than prevention, and they can't accept the fact that some vandalism is going to slip through the cracks and letting some things go is how the project remains open as intended; limiting IP access to CheckUsers (and keeping current CheckUser policies) will ensure that editors are judged by their contributions, not where they are editing from, and that a maximum number of the world population has the ability t contribute. PCHS-NJROTC (talk) 00:18, 9 September 2019 (UTC)

Research on the Value of IP editing[edit]

Several people asked me to respond to the sub-proposal about making account creation mandatory (#4 in NKohli (WMF)'s summary & response) in my capacity as an academic researcher who has studied non-registered contributions to wikis. I have worked with a number of collaborators to put together a response at User:Benjamin Mako Hill/Research on the value of IP Editing which I will eventually move to a page in the Research namespace. The very short version is that we think that research suggests mandatory registration will deter a large number of valuable contributions. We think it is a bad idea.

The page is not an argument against the current proposal to obscure IP address information. In fact, at least one papers we refer to would provide evidence in support of the idea that the proposed change could encourage valuable contributions from anonymity-seeking users. Our argument is focused on the value of unregistered contributors rather than the importance of identifying these editors by their IP addresses.

The page we've put together includes citations to studies that we we believe provide evidence for the claims that (1) many IP-based edits are valuable; (2) blocking IP edits may discourage newcomers from making their first edit; (3) contributing without an account opens a pathway to deeper contributions; (4) past trials of this idea have been damaging; and (5) several other considerations.

I think the strongest evidence is simply that similar experiments have resulted in substantial decreases in valuable contributions. This includes both (a) experiments were users were asked (but not forced) to register before editing Wikipedia and (b) evidence from 130+ Wikia wikis that switched to requiring accounts. Both experiments deterred vandalism and caused enormous collateral damage. Some users will create accounts in order to make valuable contributions. Many others will not.

The page we've put together was written by and has been signed by a number of academic researchers who study Wikipedia contribution dynamics. —mako 00:54, 11 September 2019 (UTC)

I haven't yet read the paper, but this paper would be an argument against IP masking, as Wikipedias would be required to revert sensible statistic edits to avoid having random statistic edits remain in the Wikipedia. There would be even less of a way to determine whether (say) a change of birth date from April 10 to April 12 is a vandal or an intelligent edit than there is now. — Arthur Rubin T C (en: U, T) 00:57, 12 September 2019 (UTC)
Possibly? It seems like it would depend quite a lot on details of how it is done that haven't figured out yet. In any case, the summary doesn't attempt to speak to the IP masking proposal in any systematic way. Just to the counter-proposal to make accounts mandatory. We think the evidence pretty compelling suggests that doing that would incur serious costs. —mako 02:55, 12 September 2019 (UTC)
I haven't had the time to look through everything on that page, but in the first section alone there is cause to wonder about the relevance of this research. Under the heading (and presumed conclusion) "IP-based edits are valuable", the first of the four points is drawn from a 2009 study. The second is drawn from a 2010 study. What was true a decade ago may no longer be true. The third point suggests that IP editors' first edits are no worse than the first edits of new accounts. That is not only a very low bar, it is not an argument that IP edits are valuable. The fourth point suggests that IP edits spur on registered users to (presumably) correct errors. To quote the abstract "Findings show that novice contributors have a direct negative effect on good quality". I question whether this is an unbiased overview of research. World's Lamest Critic (talk) 17:58, 4 October 2019 (UTC)
  • Irrelevant waste of time. The section "Make registration compulsory" was supported by about two or three people. The majority of responses in the section rejected the idea, and general community has clear and long established consensus against it. The report author clearly erred in characterizing this as a "major theme" of discussion on this page, and staff erred in thinking it would be a constructive response to the masking discussion to request this research.
    The relevant discussion on this page is an overwhelming rejection of masking, to the point of a presumptive community consensus to disallow masked editing. The relevant discussion on this page is the Foundation would be prohibiting users from contributing without registering, if they terminate IP-editing as part of a masking project. The community can and will block masked editing, and the community will not tolerate any attempt by the Foundation to place responsibility or blame on the community for prohibiting users from contributing without registering. If the Foundation attempts to deploy masked editing, with full knowledge that the community is not going to permit masked edits, then all responsibility and blame would lie with the Foundation for terminating user's existing ability to IP-edit. If the Foundation thinks it would be harmful to prevent users from contributing without registering, the Foundation cannot deploy masked editing. If the Foundation thinks it would be harmful to prevent users from contributing without registering, then the Foundation is (or should be) well aware that it would be a disruptive waste of time and money to build a masked editing system that cannot/should_not/will_not be deployed. Alsee (talk) 16:25, 17 November 2019 (UTC)

identification from external web sites[edit]

Also did you consider openID login? Or with facebook, github, twitter, mastodon, or another external site?

