Some argue that this wiki should allow for editing without the creation of an account — also known as anonymous editing. Others argue for something even stronger: a public accounts that don't have an IP addresses publicly visible, as all wiki user's IP Addresses are publicly viewable.
Empirical Studies done on the quality of anonymous wikipedia editing:
- Dartmouth: "We find that quality is associated with contributor motivations, but in a surprisingly inconsistent way. Registered users' quality increases with more contributions, consistent with the idea of participants motivated by reputation and commitment to the Wikipedia community. Surprisingly, however, we find the highest quality from the vast numbers of anonymous "Good Samaritans" who contribute only once. Our findings that Good Samaritans as well as committed "zealots" contribute high quality content to Wikipedia suggest that it is the quantity as well as the quality of contributors that positively affects the quality of open source production."
Keep in mind that Wikipedia and the Daviswiki have different goals, abuse policies, point of view policies, and possibilities of daily real world confrontations. Plus, Wikipedia users do not typically give out their real names. Also, there's a difference in maintaining anonymity intentionally and simply taking advantage of the ease of editing without logging in. The report in question discusses the latter. As a result this study does not directly apply to DavisWiki, as there are no anonymous editors that aren't accountable... i.e., the study assumes a registered user with no personal information is a non-anonymous user. By that definition, no DavisWiki editors have ever been anonymous. Anonymity and accountability are two very different things.
- So if this study isn't comparable to us, and doesn't apply directly, why keep it on the page? All these points above are about the differences between situations and how it isn't the same, though it may or may not be true due to those differences. Since this page is specifically about DavisWiki/Wikispot anonymity, I don't think this section adds anything to the page, especially with what it's followed with. I vote delete. It is poor quality/poor worth empirical data (for this page). -ES
The argument in favor for anonymous (no-login required) editing is that it lowers the barrier to entry, and has the potential to widen the base of editors and edits in general. The idea behind wiki is that quality is proportional to the number of people using it and the easier it is to quickly edit the better. Even the few moments required to create an account (or to log in from another machine) could be spent to correct a spelling issue or formatting problem. Dedicated editors will always clean up messy crud, which can be contributed by someone even if they create an account to log in with.
Historically wikis operate in this no-login required fashion. We have seen the creation of many one-time spam accounts, joke accounts, and accounts such as DavisWikiGnome that are used just to avoid identity. If someone is dedicated to being anonymous, they will find a way to be such regardless of whether an account is required or not. If someone wants to spam or be messy they can do that with an account as well. Making logins not required for editing just makes this process easier for everyone. Good-willed editors who wish to simply correct something without creating an account or logging in will do so quicker, mean people will make mean comments quicker, nice people will delete said mean comments faster — it's all one big circle.
The argument against anonymous (no-login required) editing is that it decreases accountability and encourages individuals to avoid creating an identity — even if that identity is a pseudonym. By creating identities we increase our accountability and recognizability on the wiki. There is also a likelihood that more wiki spam will come about if editing is easier. With anonymity comes a lack of accountability.
Creating an account here is also particularly easy. The lack of anonymous edits contributes to a slightly higher quality. What we've been doing has been working rather well for us for so long, so why change? It would be really easy for a conniving restaurant owner to tell fibs such as, "I found a band-aid in my food at <competitor x>." That possibility really lowers the integrity of the information on the wiki.
In a talk recently psychologist Larry Jacoby gave an analogy thats fitting here. A factory can put out a good products by (1) having the production machinery work near perfectly so it doesn't produce defective products or (2) having lots of quality control specialists throwing out defective products before they hit the market. What hits the stores is the same, but the burden of efficiency is displaced differently. Wiki people tend to be busy people, and I'd prefer a lack of anonymity to having to clean up other people's messes.
Anonymous editing on the wiki
2005-05-02 14:52:39 Every website logs your IP. The Wiki is open enough to level the playing field so everybody has access to that information. Open is better. There is no validation of user information when you signup, and the only consequence of false information is a bit less respect if you don't use your common name. (And dammit, now my SO is calling me JabberWiki). —JabberWokky
Yeah, every website logs your IP, but not every website displays it publicly. —ArlenAbraham
2005-05-02 15:13:03 I see no problem with the way things are now and if you think the wiki is violating your privacy rights then you are unfamiliar with how much every website knows about you. The wiki works off of communal trust. There is the practical reason to allow anonymous editing: It's quicker than logging in. But, interestingly, it also opens up to a lot of automated spam-bot attacks. For the reason that editing a page is just that much faster I would perhaps support no-account usage. But having 'anonymous' accounts where the IP is not logged seems misguided. Wikipedia and every other wiki on the planet logs anonymous IPs and displays them prominently instead of usernames. From a practical point of view, we are all basically using a couple of IP subnets here in Davis, and if you wanted to you could easily obtain privacy by posting something from one of the many public places. Hiding the IPs is just an illusion of privacy. Imagine the situation in which someone posts something terribly libelous or some jerk decides to automatically delete every page in the wiki. Then many would want me to try and cross-reference that IP with some others in my logs and figure out who it is. Logging everything and being public about everything allows me to be free from having to make that kind of call, ever. —PhilipNeustrom
My concern wasn't so much about the IPs as just having an anonaccount in general (that would require login). the ip thing was just a side note. —ArlenAbraham
That seems to be taking away the biggest advantage to anonymous editing: Not having to log in? I often edit wikipedia because I will be reading it, quickly, and will just press edit, make a correction, then press save. If quick editing via non-accounts is really wanted, I can turn it on. I had discussed this pretty early on and it seemed like no one really cared and it would create the environment where nobody would make an account or log in?
2005-05-02 15:51:05 Anonymous editing is absolutely asking for trouble. (trouble, here should be spelled S-P-A-M-M-E-R-S. having a login but publicizing it on the site won't stop them) —KenBloom
2005-05-02 15:54:57 The fact that this wiki didn't open with anon edits, makes it lame. —KennethWaters
The only reason for that is because practically every wiki I'd seen was getting hammered by spam bots at the time we opened up. My friends in berkeley were having a serious spam bot issue, and when they turned off anonymous editing they found the issue to drop down significantly.
Wikipedia.org, QED Besides, there are plenty of reasons to instate "captcha"s.
I agree. Do you happen to know of a good captcha? It seems they are all readily broken.
Umm the LJ captcha is open source and has not been broken, besides if someone is going to take the time to taylor a bot to this wiki it's not going to matter. I bet I could enter captcha solutions by hand nearly as fast as the server can receive updates (although mod-python has made it faster). Besides anyone can spam from a registered account ala RobertMorris. —kw
Rebuttal: Your face is lame. —TravisGrathwell
2005-05-02 15:55:05 I like it the way it is. Anons annoy me. —JackHaskel
2005-05-02 15:57:11 I think the word you want is " y'all's ", Arlen. Also, it's not like its hard to make a troll. Not that I would ever do that ;) —BrentLaabs
2005-05-02 17:12:01 the anonymous account idea sounds terribly misguided. —KrisFricke
2005-05-02 17:16:00 Please, no anonymous editing. What we have has been working way too well to abandon it. —MikeIvanov
2005-05-03 12:06:03 d00d, you have to register an account to look at newspapers online. Creating an account here is particularly easy. I think the lack of anonymous edits contributes to a slightly higher quality. Besides, we are the most successful local wiki in the world, so it must not be that hard for people to join up. —BrentLaabs
2005-05-03 12:18:43 who says we are the most successful? —GeorgeLewis
We may very well be. Do you know of others? —MikeIvanov
IP Addresses on the wiki
The wiki should display a hash of the users IP address + some secret data to make reversing the hash hard. (i.e. 192.168.1.1 becomes e568dcd0a1568334c309858f4145529f798fcb58) The following bit of code is great for mining the current setup (Works in bash):
wget -O - -q http://www.daviswiki.org/Recent_Changes |\ tr \; \\n |\ grep rceditor|\ perl -pe '/<span\ class=\"rceditor\"><span\ title=\"(\d+\.\d+\.\d+\.\d+)\">(<a href=\"\/\w+\">)?([^<]+)(<\/a>)?/;print "$2 $1\n";' |\ grep -v class |\ egrep '[0-9]' |\ sort -uThe above code produces the following type of output:
172.24.15.92 <a href="/Bob"> 192.168.80.82 <a href="/Bob"> 172.18.102.99 <a href="/Sally"> 10.192.131.6This is listing the ip addresses of edits appearing on the Recent Changes page: where 172.24.15.92 represents the ip address of an edit made by a user without a personal page; the user Bob made edits from ip addresses 192.168.80.82 and 172.18.102.99; and Sally made an edit from the ip address 10.192.131.6 The problem is the wiki is keeping history of your name and IP address forever, and anyone who wanted to could get your IP from some other activity could spider daviswiki to find if anyone has made edits from that IP, and know who they are. Yesterday I placed an image on my Wiki page that is located on my website. This has allowed me to see that at least the following people (NAT, proxies, and people sharing computers may have caused an error or two.) have visited my wiki page since then:
- CarlMcCabe — Rubbish! I never looked at anything. I'm innocent!
- Last night (09/26/05) at 8:31 pm from a Windows XP system running Mozilla 1.7.11. Or someone with the same browser and IP address as you.
- I was, um... washing dishes at 8:31. Yes, washing dishes! It couldn't have been me. No way!
- There is no way it was me. I was at somebody else's house during the six minutes you had your offsite picture link on, I don't remember looking at the Wiki, and they have a totally different ISP from me anyway. Maybe it was somebody else at my house. I'm also curious how you map an ip back to a wiki username? Have you been collecting a username-to-ip map? You could use Perl or something to extract that from Recent Changes or info pages. There is still the more general problem of a wiki member being on a different IP or a nonmember, but reader, being on the same IP.-NickSchmalenberger
- You are on the same IP address as several other users, looks like that IP Omsoft's squid proxy. I am mapping by using the above script to build an IP-username table based on recent edits, and then I can cross reference that with hits on my web server. NAT, proxies, and people sharing computers all mess up my ability to do this mapping.
- Oops. I didn't notice you put up a different link after the six minutes. I also should have read your script more carefully, sorry. What time do you have for me? Does Omsoft's Squid forward the browser id? You are right that there will be problems. You say "at least the following people" which isn't true.-NickSchmalenberger
- [27/Sep/2005:13:20:08 -0700] "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4"
- Yes, that is really not me.
- ES -woohoo! I got myself on the list! Misread what you did at first(the mech for seeing who). Had tried to find an image after seeing this. Just hit edit, then images to see if there were any stored.
- DavisWiki does not allow external images without a border, otherwise I would have use a 1x1 transparent GIF. Instead, it's a 1x1 black GIF with a 1 pixel border.
- FYI, she didn't view Ryan's page either.
