[fennecfoxen]

"I cannot stress this enough, and I think it's important to frame this debate correctly when it comes to discussing these blocks. I have made somewhere around 1200 rangeblocks of webhosting providers in the last 5 weeks or so. Not one of them was targeted at a user." — [[User:Blablubbs]] in linked page

Wikipedia doesn't block to punish individuals. It blocks to protect itself. There are plenty of ways around most blocks, like simply creating an account.

[jhugo]

AFAIK their policy is to block IPs that "obscure individual users". Another commenter quoted:

> Communities typically block edits from IP addresses that obscure individual users.

Surely they are aware that this is basically all IPs nowadays...?

If that's genuinely the policy then it should be almost equivalent to just requiring an account for all edits, so why not just do that?

[gnfargbl]

> Surely they are aware that this is basically all IPs nowadays...?

There are indeed many classes of IP address which multiplex large numbers of users (mobile network exits, VPN exits, ISPs with CGNAT, some corporate web filtering systems, shared public wifi, tor, satellite ground station exits, residential proxies, ...).

However, claiming that "basically all" IPs are multiplexed is definitely wrong. A home or small office broadband line typically gets a dynamic-but-ephemerally-unique IP, same as it always did.

The effect of IPv6 on this isn't totally clear to me yet. If anything, as IPv6 deployment among ISPs increases, the trend seems to be for less multiplexing and not more.

[jhugo]

> However, claiming that "basically all" IPs are multiplexed is definitely wrong. A home or small office broadband line typically gets a dynamic-but-ephemerally-unique IP, same as it always did.

IPs assigned to homes and small offices are still multiplexed. It's just a case of magnitude. (In other words, it's rare for a home or small office to contain just a single person.)

The policy as stated makes no sense, if they intend for it to be something like "more than 5 people per IP" they should just say so.

> The effect of IPv6 on this isn't totally clear to me yet. If anything, as IPv6 deployment among ISPs increases, the trend seems to be for less multiplexing and not more.

FWIW, every ISP I've used in the last ~10 years has delegated me an IPv6 prefix, resulting in each device in the network getting a unique IPv6 address. I've never seen any kind of NAT used in the wild for residential IPv6.

[gnfargbl]

You're absolutely correct. But: Wikipedia aren't trying to ban all multiplexed IPs. Instead, they're seeking to ban the IPs that bad actors disproportionately use -- and those are the heavily multiplexed ones.

It's kind of the internet equivalent of keeping drug dealers out of your club by banning anyone who lives in a poor area. A lazy (and likely discriminatory) policy, but a simple one, and effective.

[jrockway]

Is that true? I've worked at two ISPs and we never made an effort to make the IPs ephemeral. (OK, at the second ISP we didn't even have DHCP servers. We made everyone set up every device on their own!)

My current home broadband setup gives me the same IP address for months at a time, across router reboots. Advertisers love it, I'm sure.

[gnfargbl]

That's a great point and very fairly made. For my own ISP (BT in the UK), I get a new IP on each router reboot. I understand that for some others like Virgin, the IP is very stable over long periods.

[naoqj]

For most ISPs making IPs ephemeral is the only solution to the scarcity of IP addresses. You don't want IPs allocated to people who have turned off their routers.

[jhugo]

That doesn't require you to deliberately assign a new IP every time the router reboots, it just requires you to be able to re-use IPs without an active DHCP lease.

In practice customers don't usually turn their routers off for very long, and many ISPs don't have an acute shortage of IPs (those that do have already moved to CGNAT), so it's pretty typical to keep your IP no matter how many times you reboot your router. If I'd leave it off for a month I'd be less sure I'd get the same IP.

[m-p-3]

> AFAIK their policy is to block IPs that "obscure individual users". Another commenter quoted:

> > Communities typically block edits from IP addresses that obscure individual users.

> Surely they are aware that this is basically all IPs nowadays...?

> If that's genuinely the policy then it should be almost equivalent to just requiring an account for all edits, so why not just do that?

With the shortage of IPv4 addresses and the lack of progression to IPv6 from many ISPs, we're likely going to see users unable to anonymously edit if they start blocking those behind a CGNAT.