Best regards, --Gryllida 00:01, 6 August 2019 (UTC)

Now, this is something that may make sense. --Dirk Beetstra T C (en: U, T) 06:12, 6 August 2019 (UTC)
I think that there were concerns about this sort of thing on the following fronts:
  1. Partnership with big corporate tech giants.
  2. Privacy/doxxing concerns about linking Wikipedia identities to real life identities
  3. Privacy concerns about the data the tech giants want back in such arrangements
  4. Our commitment to open source software
WereSpielChequers (talk) 05:03, 7 August 2019 (UTC)
The WMF already has partnerships with "big corporatetech giants". Google and Facebook and Amazon are big donors as well as big consumers of Wikipedia information. OAuth and OpenID are both open standards, by the way. I would be very interested in learning more about "data the tech giants want back in such arrangements". Bitter Oil (talk) 22:24, 8 August 2019 (UTC)

I support this. Autoblocks and IP blocks would still be a thing so "whack-a-mole" is not the case, and would make it a lot easier to identify who made what edits. Or...maybe all IP edits could be pending changes? Computer Fizz (talk) 18:25, 13 August 2019 (UTC)
It could be an option, but it should not be required. Facebook, Twitter, etc are not accessible everywhere Wikipedia is. PCHS-NJROTC (talk) 18:34, 8 September 2019 (UTC)

IP editing is the opposite of anonymous[edit]

This has been well-known for a long time. When you edit under an account, you're as anonymous as you want to be, at least to the public face of Wikipedia (users with Checkuser have more visibility, but not a lot). When you edit logged out, your IP address is revealed every time you make an edit. If it's the goal of the WMF to better secure anonymous editors' IP addresses (which they should, we're years behind the times here) disabling IP editing is the simplest approach.

But we want people to be able to edit anonymously, without jumping through the hurdle of creating an account, right? It's one of our fundamental principles that anyone can edit. Well, that's easy too. The social network Whisper is designed to be fully anonymous, and they do something like this: when you install the app and make a first post, an account is automatically generated with a human-readable name (I'm pretty sure they just pick two random dictionary words and mash them together) and that account is linked to your device. No login, no choosing a name or generating a password, nothing to remember at all. Wikipedia should be easily able to do the same: when someone wants to edit but doesn't have an account, we just randomly make one up and assign it to them for that session. If they edit a bit and decide they want to keep that account (to use later, for posterity, whatever) we give them the option of actually creating a proper account under that name, or rename it to a different permanent name if they want (and the name is available). If not, when their session expires the account becomes inaccessible because there's no way to log in to it, pretty much the same as when a dynamic IP is reassigned. We of course log the IP address and make it available to checkusers for abuse management, the same way we log all account contributions now, but that log is effectively hidden to the vast majority of users and access is pretty tightly controlled.

Yes, it makes some forms of abuse detection marginally more difficult, but that is going to be a thing with IP addresses hidden no matter what way we do it. The "temporary" account's IP is still available to the software so we can still do things like autoblocking an account's underlying IP (so new "temporary" accounts can't be created for the duration of the block) and checkusers could still disable account creation on problematic IPs and ranges. Yeah it's some technical work but that seems to be why we're here. Ivanvector (talk) 16:13, 22 August 2019 (UTC)

This doesn't solve the problem that of 934 projects, only 36 have checkusers. GMGtalk 17:31, 22 August 2019 (UTC)
And that even on en-wiki, only a couple of dozen are Checkusers, and half are Arbs who rarely exercise it day to day. And they're busy with just the current style of sock investigations atm. Nosebagbear (talk) 18:09, 22 August 2019 (UTC)
Yes, it makes some forms of abuse detection marginally more difficult, but that is going to be a thing with IP addresses hidden no matter what way we do it. Or, speaking as a former enwiki checkuser, you're making that out to be a much bigger problem than it actually is. Ivanvector (talk) 13:39, 23 August 2019 (UTC)
Removing wholesale the ability for 96% of our projects to issue range blocks is hardly a trivial matter. GMGtalk 13:53, 23 August 2019 (UTC)

