![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
azurelunatic) wrote in ![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
dw_suggestions2011-08-18 03:07 am
Alternative to IP address logging (identicons)
Title:
Alternative to IP address logging (identicons)
Area:
comments, anonymous comments
Summary:
Offer identicons (or an equivalent method, for non-visual site users) as an alternative to IP addresses to attempt to distinguish Little Thing One from Little Thing Two, when both are commenting anonymously in someone's journal.
Description:
This suggestion is inspired by fiddlingfrog's suggestion on LiveJournal, and I thank him very much for bringing it up there. http://suggestions.livejournal.com/1085295.html #Dreamwidth IRC was also helpful in sorting out quite a bit of this.
Add identicons as another option for journals that allow anonymous comments, but don't necessarily want completely anonymous comments. This could be instead of, or in addition to, directly logging IP addresses for the journal owner to access. For visual users, an icon can sometimes also be more immediately recognized than an IP address.
Completely anonymous comments would still be available for places that require them, such as anonymous games (fic memes, anonymemes, love memes) and journals who wish to allow the totally anonymous comment experience.
For users who would like to attempt to tell anonymous commenters apart to the extent offered by IP address logging, but without actually logging IP addresses of all anonymous commenters, using an identicon could be a useful compromise.
The use of identicons in a journal should be disclosed to potential commenters similar to the way that IP address logging is disclosed, so a commenter may make their own decision prior to commenting.
Identicons on otherwise completely anonymous comments could be displayed to all visitors to that entry.
Identicons on comments that had their IP address logged could have the identicon displayed to all visitors, and continue to have the IP address displayed to only the journal owner.
The same identicon could be used all over the site for the same IP address; fiddlingfrog suggests that to provide a little more anonymity for anonymous users in different contexts, that the identicon could also use journal information (same identicon for same IP all through a single journal, but different in each journal) or even by entry (same identicon in one entry but different in the next, even in the same journal).
When "named anonymous" commenting is implemented, identicons could be created based on name, email address, or external journal location, to add visual interest to the comment space. Named anonymous commenters might be able to choose for themselves whether to use an identicon.
Should journals that use identicons log the IP address in a place where it could be accessed by appropriate site administrators (staff, Terms of Service team), but not the journal owner?
Identicons, or lack thereof, would make no difference to the anti-spam team.
What are identicons?
Identicons are little pictures based indirectly on identifying information. The identifying information (IP address, email address, etc.) has been passed through a process that mangles it non-reversibly while still keeping it most likely unique. If the same data is presented to the process a second time, it should come out in the same mangled format as the first.
Once the identifying information has been mangled into something equally unique, but no longer identifying (for example, an IP address that has been mangled can't be used to locate someone's Internet Service Provider or rough geographical location) it can be used to create an image, or maybe a sound file, or maybe just served up raw if there's no better way to get the information to a user in a form that's accessible to them.
Wikipedia article on identicons: https://secure.wikimedia.org/wikipedia/en/wiki/Identicon
Possible confusion:
Identicons do not provide any more continuity of identity than the source they are derived from. An identicon that is derived from an email address is likely to be the same person, so long as that person does not share their email address with anyone else, and so long as they keep the same email address.
Identicons derived from IP addresses have the same problems with matching comments to their actual human author as IP addresses, but without the additional helpful information that can be obtained from an IP address. Three anonymous comments coming from three different IP addresses that belong to the same internet service provider and are assigned to the same local area might actually be the same person. Since identicons cannot be reverse-engineered to reveal the originating IP address, the same three comments would have different identicons and might not be suspected to be the same person.
An identicon that is based on an IP address would only indicate a single person so long as the same person had one IP address and no other, and did not share it with anyone else commenting. If multiple anonymous users (say, from the same household at the same time, or same general geographic area and internet service provider at different times) commented and had the same IP address when commenting, they would be issued the same identicon and might be mistaken for each other. A single person might comment from home, comment from work, comment again from home after rebooting their cable-modem, and have three different IP addresses and therefore three different identicons.
Specific implementation suggestions
The "Vash" (visual hash) identicon generation engine is free to open source projects with a GPL-compatible license. Dreamwidth's code is licensed under the GPL + Artistic license. This particular implementation of the concept is aware of quite a few accessibility needs and is willing to work with projects if there are additional needs that their product does not currently support. If identicons are different for each journal space, the journal owner could conceivably provide settings to make identicons in their own space best suited to their own needs. http://www.thevash.com/index.html http://www.thevash.com/docs.html#faqs
This suggestion:
Should be implemented as-is.
11 (21.2%)
Should be implemented with changes. (please comment)
4 (7.7%)
Shouldn't be implemented.
12 (23.1%)
(I have no opinion)
25 (48.1%)
(Other: please comment)
0 (0.0%)
no subject
If Dreamwidth absolutely must go down this road, a few points to make the implementation less bad. Audio idents would be a singularly bad idea, a huge load of computer-generated gibberish delaying and distracting from the substantive comment. It may be advisible to code an extra option "Don't show identicons on anonymous comments", so that those with poor vision can concentrate on the message and not the packaging. (Indeed, this may be an excuse to code the option "don't show icons at all", but that's Scope Creep.)
From a privacy point of view, I would strongly encourage the generation routine to include as much information as possible, at least IP or sessionID + journal + entry. Possibly add in time, in such a way that comments from the same IP on the same entry in a short period look very similar, but not necessarily the same. (UNIX epoch shorn of last 10 bits?)
I'm not familiar with the "named anonymous" proposal for commenters; these could be converted into a display that does preserve across entries, analagous to a default usericon.
I see absolutely no reason why the raw IP addresses should be stored in additional places: this is personal information, and I still think Dreamwidth exposes it more widely than is prudent.