![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
boundbooks) wrote in ![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
dw_suggestions2011-06-10 11:50 am
Set IP Logging to 'Opt-In' Rather than 'Opt-Out'
Title:
Set IP Logging to 'Opt-In' Rather than 'Opt-Out'
Area:
Entries and Commenting
Summary:
Currently, all newly created DW journals and communities have IP logging turned on by default. My suggestion is that IP logging should be turned off by default, with the ability to turn it on by 'opting-in' and enabling it.
Description:
While IP logging has it uses – namely, preventing sockpuppeting, discouraging trolling and ID-ing spam – it also comes with a high privacy cost. When making a comment on an IP logging post, one makes a wish: 'I will give this post my current location and hope that this information will never be used that against me.'
For the majority of DW journals and communities, default IP logging is over-kill. Most journals and communities are not experiencing continual sockpuppeting or trolling or other situations in which moderators would need to be able to pinpoint the address of a commentor in order to unravel what's occurring. Yet because IP logging is opt-out rather than opt-in, most DW journals and communities take this personal location information without thought and record it for as long as they exist.
I do not argue that IP logging should be removed as a service, but rather that it should be not be enabled as part of the default settings. Journal owners and communities should have that debate about privacy and moderation on their own and potentially with their community members. The removal of the privacy of their members and commentors should be a conscious, thoughtful decision, rather than simply one made by the default settings.
I am well aware that IP logging/IP address information is already being taken by Dreamwidth itself. However, I feel that there is a tremendous difference between these two states: 1) information existing on Dreamwidth's servers and accessible to Dreamwidth's employees/code volunteers 2) IP addresses being handed by default to all original posters, journal owners and community administrators.
The argument that 'one should never need to conceal an IP address, because one should know that IP addresses are always logged' fails to make a distinction between theoretical perfect privacy and practical privacy. It presumes that one is engaged in criminal activities that are pursued by the FBI rather than concerned about the kind of personally damaging information that participating in fandom activity or a complaint about a job situation can become in the hands of a malicious fellow-user. Making IP logging no longer enabled by default in created journals/communities is measurable progress towards practical, every-day privacy.
IP logging reveals sensitive information for all users, but the cost is even higher for rural users. If one's IP address simply reveals 'Chicago, Illinois, USA', it is unlikely that the contents of one's journal could be used to find a specific user. On the other hand, if one is a commenting from a small town, personal details as well as IP logging make it remarkably easy to whittle down and discover an identity. I myself live in a relatively rural area, and as such my cost of remaining anonymous is far higher than a fellow metropolitan-living friend. Information such as the name of my college, when combined with the name of my town, would whittle me down to a list of less than ten possible people in that town. Combined with gender and a rough age range, and the list becomes a list of one. As such, I am extremely cautious about anything I post. My city-dwelling friend, who actively gives college, gender and age range information, remains on a possible list of thousands of fellow alumni in their city.
My suggestion is intended to improve the privacy of Dreamwidth users, which I feel is in line with the goals of the Dreamwidth community. Since IP logging would remain as an 'opt-in' option for users or communities who needed this tool, the only problems I can think of would possible be things on the 'back end' of Dreamwidth, possibly if successful site-wide spam-reporting requires the majority of journals/communities to IP-log.
This suggestion:
Should be implemented as-is.
16 (25.8%)
Should be implemented with changes. (please comment)
0 (0.0%)
Shouldn't be implemented.
35 (56.5%)
(I have no opinion)
10 (16.1%)
(Other: please comment)
1 (1.6%)
no subject
The thing that makes me sad about this kind of discussion, though, is when it descends into 'Didn't you know that someone can get your IP anyway through an image/file/etc' rather than addressing the specific issue at hand. In summation, I did know about the image/file/etc, I do know about proxies, and I did read that essay back when it was posted.
I'm going to copy and paste my comment to someone else below: "My thought was not that one is inherently 'safe' on a journal that opts out of IP logging, but rather that getting the IPs via a file on a server that one controls is a far higher level of difficulty for the average user that I think most people involved in the technical aspect of Dreamwidth/IT understand. Heck, even having ever had control of a server bumps you in a stratosphere of technical competency that most people will never reach.
I know that it is really, really easy to get IPs with files, but your point involves a ramping up of my original argument that I think is unfair as well as greatly overestimating average technical knowledge. There's a difference between 'it could be done by someone with a fair degree of technical knowledge' and 'let's give out this information anyway.' There's always a way to get this information, but there's a difference between having to do something to get it and being handed it automatically. =/
Most people do not have the ability to get their own server, or even know how to upload a file onto it. However, everyone can see the IPs if they're auto-included in a comment. I'm glad that DW is having this discussion, but it makes me sad when this discussion is taken to 'well in X scenario' rather than really looking at the specifics of the question at hand."
In summation, I'm happy to see this suggestion not implemented for reasons of spam and abuse-team work load. That is a good and fine reason for me. However, I wish that discussions about this issue did not come in two flavors of retorts: "Everyone is a very technically competent person and could logging your IP through files anyhow" or "Clearly, the person requires a 101 discussion about how the internet works."
There's an inherent paradox in that kind answer which assumes that people 1) don't understand how IPs work and 2) that the majority of people are running their own servers with secret files embedded on their journals. That kind of answer, which relies on a paradox where users are both super competent and super clueless, leaves me very unsatisfied.
no subject
Everyone has the ability--I got one, cheap, specifically so that I could learn the rest of it, you don't need a full server, just access to logs on one and basic file hosting, and you can get that for less than $20 per year.
In addition, there are multiple services out there that can embed stuff and give you the info--LJtoys used to provide it as a service here and on LJ, Statcounter and similar do similar.
Until I got my server, I didn't know how to upload a file, I got one in order to learn. Now, I no longer need it and have ceased paying.
There is no paradox though. Many people don't understand how IPs work, but some of us do (I taught myself while blogging as it interested me). There are clueless people, som eof whom get paranoid about things they needn't be about or that they need to learn about, and there are others that really really aren't.
If I wanted to I could grab your IP from you replying to me here. I'm not going to. It's not the majority that matters, it's that a) a big enough minority, especially on blogging sites like DW can and b) the people you need to worry about abuse stuff definitely can as learning it is really really easy.
You only need one person logging your IP to then publish it, one abusive friend. You don't need the majority, just one person (people doing "First post" stuff on comms and embedding images? some of them could easily be tracking the IP of every reader of the post, how would you know?)