Very Good potential[edit]

If the alternatives are implemented I think the system will work much more efficiently. I hope things as I understand them have the following potential functionality

  1. CU's could be made publicly between registered and unregistered users, since no personal information will be revealed. A lot of disruption can be handled better this way IMO.
  2. If the generated usernames are more persistent than dynamic IPs, a lot of silly & "unprofessional" vandalism won't happen. "Professionals" will always find the way around.
  3. If a computer based username is generated, school or institutional vandalism won't prevent constructive edits from the same IP. It would be nice for this usernames to have a pattern e.g. XXXXXXX PC-YYYY
  4. Bias against IP edits will decline
  5. IPv6 is more confusing to the human eye than a readable autocreated username, and much harder to unassisted patern recognition, provided that the autocreating username system will assing some kind of ISP patterns.
  6. A faster global contributions tool (as fast as CentralAuth)

I think it's worth a try. —Ah3kal (talk) 02:30, 26 September 2019 (UTC)

@Ah3kal: Your comment makes sense, however, I fail to see how the masked IP info will help us in finding socks, if sock_1 is editing from masked_IP_1 and sock_2 is editing from masked_IP_2 then only the real underlying IPs will show that they are in close IP proximity (say within a /24), which is still invisible. The only positive match may be if sock_2 happens to use masked_IP_1 which we then recognize as maybe being the same editor (just purely based on that info).
But spam coming from masked_IP_1, masked_IP_2, and masked_IP_3 now would make me block the three masks, whereas if I now that the three underlying IPs would be totally unrelated (as now would be possible) I would just plainly blacklist the spam (no need to block 3 complete ranges to stop the spammer). However, if I know that it is just IPs in a /24 spamming, I might consider to just block the range. --Dirk Beetstra T C (en: U, T) 11:52, 26 September 2019 (UTC)
Beetstra It is very much possible to build a tool that tells you if the accounts are editing from a close-range. In fact we could even make it easy to find accounts that are editing from close proximity (IP wise) to a given account. These are things that could be handled by the computer without users having to worry about the IPs and knowing what IPs mean and how they work to understand which ranges to block. -- NKohli (WMF) (talk) 22:25, 4 October 2019 (UTC)
@NKohli (WMF): such tools should have been available for years already. I would even go as far as saying that if WMF would have taken up those problems and have properly connected with what the editing community actually needs we would not have ended up with this totally absurd proposal. WMF is approaching things from the wrong side. (I thought I was commenting on Talk:Office actions/Community consultation on partial and temporary office actions/09 2019‎). You would have gathered much, much more support for this idea if that type of problems were finally solved before suggesting this. —Dirk Beetstra T C (en: U, T) 06:12, 5 October 2019 (UTC)
There are several quite promising ways to identify socks, but it is pretty hard to get anything done because it is an uphill battle against users that fear any form of changes. We can do network timing analysis, we can do route analysis, we can fingerprint the source, we can fingerprint the targets, we can do timing analysis on the edits, and probably a whole bunch of methods I don't know about. And not to forget, the most obvious one, starting to use verified accounts. — Jeblad 11:30, 9 October 2019 (UTC)
To me, something as simple as a AbuseFilter from which only the CheckUsers can see the results that besides the on-wiki fingerprint filters also has capability to check IP ranges that the user is using, and similar data that CheckUSers can see would be great. I even don't know if the CheckUser extension has received a major upgrade over the last 10 years, or that it has been neglected like some other extensions. --Dirk Beetstra T C (en: U, T) 11:58, 9 October 2019 (UTC)
It hasn't seen a lot of development (but we're working on that right now). /Johan (WMF) (talk) 12:00, 9 October 2019 (UTC)
@Johan (WMF): mw:Anti-Harassment Tools?? What about the 10 year old bugs? --Dirk Beetstra T C (en: U, T) 12:42, 9 October 2019 (UTC)
We're looking at generally working on these tools, not just some CU improvements. But as mentioned above, we don't have a plan for exactly what yet, so we've just picked one place to start in order to not let development lie untouched while we figure out the needs and workflows across various wikis. This is not a short project that'll be done by the end of the year. /Johan (WMF) (talk) 13:22, 9 October 2019 (UTC)
Also, we don't want to be secretly working towards a goal without telling people what we're aiming at. /Johan (WMF) (talk) 10:47, 10 October 2019 (UTC)

