"I cannot stress this enough, and I think it's important to frame this debate correctly when it comes to discussing these blocks. I have made somewhere around 1200 rangeblocks of webhosting providers in the last 5 weeks or so. Not one of them was targeted at a user." — [[User:Blablubbs]] in linked page
Wikipedia doesn't block to punish individuals. It blocks to protect itself. There are plenty of ways around most blocks, like simply creating an account.
> Surely they are aware that this is basically all IPs nowadays...?
There are indeed many classes of IP address which multiplex large numbers of users (mobile network exits, VPN exits, ISPs with CGNAT, some corporate web filtering systems, shared public wifi, tor, satellite ground station exits, residential proxies, ...).
However, claiming that "basically all" IPs are multiplexed is definitely wrong. A home or small office broadband line typically gets a dynamic-but-ephemerally-unique IP, same as it always did.
The effect of IPv6 on this isn't totally clear to me yet. If anything, as IPv6 deployment among ISPs increases, the trend seems to be for less multiplexing and not more.
> However, claiming that "basically all" IPs are multiplexed is definitely wrong. A home or small office broadband line typically gets a dynamic-but-ephemerally-unique IP, same as it always did.
IPs assigned to homes and small offices are still multiplexed. It's just a case of magnitude. (In other words, it's rare for a home or small office to contain just a single person.)
The policy as stated makes no sense, if they intend for it to be something like "more than 5 people per IP" they should just say so.
> The effect of IPv6 on this isn't totally clear to me yet. If anything, as IPv6 deployment among ISPs increases, the trend seems to be for less multiplexing and not more.
FWIW, every ISP I've used in the last ~10 years has delegated me an IPv6 prefix, resulting in each device in the network getting a unique IPv6 address. I've never seen any kind of NAT used in the wild for residential IPv6.
You're absolutely correct. But: Wikipedia aren't trying to ban all multiplexed IPs. Instead, they're seeking to ban the IPs that bad actors disproportionately use -- and those are the heavily multiplexed ones.
It's kind of the internet equivalent of keeping drug dealers out of your club by banning anyone who lives in a poor area. A lazy (and likely discriminatory) policy, but a simple one, and effective.
Is that true? I've worked at two ISPs and we never made an effort to make the IPs ephemeral. (OK, at the second ISP we didn't even have DHCP servers. We made everyone set up every device on their own!)
My current home broadband setup gives me the same IP address for months at a time, across router reboots. Advertisers love it, I'm sure.
That's a great point and very fairly made. For my own ISP (BT in the UK), I get a new IP on each router reboot. I understand that for some others like Virgin, the IP is very stable over long periods.
For most ISPs making IPs ephemeral is the only solution to the scarcity of IP addresses. You don't want IPs allocated to people who have turned off their routers.
That doesn't require you to deliberately assign a new IP every time the router reboots, it just requires you to be able to re-use IPs without an active DHCP lease.
In practice customers don't usually turn their routers off for very long, and many ISPs don't have an acute shortage of IPs (those that do have already moved to CGNAT), so it's pretty typical to keep your IP no matter how many times you reboot your router. If I'd leave it off for a month I'd be less sure I'd get the same IP.
> AFAIK their policy is to block IPs that "obscure individual users". Another commenter quoted:
> > Communities typically block edits from IP addresses that obscure individual users.
> Surely they are aware that this is basically all IPs nowadays...?
> If that's genuinely the policy then it should be almost equivalent to just requiring an account for all edits, so why not just do that?
With the shortage of IPv4 addresses and the lack of progression to IPv6 from many ISPs, we're likely going to see users unable to anonymously edit if they start blocking those behind a CGNAT.
The tragedy of the commons that happens when you can't establish the reputation of your visitors because regular users are indistinguishable from malicious actors when signals like IPs are intentionally obscured.
The reasoning here just seems perverse. WP wants to allow contributions by anonymous users, which seems noble. But it also realizes that it needs to be able to block some people from anonymous contribution "to protect itself".
The implementation of the blocking mechanism is IP addresses/ranges, which is imprecise (to say the least). But now you have to worry about abusive users bypassing your technical control by obscuring their IP addresses. So you block all IP ranges that implement e.g. CGNAT, VPNs, 464XLAT.