[NovemberWhiskey]

I find this all vaguely baffling; I'm by no means a WP expert. If they're not targeted at users, what are they targeted at? Bots?

[TurningCanadian]

The tragedy of the commons that happens when you can't establish the reputation of your visitors because regular users are indistinguishable from malicious actors when signals like IPs are intentionally obscured.

[NovemberWhiskey]

The reasoning here just seems perverse. WP wants to allow contributions by anonymous users, which seems noble. But it also realizes that it needs to be able to block some people from anonymous contribution "to protect itself".

The implementation of the blocking mechanism is IP addresses/ranges, which is imprecise (to say the least). But now you have to worry about abusive users bypassing your technical control by obscuring their IP addresses. So you block all IP ranges that implement e.g. CGNAT, VPNs, 464XLAT.

So now you're mass-blocking access to millions of people who have never shown any inkling of malicious intent due to rational technology choices by their service providers or due to a reasonable desire to protect their personal privacy.

If you're OK with blocking users in such an entirely capricious and arbitrary way, why not just insist on registration?

[dtech]

Not blocking anything is infeasible due to abuse, requiring registration is effectively blocking anonymous editing access for everyone. If you want anonymous editing, providing it to some is strictly better than providing it to none.

Your argument is as flawed as saying we shouldn't have email because spammers must be blocked.

[moate]

>>If you want anonymous editing, providing it to some is strictly better than providing it to none.

Objectively: Not always. You're creating a tiered society. The argument is saying "Why do some people deserve freedom but not others?" It's great if you're part of the in-group, but exceedingly unjust if you're non-vandal bycatch due to the blanket bans. You can't have some democracy, it's all or none.

I'm unable to anonymously edit by default because I have T-mobile for my phone and internet services and there is a blanket ban on T-mobile IPs. This is the 3rd largest telcom in the US with about 108 million users. I'm going to assume that less than 1/10th of them are Wikipedia vandals, but a blanket ban has been put in place.

Explain how it's "good" that a random AT&T user can make an edit, but I (or another random T-mobile user) can't? Follow up, explain why making everyone who wants to edit register an account is a net bad if it's the only choice for millions of people?

*edited for typos

[Kim_Bruning]

It is good that a random AT&T user can edit anonymously. It is bad that you can't. The "but" clause is a trap. You should be able to edit anonymously too.

If trends continue, less people will be able to edit anonymously. This trend needs to be reversed so that as many people as possible can edit anonymously.

[NovemberWhiskey]

Actually: if your premise is that you're an open access facility, then having arbitrary treatment of different users is a really excellent way of undermining that premise.

For example, as was pointed out elsewhere on this discussion, having blocking controls that tend to create a higher bar for people without home internet access means you're discriminating against groups that can only afford a personal mobile device, or only have internet access at a library, or come from a particular national origin, etc.

If you care about anonymous editing, creating underclasses that cannot have it seems an unlikely way to further your mission. It's effectively a form of red-lining.

I don't understand what your email analogy is getting at, so I'm going to leave that alone.

[bdamm]

That's only because they're using weak authentication. If they required users to use something like WebAuthn, the bot problems would be significantly easier to deal with.

[mimsee]

How come? Last I checked there was a devtool to create virtual authenticators. Unless there’s a way for wikipedia to permit only certain vendors like Yubico, akin to browsers trusting certain CAs, I don’t see how one couldn’t make a bot register thousands of accounts with virtual authenticators.

[bdamm]

Yes, assertion for manufacturing source is part of WebAuthn.

[drivebycomment]

True, but that would significantly increase the barrier for contributions, especially at the long tail. As always, it's a trade-off, not a black-or-white situation.

[em-bee]

yes, but it is way to broad. hosting service ranges are blocked even though individual servers have static IPs. it is possible to get an IP unblocked, but then someone else blocks another range with that IP again. it's impossible to keep up.

the problem with accounts is that the editing history is public, making it impossible to keep even a pseudo-anonymous identity because everyone would know who i am based on what i edit.

didn't jimmy wales himself say that the editing and viewing history is sensitive personal data?

i don't mind wikipedia itself knowing my identity, just like i don't mind hackernews admins knowing who i am, but i'd like wikipedia to help me keep my identity hidden from the public.