Basically we want to have a persistent ID associated with a single individual / entity. IP addresses do this poorly as they change / are so easy to change. If this proposal results in a more persistent link between IDs and individuals than we may be better off than we are currently from a vandalism point of view. Doc James (talk · contribs · email) 04:24, 22 October 2019 (UTC)

User:Doc James raises an excellent point in that IP addresses and IP ranges do jack to identify an individual in 2019. I am a CheckUser on another wiki, and it is impossible to stop someone editing from AT&T Mobility, T-Mobile USA, Cellco Partnership DBA Verizon Wireless, and Sprint (insert city name here) POP without causing serious collateral damage, and abuse reports to at least the former two do screw-all due to carrier-grade NATing (T-Mobile actually sent me a personal reply stating that they could not identify a very persistent and nasty troll I complained about due to "network infrastructure"). CheckUser provides the OS, browser, and sometimes device model used by editors, which can be handy for connecting sneaky sockpuppets created by someone with an uncommon phone or OS (that's come in handy twice for me), but this information is useless when an abuser is using Safari on an iPhone 7 or Mozilla Firefox on a Windows 10 PC, for example. Seeing first hand how easy it is to evade blocks and bans with so many networks at the average internet users' disposal, long-term blocks that cause collateral damage cause me to shake my head. Sysops on the English Wikipedia will softblock ranges representing hundreds of thousands of people only for the person they are trying to stop to go to Starbucks, Dunkin Donuts, or even a hospital to continue the carnage. There has to be a better way. PCHS-NJROTC (talk) 02:53, 19 December 2019 (UTC)

Update: October 4, 2019[edit]

Hello! Thank you everyone for your continued engagement and feedback on this page. I’m here to present an update on this project.

CheckUser improvements[edit]

As mentioned previously, our foremost goal is to improve our existing anti-vandalism tools and to that effect, the Anti-Harassment Tools team will be kicking off work on making (long-overdue) improvements to CheckUser extension. We have been conducting a series of user interviews with Checkusers and stewards to understand their workflows with the tool at present. Based on that research, we have come up with an initial list of proposed improvements we can make to remove some of the biggest pain points. I welcome you to visit the project page and provide your feedback on the talk page.

Research about usefulness of IP edits[edit]

As promised in my last update, we have gathered some data about how many IP edits our projects received over the last year and how many of those were reverted, revdeleted or the IP address was subsequently blocked. The compiled data can be found on the Research page.

We have not seen any major trends in the data except for the fact that majority of IP edits are kept on the wikis and are not reverted or revdeleted. That does not, however, tell us anything about the quality of the content contributed by IP editors. Qualitatively measuring the content contribution is a much bigger task and we are not sure if there is a good way to do it, besides manually looking at incoming IP edits.

Since we don’t yet have an accurate picture of what will happen if IP edits are disabled on a wiki, we are willing to run an experiment to see what the effects of doing a small, targeted intervention to could be. This doesn’t necessarily have to exclude all IP edits. We could selectively prohibit IP edits to certain namespace(s) and see what the effects are. We would like to hear your thoughts about this and if you are interested, we are looking for a small wiki to collaborate with for this experiment.

I will also take this opportunity to thank Benjamin Mako Hill and his team of researchers for putting together a page to showcase the prior research done on this topic. It has been very informative.

Lastly, I’m sorry if we have missed responding to a question raised on this talk page - there is a lot of discussion and sometimes things slip through the cracks. Thank you. -- NKohli (WMF) (talk) 22:36, 4 October 2019 (UTC)

Experimenting around what sort of effect limiting IP editing would have would be useful. With browsers like Chrome remembering all your passwords, registration is less of a barrier than it used to be.
Having a pop up appear after one hits "publish", when they are not logged in to inform them about this would be a good initial measure. This will likely decrease editing by IPs aswell... Doc James (talk · contribs · email) 06:21, 18 October 2019 (UTC)
@Doc James: - I get distinctly concerned at making life awkward for a large subset of our editors in order to encourage them to sign up. It would however cover aspect 1 of your comment well. Perhaps have it once per session, with a session ID to remember it until they closed the tab? Nosebagbear (talk) 18:14, 22 October 2019 (UTC)
Yes could be decreased to once per session... Doc James (talk · contribs · email) 09:06, 25 October 2019 (UTC)

I am always wondering whether it really would be so different. Yes, an editor under IP is now a very good editor, they would also be a very good editor if they were editing logged in. Would really all of those long-term IP editors walk away if they have to make an account? I doubt it, but yes, a few would. But that is also true for editors who already take the situation serious and make an account. Many IPs make a throwaway account and make good edits and are never seen again. You will only lose the few editors who REALLY insist that they do not want to make an account and want to edit as an IP. I really wonder if Facebook would ever worry about the fact that there are editors who do not want to make an account but want to post as an IP. I don't buy the 'but we have also IPs who do not vandalise' argument .. --Dirk Beetstra T C (en: U, T) 10:01, 25 October 2019 (UTC)

This is completely anecdotal, of course, but to give an example of what one could be afraid of: as my normal, volunteer self, I edited almost exclusively as an IP user for four years before I started logging in. The reason I became a Wikimedian is that the barrier to entry was so low that I could help out without any investment – until I became invested, and started using the account I had registered a few years earlier. I would not have become invested if IP editing had not been an option, because I wouldn't have bothered. It wasn't important for me to fix the things I fixed, it was easy. If we look at the long-term IP editors, we might be focusing too late in the chain of events, because the harm we could cause is to the people who aren't yet invested but could become because editing is easy. /Johan (WMF) (talk) 02:57, 1 November 2019 (UTC)
yes, as we know one reason wikipedia prevailed over other online encyclopedia projects was that it had the lowest barriers to entry. Almost Wikipedia: What Eight Collaborative Encyclopedia Projects Reveal About Mechanisms of Collective Action to the extent you continue to raise barriers to entry, you will contribute to editor plateau, and impact the growth of quality content. "would those admins really leave if we banned one, or took away ip surveillance? i doubt it, but a few would." Slowking4 (talk) 15:34, 4 November 2019 (UTC)
@Johan (WMF): If this is really such an issue, why hasn't the foundation or someone done something about these administrators on the English Wikipedia who keep blocking hundreds of thousands of people to stop middle school students from writing "poop" on articles. I'm talking about blocks like this, this], this, etc. The low barriers to entry is also how I became a Wikimedian. It started when I was a 15-year-old high school student (hence the username) editing from my home IP, and I can assure you I wouldn't have went to the effort of requesting an account, as many of the proponents of these asinine blocks on schools (and other institutions) propose good-faith editors from these ranges do. Ironically, I frequently see vandalism reverted by people editing from school IPs, something that cannot happen if the editor in question is greeted with "log in to edit." Administrators claim that these ranges "persistently vandalize" but I'm pretty sure most of the vandalism is just kids being kids rather than one or two people hopping all over these ranges to terrorize Wikipedia, and the administrators doing these blocks are just taking the easy way out at the expense of the more mature student or staff member who could eventually become a Foundation employee like you as a result of that first edit from the school/company computer. If nothing else comes of all of this, perhaps the Foundation should consider software changes to limit the length of rangeblocks to one month intervals and limit the length of IP blocks to three month intervals. PCHS-NJROTC (talk) 03:25, 19 December 2019 (UTC)
Or become the best thing one can become – a Wikimedian, generally. I consider myself useful to the projects mainly in my volunteer role. (:
I understand your concerns and frustrations, and one of the main uses of better blocking tools is to block exactly as much as is needed, but not more – Community health initiative/Partial blocks has a lot of potential there, I think – but we need to acknowledge that the vandal-fighting expertise lies within the communities. This lies outside the remit of this project, and whereas it's not for me to decide, I can't see the Foundation technically limiting this against the wishes of the community.
My home community has decided never to block know school IPs beyond the extent of the school year, which is working well for us and making sure we don't indefinitely block schools, but any changes around this on English Wikipedia would have to be an English Wikipedia decision. /Johan (WMF) (talk) 10:51, 19 December 2019 (UTC)

Research on the value of IP Editing currently says "A major theme of community responses to that proposal are suggestions to disallow contributions from users without accounts". That is either a serious misunderstanding or mispresentation of the community response here. There is a longstanding community consensus supporting editing by users without accounts. While there is of course some dissent from that consensus, it is (or it was) an effectively dead issue.

