Feature requests/Cookies, logins, and privacy

From Wikipedia

< Feature requests

HomePage | Recent changes | View source | Discuss this page | Page history | Log in |

Printable version | Disclaimers | Privacy policy

/Cookies, logins, and privacy

  • In addition, given that the certain cookies have stopped working, can't I have a "log in" to confirm my id? Everytime I hit "preferences" otherwise, I get a new user ID.
  • I noticed last weekend that I can set my ID in Preferences to anybody else's, certainly, if they are not using it. I would not care if people had mutlyiple IDs. But, I do see a problem in my setting my ID to, say Larry Sanger and entering content all over which will wrongly be identified as his in recent changes. And possibly elsewhere. RoseParks
    • There is a secure user-ID already--it is the "User ID number" shown on the Preferences page. If you are using recent versions of MSIE or Netscape you can see the ID number and the IP address by moving the mouse over the user name. (A popup saying something like "ID 1622 from 165.79.13.xxx" should appear.) It should be non-trivial for anyone else to use that ID number, since it protected by a random number in the user's cookie (which is compared with a copy on the server). Eventually a more conventional username/password combination may become an option, but this is unlikely to happen soon. --CliffordAdams (or somebody with ID 1675 :-)
    • I second the request for a more conventional username/password combination. This is one thing necessary to make the website fully scaleable. --LMS
  • The ".xxx" bit in dynamic IP addresses is commendable, but is there a way to do something similar for people logging in from institutions with static IP addresses ending in letters? The last one I saw listed the entire address. Certainly anyone with a static IP should have a firewall, but I think we've seen enough mischievous people wander through that the precaution of masking the IP still has merit. And no that's not a rhetorical question, as I'll be logging on from a static IP starting in early June 2002. --KQ

I'm not sure "privacy" is a good thing here. The price one pays for freedom is accountability: anyone should be able to edit anything, but I don't think they should be able to do so without being identified (at least with their chosen pseudonym--they can still hide behind whatever anonymity their Internet connection gives them). When I find some vandalism, for example, I look back in the Recent Changes list for that same IP and check those pages--I usually find more. Likewise, when I get to know certain posters, I get to know what might be interesting or important to read. If someone is concerned about privacy, that's his problem, and he should take the burden of using software to anonymize himself (and there's plenty of software available to do that). --LDC


  • I, for one, do not care about anonymity here, but pseudonymity would be fine. We almost have the latter with userids, were it not for the "from IP-Address" misfeature. LDC, if you know that userid 715 broke a page, is it really harder to find all other pages touched by them without knowing three octets of their IP? The main use I see for that is correlating pseudonyms to realnames, which is mainly useful for prosecution (I don't assume that we want to criminalize WikiVandals, though), or ... direct marketing. --Robbe

I think you've misunderstood. What I'm talking about specifically is not having the entire static IP address shown of someone logging in from an address ending in letters. All it would take is to .xxx a portion of it so that the firewall is not constantly fending off requests. This is the same courtesy already extended to people logging in from any IP address ending in numerals. My concern for it stems from the fact that it identifies where the person works or attends school, which if you'll pardon my saying so, is not necessarily anyone's business. If it's not workable then you can expect to have me not continue contributing. --KQ

I usually use a static IP, but Recent Changes (hover over my name) only shows a masked IP, not my domain. Did you see this on the main Wikipedia, or one of the internationals? UseModWiki can turn off name lookup, and I'd assumed from the RC display that it was turned off.

You're asking that mybox.frobnuts.com be masked as mybox.xxx.xxx, (which is a domain name rather than an ip address, to be unnecessarily picky) so that FrobNuts's network (thus their firewall) won't be identifiable?

Even the current method really doesn't provide that level of protection, or much privacy of any kind beyond a casual glance. For example, 111.222.333.444 would display as "111.222.333.xxx", and thus "hide" a specific host, but the network can likely still be identified via a simple whois lookup on "111.222.333". With my usual IP address, the two leading numbers are sufficient to tell you where I'm logged in from; you don't even need the third one. In general, only a residential poster would have some anonymity, simply because the ip address (whether static or dynamic) usually maps back to the ISP, not a specific business or school.

To achieve the equivalent level of privacy you're asking for, even the ip addresses should be masked as xxx.xxx.xxx.444 rather than as they are now. --loh

I second the reverse masking of the IP addresses--it still allows identification, but not by geography, etc. Though you'd probably need more than just the last three to make people in dynamic IP networks id'able. eh. no perfect answer. -- TheCunctator

Interesting. I don't remember if it was on the English wikipedia or the Spanish one; it's been some months past. I had two concerns; one was indeed not giving the entire IP address (or domain name); the other was not revealing immediately where contributors post from, leaving it instead to their own discretion. I haven't seen it again; but if it was originally from the Spanish wikipedia that would be because I've contributed nearly all I can in Spanish. :-) I expect that I'll try it from another computer to see how it displays and will be using anonymizer or somesuch if it's not to my satisfaction. Thanks..