If you really wanted to, you could also find this information from lots of other websites and internet services that log IPs (IRC, etc). If we made it into a hash then people wouldn't be able to trace IPs and do other muchiness in the face of spammers and anonymous villains (the fact it's displayed isn't because it's a unique identifier but because it's an IP address). Of course, when 'bad dudes' pop up, everyone would bother me to provide them with information about the users and so forth. It's just that releasing all the information to the users — essentially treating everyone as an administrator — protects me from a lot of police work I might feel like I have to do. "The Wiki is open enough to level the playing field so everybody has access to that information. Open is better," as JabberWokky said before. —PhilipNeustrom
Giving people the ability to see IPs has a large potential for abuse. Some immature person could DDoS another user who's opinions they didn't agree with, or even worse, write up some fake abuse reports and get them kicked off their ISP. If you still want IP addresses visible, then perhaps you could not show IP for changes more then a few days old, and only show them to logged in users. —RyanCastellucci
2005-09-27 18:59:23 I partially agree with Ryan. The fact that the website logs IPs should be mentioned on User Preferences, which is where you make accounts. Something along the lines of "This website logs your IP address when you edit, and displays it publicly. This could make it possible for people to connect your computer to your real name, which most users use as their login." —BrentLaabs
2005-09-27 15:39:53 There is nothing informing you when you sign up that your IP address will be made publicly visible. I didn't know about it until about a month ago, and there is nothing I can do about old edits that have my IP logged. —RyanCastellucci
It should be noted that IP address hiding/masking has been requested and rejected on the MediaWiki bugtracker:
Closing as WONTFIX because:
_ there is clause to no way to figure out the identity of someone given his ip address.
- DavisWiki PROVIDES a way to figure out the identity of someone given their ip address, since users are asked to use their "RealName"s
_ people can use an anonymizing service or create an account
- This bug report is for MediaWiki, used by Wikipedia, but not DavisWiki. Wikipedia does not show IP addresses of logged in users, DavisWiki does, and does not inform people of this when they sign up and make edits.
- Any admin on Wikipedia can see a user's IP address. There are hundreds and hundreds of site admins, and practically any highly active user of Wikipedia is granted admin status. On Davis Wiki, everyone has said 'admin' abilities (deleting images, seeing IPs, etc). Perhaps just making IPs visible when logged in would be okay?
- This would be a good, in addition to that, I would like to see IP addresses be removed from the edit logs after a couple of days (If someone is being abusive, it will generally be found out pretty quick) —RyanCastellucci
2005-09-28 09:15:14 "Giving people the ability to see IPs has a large potential for abuse. Some immature person could DDoS another user who's opinions they didn't agree with, or even worse, write up some fake abuse reports and get them kicked off their ISP". Alarmist much? DDoS attacks against a single IP address should almost instantly get filtered at the ISP level, and if they don't - good, you just made your ISP aware that they need to be a little more vigilant about DDoS attacks. As far as the fake abuse report goes, puhhh-leeeeeeez. You don't think the user's ISP is going to check their logs to verify the abuse report? I DO think users should be aware that their IPs are being logged and are publicly visible, but honestly, if you're that paranoid about privacy you probably shouldn't be on the internet in the first place. —DomenicSantangelo
- ISPs do not log all internet traffic (it is not legally required, and is too expensive for the little if any benefits of doing it.) There is no way for them to verify most types of abuse reports. Also, DDoS attacks are very hard to filter, especially since the source IPs of a DDoS can be spoofed. —RyanCastellucci
- I think you may have misunderstood what I meant by "check their logs". Most ISPs (at least the one I worked for and the ISPs we worked with on abuse reports) do in fact keep a log of when each user logged on/logged off, their assigned IP address, and the MAC address of the nic they connected with. So $ISP gets a faked abuse report for $IP_ADDRESS, checks the logs, and sees that $IP_ADDRESS logged off hours before the supposed abuse took place, or that $IP_ADDRESS was idle at the time (in the case of always-on connections). In the case of an unverifiable abuse report, threat to the legitimate user is minimal. You're just spreading FUD. As far as DDoS attacks go, they're not that tough to filter as long as your hardware is set up correctly. At an ISP, I would hope this is the case. Your ICMP and SYN packet rates should be limited at minimum, and ideally you'd have a hardware solution such as the Cisco Guard. I find it interesting that you chose IP spoofing as the critical reason DDoS attacks can be difficult to defeat, since the strength of the DDoS attack is its distributed nature. More FUD! —DomenicSantangelo