The theme of community responses is opposed to masked editing, and that the community can and almost certainly will block masked editing. NKohli (WMF), or anyone else on this project, do you disagree with my assessment of the community response? Can I get a more meaningful update? Does the Foundation still a plan to build a system to mask IPs, given that masked-edits will almost certainly not be allowed? Does the Foundation still intend to work towards terminating IP-editing (converting it into masked-edits), given that Foundation would be terminating the existing ability of those users to edit without making an account? Alsee (talk) 18:23, 8 November 2019 (UTC)

@Alsee: Regarding the issue of disallowing edits from unregistered users - that is something that has come up on this talk page quite a few times and the purpose of that research page was to gather some data to get everyone on the same page about how unregistered users contribute to the projects. We have no intention of terminating the ability of our users to edit without an account if the community does not want that.
As for this project, we are grateful for all replies we are receiving on this and related project pages. We are not making any assessments or decisions yet. We have barely had time to gather ideas since Wikimania. Our team plans to work on improving anti-vandalism tooling over the next few months and we are kicking off this work by making improvements to Checkuser and meanwhile plan our next projects. There are lots of things we don't know yet and hence I can't comment on those. Thanks for your understanding. -- NKohli (WMF) (talk) 05:15, 12 November 2019 (UTC)
@Alsee: I read the entire discussion and do not feel that the sentence was a misrepresentation. Blocking IP editing is a description of one theme that was raised. The section "Simpler solution - turn off IP editing" is one example but the idea is discussed positively in many other sections as well. It's not the only response, and probably not even the most important one, but it is one major theme of community responses to the proposal. More importantly, NKohli (WMF) is considering this option very seriously. I agree with you completely that this suggestion goes against a long-standing community consensus and the outcomes of many discussions over many years. I also think a large body of evidence suggests that consensus is empirically justified. —mako 20:37, 14 November 2019 (UTC)
Benjamin Mako Hill I stand by my comment, you misunderstood the community response. For example in the section you cited, Simpler solution - turn off IP editing, the author of the section says in their second comment that they believe the Foundation will not permit retaining-IP-editing as an option. The author opened that section explicitly to present an argument between two options (1) building masking vs (2) not building masking. More specifically, they argue that not-building-masking would be would be simpler and cheaper and less disruptive than building masking.
The discussion on this page is in response to the masking proposal. To the extent this page contains any debate of pros and cons of contributions-without-an-account independent of masking, it's an irrelevant distraction. That topic is old and thoroughly resolved. That topic has a tombstone is English Wikipedia's Perennial proposals graveyard for zombie topics. The Perennial proposal page exists specifically for topics that we consider a waste of time to discuss anymore. Community consensus is approximately 2-to-1 in favor of contributions-without-an-account. That consensus has been clear and stable for years. That consensus is expected to remain clear and stable... unless the Foundation does something like trying to push masked editing. The Perennial proposal page well summarizes the result of (excessive) past discussion of the topic:
A large portion of our good edits come from IP addresses;[1][2] positive experiences with initial IP edits lead users to create accounts who otherwise would not do so; software features disabling IPs from creating new articles or editing semiprotected ones are sufficient. According to Jimbo Wales, "what is commonly called 'anonymous' editing is not particularly anonymous ... and there are good reasons to want vandals on IP numbers instead of accounts". While about 97% of vandalism comes from anonymous users, about 76% or 82% of anonymous edits are intended to improve the encyclopedia. (Prohibiting IP edits would not eliminate 97% of all vandalism, because those inclined to vandalize could easily take the 10 seconds to register.) The ability of anyone to edit articles without registering is a Foundation issue.
Alsee (talk) 22:22, 15 November 2019 (UTC)
Benjamin Mako Hill to clarify, I'm saying it is not a major theme. I am saying it's not even a significant theme. I'm saying it's a tangential and irrelevant topic. NKohli (WMF), I am saying that you are making a mistake taking this topic seriously. I'm saying that producing Research on the value of IP Editing was not relevant or helpful to the discussion on this page. The fact that the report was produced and presented here is a warning sign that the team is misunderstanding/mishandling community engagement on this project.
There have been very good improvement in communication and engagement between the Foundation and the community recently. However that improvement is absent from this page. The team here has been either been non-responsive or evasive to too many community questions. There are too many warning signs that this project is repeating the mistakes of past failed projects. Alsee (talk) 00:10, 16 November 2019 (UTC)

