Proposal: show hashes (hmac) of IP addresses

btcton

legendary

Activity: 1288

Merit: 1007

Quote from: kaito on December 12, 2013, 01:25:55 PM

Quote from: btcton on December 11, 2013, 09:15:09 PM

I don't see how it would be a good idea if the secret changes. What would the purpose be?

It would hide the information whether someone has a fixed or dynamic IP.
Also, if the secret were to be cracked, all IPs could be brute forced quickly.

Quote from: btcton on December 11, 2013, 09:15:09 PM

Also, how would there be false positives?

I mean people who simply share an IP, not by choice or not to shill. This measure is meant to identify sockpuppets but it can not reliably do so.

Ah, I see what you mean. I will have to agree with you on that.

kaito

full member

Activity: 168

Merit: 100

Quote from: btcton on December 11, 2013, 09:15:09 PM

I don't see how it would be a good idea if the secret changes. What would the purpose be?

It would hide the information whether someone has a fixed or dynamic IP.
Also, if the secret were to be cracked, all IPs could be brute forced quickly.

Quote from: btcton on December 11, 2013, 09:15:09 PM

Also, how would there be false positives?

I mean people who simply share an IP, not by choice or not to shill. This measure is meant to identify sockpuppets but it can not reliably do so.

btcton

legendary

Activity: 1288

Merit: 1007

Quote from: kaito on December 10, 2013, 11:06:13 AM

Quote from: mishra on December 04, 2013, 07:25:51 AM

I propose showing a hash of users' IP addresses with each post to publicly identify sockpuppets. In particular hmac with a server kept secret so that the hashes themselves have no direct unintended value except for comparison. Perhaps with an option in the settings to view them or not.

If the secret is changed about every n days, it sounds like an okay idea. Though I think this would have more false positives than actual ones.

I don't see how it would be a good idea if the secret changes. What would the purpose be? Also, how would there be false positives?

kaito

full member

Activity: 168

Merit: 100

Quote from: deslok on December 10, 2013, 12:15:48 PM

seems counter to the people asking for more privacy(tor friendliness)

I don't see how. This just reveals whether some people have the same IP or not. The information is only valid/comparable under the same key.
The only problem I see is that having that knowledge is not worth much. There are many reasons why they could have the same IP.

deslok

sr. member

Activity: 462

Merit: 250

It's all about the game, and how you play it

seems counter to the people asking for more privacy(tor friendliness)

kaito

full member

Activity: 168

Merit: 100

Quote from: mishra on December 04, 2013, 07:25:51 AM

I propose showing a hash of users' IP addresses with each post to publicly identify sockpuppets. In particular hmac with a server kept secret so that the hashes themselves have no direct unintended value except for comparison. Perhaps with an option in the settings to view them or not.

If the secret is changed about every n days, it sounds like an okay idea. Though I think this would have more false positives than actual ones.

tysat

legendary

Activity: 966

Merit: 1004

Keep it real

Quote from: ElectricMucus on December 06, 2013, 09:57:07 AM

It's not useless, it would rise the difficulty of sockpuppeting. The issue is though: We don't yet know how the forum policy on sockpuppets is, I haven't seen a clear statements on the side of the admins ans some users (Tradefortress ring a bell) are commonly suspected of sockpuppeting while being endorsed by theymos.

The solution might have some privacy issues. People could store the hashes and since it is possible to embed third party pictures obtain the ips at key places for some nasty data mining.

You can have as many accounts as you'd like.

ElectricMucus

legendary

Activity: 1666

Merit: 1057

Marketing manager - GO MP

It's not useless, it would rise the difficulty of sockpuppeting. The issue is though: We don't yet know how the forum policy on sockpuppets is, I haven't seen a clear statements on the side of the admins ans some users (Tradefortress ring a bell) are commonly suspected of sockpuppeting while being endorsed by theymos.

The solution might have some privacy issues. People could store the hashes and since it is possible to embed third party pictures obtain the ips at key places for some nasty data mining.

Vod

legendary

Activity: 3668

Merit: 3010

Licking my boob since 1970

Quote from: mishra on December 04, 2013, 07:25:51 AM

I propose showing a hash of users' IP addresses with each post to publicly identify sockpuppets. In particular hmac with a server kept secret so that the hashes themselves have no direct unintended value except for comparison. Perhaps with an option in the settings to view them or not.

You missed a third option - useless.

There is free and easy access to unlimited proxies out there. A person can use a different IP for each account.

mishra

newbie

Activity: 4

Merit: 0

I propose showing a hash of users' IP addresses with each post to publicly identify sockpuppets. In particular hmac with a server kept secret so that the hashes themselves have no direct unintended value except for comparison. Perhaps with an option in the settings to view them or not.

Topic: Proposal: show hashes (hmac) of IP addresses (Read 1096 times)