Author

Topic: Proposal: show hashes (hmac) of IP addresses (Read 1101 times)

legendary
Activity: 1302
Merit: 1007
December 13, 2013, 04:01:45 PM
#10
I don't see how it would be a good idea if the secret changes. What would the purpose be?
It would hide the information whether someone has a fixed or dynamic IP.
Also, if the secret were to be cracked, all IPs could be brute forced quickly.

Also, how would there be false positives?
I mean people who simply share an IP, not by choice or not to shill. This measure is meant to identify sockpuppets but it can not reliably do so.
Ah, I see what you mean. I will have to agree with you on that.
full member
Activity: 168
Merit: 100
December 12, 2013, 12:25:55 PM
#9
I don't see how it would be a good idea if the secret changes. What would the purpose be?
It would hide the information whether someone has a fixed or dynamic IP.
Also, if the secret were to be cracked, all IPs could be brute forced quickly.

Also, how would there be false positives?
I mean people who simply share an IP, not by choice or not to shill. This measure is meant to identify sockpuppets but it can not reliably do so.
legendary
Activity: 1302
Merit: 1007
December 11, 2013, 08:15:09 PM
#8
I propose showing a hash of users' IP addresses with each post to publicly identify sockpuppets.  In particular hmac with a server kept secret so that the hashes themselves have no direct unintended value except for comparison.  Perhaps with an option in the settings to view them or not.
If the secret is changed about every n days, it sounds like an okay idea. Though I think this would have more false positives than actual ones.
I don't see how it would be a good idea if the secret changes. What would the purpose be? Also, how would there be false positives?
full member
Activity: 168
Merit: 100
December 10, 2013, 11:37:24 AM
#7
seems counter to the people asking for more privacy(tor friendliness)
I don't see how. This just reveals whether some people have the same IP or not. The information is only valid/comparable under the same key.
The only problem I see is that having that knowledge is not worth much. There are many reasons why they could have the same IP.
sr. member
Activity: 462
Merit: 250
It's all about the game, and how you play it
December 10, 2013, 11:15:48 AM
#6
seems counter to the people asking for more privacy(tor friendliness)
full member
Activity: 168
Merit: 100
December 10, 2013, 10:06:13 AM
#5
I propose showing a hash of users' IP addresses with each post to publicly identify sockpuppets.  In particular hmac with a server kept secret so that the hashes themselves have no direct unintended value except for comparison.  Perhaps with an option in the settings to view them or not.
If the secret is changed about every n days, it sounds like an okay idea. Though I think this would have more false positives than actual ones.
legendary
Activity: 966
Merit: 1004
Keep it real
December 06, 2013, 11:06:17 AM
#4
It's not useless, it would rise the difficulty of sockpuppeting. The issue is though: We don't yet know how the forum policy on sockpuppets is, I haven't seen a clear statements on the side of the admins ans some users (Tradefortress ring a bell) are commonly suspected of sockpuppeting while being endorsed by theymos.

The solution might have some privacy issues. People could store the hashes and since it is possible to embed third party pictures obtain the ips at key places for some nasty data mining.

You can have as many accounts as you'd like.
legendary
Activity: 1666
Merit: 1057
Marketing manager - GO MP
December 06, 2013, 08:57:07 AM
#3
It's not useless, it would rise the difficulty of sockpuppeting. The issue is though: We don't yet know how the forum policy on sockpuppets is, I haven't seen a clear statements on the side of the admins ans some users (Tradefortress ring a bell) are commonly suspected of sockpuppeting while being endorsed by theymos.

The solution might have some privacy issues. People could store the hashes and since it is possible to embed third party pictures obtain the ips at key places for some nasty data mining.
Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
December 04, 2013, 08:58:13 PM
#2
I propose showing a hash of users' IP addresses with each post to publicly identify sockpuppets.  In particular hmac with a server kept secret so that the hashes themselves have no direct unintended value except for comparison.  Perhaps with an option in the settings to view them or not.


You missed a third option - useless.

There is free and easy access to unlimited proxies out there.  A person can use a different IP for each account.
newbie
Activity: 4
Merit: 0
December 04, 2013, 06:25:51 AM
#1
I propose showing a hash of users' IP addresses with each post to publicly identify sockpuppets.  In particular hmac with a server kept secret so that the hashes themselves have no direct unintended value except for comparison.  Perhaps with an option in the settings to view them or not.
Jump to: