[wpietri]

I'm familiar with the theory. But accounts just aren't a big barrier to determined bad actors.

Note that the world's biggest content site, Wikipedia, allows anonymous edits and always has. And note also that some of big tech companies, despite having all the money in the world, still have problems with fake accounts. So at best, requiring user accounts is one possible anti-abuse step, but it's neither necessary nor sufficient to prevent abuse.

[sneak]

> Note that the world's biggest content site, Wikipedia, allows anonymous edits and always has.

Not really. You can't edit Wikipedia from a VPN (even with a user account!), and I think they ban most datacenters. The edits aren't really anonymous if they publicly associate with a piece of PII that, for most people, directly maps to their name and home address.

[lucb1e]

> The edits aren't really anonymous if they publicly [show your IP]

Counter-example: stackoverflow is also reasonably big and allows anonymous questions, answers, and even edits, without publishing an IP address or anything. The edits end up in a review queue, the rest I think is actually published immediately.

[d0gsg0w00f]

But doesn't this content need to be reviewed (read permitted) by other non-anon user accounts?

[lucb1e]

> The edits end up in a review queue, the rest I think is actually published immediately.

[Gigachad]

Wikipedia also locks most interesting pages so only established accounts can edit them.

[uncomputation]

This is a good and sad point. I was on the wiki page for derivatives and found it was locked due to vandalism. On one hand, we don’t want pages locked because that defeats the point. On the other, how do we stop every troll high schooler who just learned derivatives and messes up the wiki page for lulz? We either need active watchers (surprisingly and fortunately pretty easy, wiki editors are a passionate and eagle-eyed group, but I wonder how long and how much of this is just the initial hard core fans from the early days) or to have some deterrent to vandalism in the first place. For some, maybe this is IP address logging (although as someone else noted in the thread, at what point does this sink anonymity?). For others, maybe creating an account. In practice, neither of these work 100% of the time. I have seen vandals from both IP accounts and registered accounts in about equal frequency.

[Gigachad]

I don’t think it really matters. Wikipedia has surprisingly strict standards and traditions that aren’t very intuitive. If you as a brand new user attempted to edit the page for Donald Trump or Apple, there is a close to 0% chance your edit would not be reverted anyway. These pages are highly curated and there is minimal value you can add to them as a new user. So the semi lock almost just stops people wasting their time.

Much better to start off editing your local country town which has no power users patrolling and tends to be significantly out of date.

[wpietri]

Oh? My current IP is 2601:646:4300:758:f676:3f1b:8b5:42a. Please show me how to turn that into my name and home address. Thanks!

[danShumway]

GP's "directly" is a pretty large overstatement, but at the same time I've noticed something of an uptick over the past couple of years of people saying that IP addresses aren't PII or that people shouldn't be concerned with them getting leaked, and I just don't think that stands up to much scrutiny.

If IP addresses didn't matter for privacy, Tor routing wouldn't exist. If IP addresses weren't useful for blocking specific users, IP bans wouldn't exist. If IP addresses weren't useful for tracking, operators wouldn't have gotten up in arms about Apple's private relay service. Obviously this stuff matters.

Remember that not everyone lives in or around San Francisco. For someone in a suburban/rural area, an IP address combined with things like timestamps, user ids, and the text of the edits can go a really long way towards unmasking them. Even for people who live in more urban areas, it is still obviously easier to find someone who lives in San Francisco than it is to find someone who could be living anywhere on the West Coast. If they could also have been using a VPN, or time-shifting their posts... that makes it even harder.

In contrast, how hard do you really think it would actually be to get some address data from a voter roll or via a warrant or even just through one of the scummy person lookup services online and to iterate through everyone who shares that IP address and check to see how many of them are named Pietri? Or who have shared the username wpietri across another account, or posted somewhere else at roughly the same time? Your IP address is drastically reducing the search-space for other attacks, many of which (timing, text-analysis, etc) are impossible to get rid of when making a Wikipedia edit.

[wpietri]

I agree IPs are PII, and that they can lead to unmasking. I also agree the person I replied to was wildly overstating things.

But for the current context, where we are talking about whether or not user account registration is helpful in preventing abuse, I think the kinds of low-probability, long-timeline consequences you describe are not really going to deter most would-be vandals. Especially since Wikipedia is going to know the vandal's IP address whether or not it gets show publicly. So I think Wikipedia is still a good example of how "no user accounts" is workable at scale.

[danShumway]

That's totally fair. In the context of preventing abuse, having an IP address on Wikipedia is definitely less useful to them than having an IP address + an email + whatever other verification methods services are throwing in front of accounts.

[sneak]

Comcast has a portal for law enforcement to request subscriber information at https://lea.comcast.com . That IPv6 address, plus the current date and time, uniquely identifies you by name and service address. Any edits you make to Wikipedia from that address are not anonymous.

[wpietri]

This is a use of "anonymous" that is unfamiliar to me. Do you mean something like "untraceable"? For example, when non-profits credit an anonymous donor, they know who the person is. In that more common sense of the word, Wikipedia's anonymous edits are indeed anonymous: they are published without a name attached.

Anyhow, that seems besides the point. All HTTP requests come with IP addresses. That the police might be able to trace them back to a house eventually does not say much about either Wikipedia (who would give up an IP address with a warrant whether the edit was for a named account or an anonymous one) or no-user-account systems in general.

[maccolgan]

You are confusing anonymous and pseudonymous. Tor for example can afford you request-level anonymity.

[wpietri]

I really don't think I am. Look, for example at this project that is on the front page of HN: https://docs.taler.net/

They describe it as an anonymous payment system. That matches the first definition here: https://www.dictionary.com/browse/anonymous

[thaumasiotes]

3270 23rd street, 94110?

[wpietri]

You definitely didn't get that from my IP address.

[lucb1e]

The person y'all are downvoting is not technically incorrect if they're in the EEA, as this is exactly how GDPR treats it. Because there exists a party that can map it (your ISP), it's PII under that law. Of course this may be different in other jurisdictions.

[skybrian]

Accounts alone won't do it. Accounts and invites might? But then someone who doesn't know anyone on the site needs to figure out how to contact someone who's a member.

It's not good for growth, but some websites are fine with that.

[hinkley]

Over time the quality of the invites go down as well.

If I'm in the picky group, and we send out 5 invites total, but the unpicky group sends out 10, then 2/3 of the invites are unpicky - if the groups are the same size, which they probably won't be for a while (I'm probably inviting people who are almost as picky as I am)

There's also someone on the team who thinks we'd grow faster if we simplified the onboarding process, which is true but also means when we piss off some user they can create a bunch of accounts while they're still spun up and cause a bunch of overhead for the support team and the developers. That gets expensive too.