So now you're mass-blocking access to millions of people who have never shown any inkling of malicious intent due to rational technology choices by their service providers or due to a reasonable desire to protect their personal privacy.
If you're OK with blocking users in such an entirely capricious and arbitrary way, why not just insist on registration?
Not blocking anything is infeasible due to abuse, requiring registration is effectively blocking anonymous editing access for everyone. If you want anonymous editing, providing it to some is strictly better than providing it to none.
Your argument is as flawed as saying we shouldn't have email because spammers must be blocked.
>>If you want anonymous editing, providing it to some is strictly better than providing it to none.
Objectively: Not always. You're creating a tiered society. The argument is saying "Why do some people deserve freedom but not others?" It's great if you're part of the in-group, but exceedingly unjust if you're non-vandal bycatch due to the blanket bans. You can't have some democracy, it's all or none.
I'm unable to anonymously edit by default because I have T-mobile for my phone and internet services and there is a blanket ban on T-mobile IPs. This is the 3rd largest telcom in the US with about 108 million users. I'm going to assume that less than 1/10th of them are Wikipedia vandals, but a blanket ban has been put in place.
Explain how it's "good" that a random AT&T user can make an edit, but I (or another random T-mobile user) can't? Follow up, explain why making everyone who wants to edit register an account is a net bad if it's the only choice for millions of people?
Actually: if your premise is that you're an open access facility, then having arbitrary treatment of different users is a really excellent way of undermining that premise.
For example, as was pointed out elsewhere on this discussion, having blocking controls that tend to create a higher bar for people without home internet access means you're discriminating against groups that can only afford a personal mobile device, or only have internet access at a library, or come from a particular national origin, etc.
If you care about anonymous editing, creating underclasses that cannot have it seems an unlikely way to further your mission. It's effectively a form of red-lining.
I don't understand what your email analogy is getting at, so I'm going to leave that alone.
That's only because they're using weak authentication. If they required users to use something like WebAuthn, the bot problems would be significantly easier to deal with.
How come? Last I checked there was a devtool to create virtual authenticators. Unless there’s a way for wikipedia to permit only certain vendors like Yubico, akin to browsers trusting certain CAs, I don’t see how one couldn’t make a bot register thousands of accounts with virtual authenticators.
True, but that would significantly increase the barrier for contributions, especially at the long tail. As always, it's a trade-off, not a black-or-white situation.
yes, but it is way to broad. hosting service ranges are blocked even though individual servers have static IPs. it is possible to get an IP unblocked, but then someone else blocks another range with that IP again. it's impossible to keep up.
the problem with accounts is that the editing history is public, making it impossible to keep even a pseudo-anonymous identity because everyone would know who i am based on what i edit.
didn't jimmy wales himself say that the editing and viewing history is sensitive personal data?
i don't mind wikipedia itself knowing my identity, just like i don't mind hackernews admins knowing who i am, but i'd like wikipedia to help me keep my identity hidden from the public.
In my experience it's extremely effective to filter IP blocks where a lot of trouble seems to come from. Services that don't scrutinize their customers very carefully tend to accumulate questionable customers.
Not gonna speak to why they're blocking Apple Private Relay, but clearly, no, they're not implying that an IP uniquely identifies an individual. In some cases, it can identify an organization, though. One of my good friends worked for Wikipedia a while back, and he claims one of the bigger problems they had was Congressional staffers edit-warring on pages, so they blocked the IP range of US Congressional offices. They weren't trying to target a single staff. They were targeting all of them.
> an IP address meaningfully identifies a single editor
I'm fairly certain that the GDPR believes an IP address is PII and imposes a bunch of fairly onerous restrictions on how network administrators are able to log and analyze them. So it doesn't seem like that ship has sailed at all. If anything it's been reinforced by actual law that it _does_ meaningfully identify someone.
The GDPR also protects your name that way too, despite the fact that it might actually identify a multitude of different people (like if you're called John Smith). It does so on the basis that it may under some circumstances be sufficient to identify you personally; same for IP address.
It is very seldom in my experience the case that legislation tells us anything at all about what is true about technology.
Wikipedia doesn't block to punish individuals. It blocks to protect itself. There are plenty of ways around most blocks, like simply creating an account.