December 6, 2019[edit]

Hey everyone – this is mainly to tell you we're not ignoring things here. Thanks a lot for all the feedback. While we're working on the checkuser tools, we're also considering all the discussions we've had here (and elsewhere). In a couple of weeks we're moving into the holiday season for most people at the Foundation; we'll be back properly in January with more thoughts. /Johan (WMF) (talk) 07:06, 6 December 2019 (UTC)

More thoughts? Why are there more thoughts to the near-unanimous consensus to not implement this? This should be archived by now. Computer Fizz (talk) 17:23, 25 December 2019 (UTC)
(Anyone interested in the reply to this, see Talk:IP Editing: Privacy Enhancement and Abuse Mitigation/Improving tools#Take no for an answer, where this discussion is currently taking place. /Johan (WMF) (talk) 18:36, 23 January 2020 (UTC))

Clean start?[edit]

There needs to be some way to implement a clean start. A logged-in user has the ability to abandon an account and create a new one (with the constraints of policies about socking, etc). Likewise, an anonymous user should have the same ability. I don't know how you differentiate between a legitimate clean start and just plain evasion. RoySmith (talk) 00:03, 18 December 2019 (UTC)

Beyond switching to a new IP, you mean? /Johan (WMF) (talk) 10:55, 19 December 2019 (UTC)

Tools for improving current workflows[edit]

Hi all! Over the past few months we’ve been collecting existing use cases for IP addresses and brainstorming ideas for tools that can improve upon our existing workflows that involve IP addresses. A lot of work is involved a number of the current processes. Hence we came up with several ideas for tools that can automate some of necessary work and empower users to focus on the things that computers cannot take care of. This includes things like automatically fetching information about an IP address without needing a search engine and also automating some of the steps to find IP editors editing in proximity to a given IP editor or exhibiting similar behaviors. Our goal is to help save time for the communities, rather than add more work. We have put out these ideas on the Improving tools page. We would love to hear your thoughts about these on the talk page. Thanks in advance. -- NKohli (WMF) (talk) 05:13, 14 January 2020 (UTC)

@NickK, MER-C, Someguy1221, SQL, Ruthven, Doc James, ChristianKl, Arthur Rubin, Ah3kal, Pelagic, and Nick-D: - Pinging some folks who have chimed in about tools earlier on this page. Your thoughts on the ideas put forth on improving tools would be very valuable. Thanks for your time. -- NKohli (WMF) (talk) 22:31, 17 January 2020 (UTC)
@NKohli (WMF): Thanks for the ping. There is one argument in your statement that does not get any answer: It takes significant time and effort for new users to get accustomed to using IP addresses for blocking and filtering purposes.. None of these tools really improves it. Replacing a set of digits with a set of digits 12345 simplifies nothing, it is still a set of numbers that don’t make sense (just not seemingly random but really random). However, for those who know how to use IPs it is more complex — NickK (talk) 13:46, 18 January 2020 (UTC)
@NKohli (WMF): Off the cuff? Being able to search UA's in the checkuser tool. It's already something we use (a common first step is to control-f part of the UA). Being baked in would be a huge help. Access to more browser headers. Being able to search those browser headers. SQLQuery me! 08:40, 21 January 2020 (UTC)
"Our goal is to help save time for the communities, rather than add more work" I would be more confident into that being your goals if it would be listed as in the goals of the project. Currently, those goals don't list anything about making it easier for admins to do their job then it's at the status quo. ChristianKl❫ 16:58, 20 January 2020 (UTC)
The main goal for this project is to get better at protecting unregistered user privacy, obviously. Because important workflows depend on that information, we need to do further development, at least going for status quo in how much time they consume, but definitely aiming to make it easier than it is today as opposed to harder. Does that make sense? I mean, "hide IPs" is not going to have "make it easier to fight vandalism, harassment and spam" as the main goal, but "better tools to fight vandalism, harassment and spam" is a necessary part of it and this would describe our goal for that. /Johan (WMF) (talk) 18:15, 20 January 2020 (UTC)
I don't speak for anyone but myself, but, unless the tools, without access to the IP addresses, make vandal-fighting easier than no tools, but with access to the IP addresses, IP masking should not be implemented. That seems a minimal metric to determining whether the tools goal has been met. — Arthur Rubin T C (en: U, T) 22:10, 21 January 2020 (UTC)