Displaying IP addresses of posters
-
Why not use that image thingie that everyone was talking about here a ways back (6 months ago or something like that)? You know, the thing that generates a unique image off an IP address. Someone enabled it for their blog and it seemed to work very well. YOu can see at a glance when the IP address is the same without revealing the IP address.
"I don't want more choice. I just want better things!" - Edina Monsoon
That sounds real clever actually, and I like it, although...my internet won't (until we connect to Sky Broadband in a few weeks - hopefully. Tiscali have been screwing us for months).
Need Another Seven Acronyms...
Confused? You will be... -
What do you reckon? I'm getting a little sick of members creating new accounts and trolling. How offended would everyone be if a) the IP address of where they posted their message from was displayed, or b) each message contains a link that allows you to see a list other accounts that have also posted from this IP.
cheers, Chris Maunder
CodeProject.com : C++ MVP
Neither is a solution, either has the potential to 'punish' legit users. I would suggest a modified b). Have a community vote to determine who should be allowed to mark messages as Abuse. This could be based on level, # of messages with votes >= 4, # of articles with score > 3, ... It doesn't matter, ask the community for suggestions for a couple days, compile a list of options, vote for a week. Users who aren't eligible to mark messages as Abuse no longer see 'Report as Spam or Abuse' at the bottom of each message. Nor would they be able to view the list of users that have posted from the same IP for Abuse messages. For users who can report Abuse; a weighted Abuse score would determine if a link is displayed that would display a list of other users who have posted from the same IP. Neither the IP nor a hash need be displayed, grouping is sufficient. I would assume that the raw IP's would be tracked internally and that if ever needed CP management would be able to take steps. This information does not need to be shared with the community - ever. Although this still isn't a solution (there isn't one at the message level), i think it helps minimize the risks to legit users while still providing the functionality required.
...cmk Save the whales - collect the whole set
-
Bert delaVega wrote:
Neither. That should be administrative information and not public.
Bert delaVega wrote:
Managing IP chains would be a hassle as waste of DB resources.
I tend to agree that storing IPs crosses the line - I don't like companies who store credit card numbers for the same reason, but it sounds like Chris may already have bit that bullet, so here's a crazy idea that bypasses A and B somewhat. Internally, store the IP of the poster with each post, but only make public a checksum of IP information. (Note that only if the IP is already stored on CP can our database can be relevant for the current post data). Set up two tables, one that counts the number of posts from each class C address (XXX.XXX.XXX = upto 16m entries - that's the biggest DB hit, but properly indexed the processing can be quick) and one that tracks class B addresses (XXX.XXX = 64k entries). Generate a checksum of the form XXX.XXX.nnnn.nnnn where the first two bytes are the first two bytes of the IP, the first nnnn count is the class B total (total posts from XXX.XXX) and the next nnnn is the total posts from the class C address (the original XXX.XXX.XXX portion of the address. Display this in small font on each message. Note that spoofing shouldn't be a problem - HTTP is a response based protocol - if you spoof the IP in the request packet, it becomes unworkable.
Bert delaVega wrote:
Registrations through proxies shouldn't be allowed also.
I agree that public proxies should not be allowed.
Bert delaVega wrote:
I would just nip it in the bud and control registration and sign-on. The other thing to consider is that it is a programming site, as opposed to some blogs or message boards. IP information would open up a can of worms for nefarious purposes.
Beyond the fact that I can now figure out whether I made this post from home or office, would there be anything else useful in that type of checksum info - either for us Good Guys or them Bad Guys?
That is a good idea. It would give just enough info so people could determine if it's the same poster using multiple aliases, etc, but not specific enough to cause other problems. Yes, a checksum wouldn't give enough info for anyone to do anything with. My main concern when it comes to IP addresses being displayed are: a) Employers, fellow employees and competitors using the info for their own purposes b) Retaliation against posters when they post something others may not like c) Alienation of some current users that won't post because of it d) Revision of site privacy that would have to be reiterated and accepted by users (although I don't know exactly how the privacy statement is worded)
-
Roger Wright wrote:
ess than adequate coping skills.
What skillz? I have mad skillz! Just because I want to rip out their heart, tear off their head, and dump their remains in vegemite doesn't mean I have coping problems dammit! I'm just misunderstood and unloved!
¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog
Ahhh, I've seen this before. In a Klingon.
"We are all repositories for genetically-encoded information that we're all spreading back and forth amongst each other, all the time. We're just lousy with information." - Neal Stephenson
-
A) Is bad, because some idiot could decide to DoS you. As mentioned by someone else above, I can refresh my dynamic IP to avoid that fairly easily... however then some other poor SOB could theoretically then be the subject of the DoS. Also, for those that by chance have a static IP, then I would insist it is a really, really bad idea. I don't have a static IP now, however in the past I have, and I would not want it published on each post. I might suggest (as an alternative) to only display the first 3 octets, and to mask the 4th. E.g. => 127.0.0.XXX B) Sounds okay in theory. It could be improved by using the same suggestion above, drop the 4th octet, and show everyone who shares the first 3. At minimum this would organize posters into "groups". That helps to mostly eliminate the dynamic IP refresh issue, and the smart people reading the forums, could in many cases, quickly determine if someone is posting using multiple aliases. [edit]Also, if 3 octets does not provide enough privacy -- then the first 2 could also work -- and be better than none. No one can really complain about the first 2 octets of their IP being published along with their post. And it really would help to determine (in many cases) if the trolls that come along are probable to be the same person.[/edit] -- modified at 16:53 Friday 27th July, 2007
Why not just covert their IP to IPv6? :P
"We are all repositories for genetically-encoded information that we're all spreading back and forth amongst each other, all the time. We're just lousy with information." - Neal Stephenson
-
Andy Brummer wrote:
Unfortunately people just can't be trusted to ignore all the crap posts.
Frankly, it's not a realistic expectation. There are too many people here now, too many new people showing up all the time, too many folk who just want to get an answer to their questions or kill time or engage in a little bit of idle discussion... The system is either going to grow to handle this, or shrink and kill it along with the abusers.
Andy Brummer wrote:
At least until they get bored with it.
That would require the mental ability to engage in interesting activities - which, after months of uninspired trolling seems fairly unlikely.
----
I don't care what you consider witty, but at least I do not blather on posting nonsense like Jim Crafton.
-- Stringcheese, humbled by Crafton's ability to string together multiple sentences
I know it's not realistic, but can't I bitch and moan a little before I sit down shut up and be reasonable.
This blanket smells like ham
-
Roger Wright wrote:
ess than adequate coping skills.
What skillz? I have mad skillz! Just because I want to rip out their heart, tear off their head, and dump their remains in vegemite doesn't mean I have coping problems dammit! I'm just misunderstood and unloved!
¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog
Jim Crafton wrote:
dump their remains in vegemite
Eliminate the evidence, eh?
Software Zen:
delete this; -
What do you reckon? I'm getting a little sick of members creating new accounts and trolling. How offended would everyone be if a) the IP address of where they posted their message from was displayed, or b) each message contains a link that allows you to see a list other accounts that have also posted from this IP.
cheers, Chris Maunder
CodeProject.com : C++ MVP
Chris why not implement an unusual activity detection system and then have it find suspicious users or groups of users and present a list to selected moderators who cn act accordingly.
Brad Australian - Christian Graus on "Best books for VBscript" A big thick one, so you can whack yourself on the head with it.
-
Jim Crafton wrote:
dump their remains in vegemite
Eliminate the evidence, eh?
Software Zen:
delete this;Well, there's bold, and then there's just plain stupid :)
¡El diablo está en mis pantalones! ¡Mire, mire! Real Mentats use only 100% pure, unfooled around with Sapho Juice(tm)! SELECT * FROM User WHERE Clue > 0 0 rows returned Save an Orange - Use the VCF! VCF Blog
-
What do you reckon? I'm getting a little sick of members creating new accounts and trolling. How offended would everyone be if a) the IP address of where they posted their message from was displayed, or b) each message contains a link that allows you to see a list other accounts that have also posted from this IP.
cheers, Chris Maunder
CodeProject.com : C++ MVP
a) Absolutely not. How would this help? It would only give the troublemakers a list of IPs to start attacking. b) Yes please, as long as it doesn't actually show the IP, just the account names.
--Mike-- Visual C++ MVP :cool: LINKS~! Ericahist | PimpFish | CP SearchBar v3.0 | C++ Forum FAQ Dunder-Mifflin, this is Pam.