- Say I syn flood you with random source addresses with a source TCP port of 80. Your ISP rate limits syn packets to you. Sweet.... But you can't hit web servers because the rate limiting ALSO filters those packets. Even if TCP and UDP flooding don't work, there are plenty of other ways to knock people offline by spamming their IP with garbage. Users with PPPoE dynamic addresses can just reconnect to get around this, but if you have static IPs or a cable modem (cable modems typically have long lease times, so you would have to leave the cable modem unplugged for quite a while.) I've never worked with DDoS mitigation hardware, so I don't know how well that works, but I've seen people on big ISPs get packeted offline more then once (such are the joys of IRC) —RyanCastellucci
- I don't know what to tell you, other than it's a ridiculous conversation to have on the wiki. There are plenty of resources available to help defeat DDoS attacks. Bottom line: you're being alarmist. Relax, it's just the internet. If I got DDoS'd you know what I'd do? Take a walk. Smoke a pipe. Play a video game. Spend time with friends. Knowing that the 5cr12p7 k1dd13 who started the attack will get bored and leave me alone. —DomenicSantangelo
- Just to back up Domenic, ISPs do log connections, and thus can match an IP to an account and almost always to the specific phone line/DSL line/ISDN line/cable line/tin can that the user connected *from*. I've worked with law enforcement doing exactly that several times. — JabberWokky
- Yes, I work at an ISP. I'm well aware that when you log on/off is logged, as well as idleness, but what you are doing with your connection usually is not logged, which is what I was referring to. —RyanCastellucci
- The thing is, it's not what anyone else was referring to. We were referring to the fact that ISPs can, in fact, check logs to verify an abuse report, in direct contradiction to your assertion: "There is no way for them to verify most types of abuse reports." You claimed by inference that all traffic would need to be logged in order for an abuse report to be verified. This is simply not so, as JabberWokky explained with experience. —DomenicSantangelo
- My point is entirely valid. You made an edit to the Wiki. I have your IP address and time that you were online. If I forge some logs of you trying to crack my box, your ISP probably won't be able to tell that the logs are forged.
- Haha, I don't know what to tell you, man. Even the ISP I worked for (and we were a small outfit) wasn't that gullible. Give it up. Your concern is noted. Nobody cares. —DomenicSantangelo
For those who care deeply about their anonymity I'd recommend using the Tor network. This seems like a nice compromise to wanting anonymous editing. Create a new account while using the Tor network, then you can edit the pages and it will log Tor's exit proxy IPs instead of yours. It's what I do. This would deter spam bots but allow people to make edits. Anonymous proxies and the Java Anonymous Proxy also work. OnceLivedInDavis 2005-09-30 01:00:55
2005-10-04 16:36:46 I thought I'd clarify my position on this... I am far more worried about data mining the wiki to find out who was using an IP at a specific time then I am worried about script kiddies. —RyanCastellucci
I agree that's the most obvious way to exploit the information. If there's an agreement here then we can make the IPs visible only to those in an Admin Group. It does add some liability to the running-the-site end of things, but I think it's an acceptable compromise to have more online privacy. However, it does remove information from the hands of the majority of wiki users. The argument, I suppose, is that it's not really information wiki users want to have except in the cases of widespread vandalism and so forth.
2005-10-11 17:49:45 I'm on Ryan's side now. This alone should be reason enough: go check udavislife.com. They pulled Carl's name and are trying to randomly trash talk. Carl mentioned it on their wiki page. Unnecessary. I agree that ip addresses either shouldn't be viewed. And not just when you're not loggin in, cause anyone can quickly make an account. It imo should be a reserved privilege that you get when you reach 500, 750, 1000, something like that edits. Besides, someone with 10 or 15 edits wouldn't even really (probably) know enough to know how to deal with some sort of troublemaker anyway. Everyone who knows how/would do it usually/ or is active enough to catch and ban or whatever some type of attack or troublemaker is over 250 edits as a base minimum regardless. —ES