1

Hello there. I’ve noticed when going around on wikiHow that an anonymous person (person with no account) is shown by their IP address, which I don’t find it to be safe. Hackers with a person’s IP address can track down people’s location, and hackers can also use the IP address to download and view illegal content without leading the police to their end, just that random person’s end. You might wonder “Why would a hacker target a random person to do their dirty work?” How about because people in this world can be scumbags and a lot of hackers use their powers for evil? It may be unlikely to happen, but that doesn’t mean it can’t happen, and I’m concerned because of it.

Now, this may be a problem with the MediaWiki system, and if it is then I understand wikiHow can’t do anything, but it’s something I’ve noticed that isn’t really safe and I would like to see @JayneG ’s and @Galactic-Radiance ’s opinion. Feel free to close this thread if this isn’t too important.

Also, side-note: I’m not sure what category this should be in: “Collaboration Corner” or “Village Pump”… could someone help me with that?

2

I understand your concern and I appreciate you looking out for the safety of our users. I don’t think we have anything to worry about, though - you can’t actually find that much via an IP address (someone needs way more than the IP address to find anything beyond your general location), and IPs can be hidden via proxies or similar means if the user is really concerned. Even proxies aren’t foolproof - the police would be able to find the root of any particularly egregious activity. Most IPs also change over time, even just a little bit, which is part of why we don’t block anons for a long time barring extenuating circumstances.

It’s also probably worth considering just how many  anonymous edits we get (which gives anons a bit of a safety net as well), and the general motivations of hackers. We don’t really have anything that most hackers would be interested in - a lot of hackers target things that would have use in the real world, like sites that would contain credit card information, phone numbers, social security numbers, or so forth. And if someone really wanted to hack someone’s wikiHow profile, they’d be more likely to target the account of a booster or admin rather than anons - those users have tools that would actually be of use for causing chaos here:stuck_out_tongue:

Most of the means that people would use to discover IP addresses (like edit history and Discussion pages) are also no longer visible to editors who are logged out, and only checkusers can find the IP address of someone who’s signed in.

If you’re really concerned, or if you hear from an anon who’s worried about their IP being displayed, you can encourage them to sign up for an account. That’ll hide their IP address and also disable ads for them (and who knows, maybe they’ll even contribute). But aside from that, I don’t think we have anything to worry about:slight_smile:

3

That’s true actually, but hackers might hack into IP addresses not to hack wikiHow, but to do other bad things. They may just find the IP address on wikiHow and use that to download some fishy things from other sites. That was what I was concerned about, as I know wikiHow doesn’t have many things a hacker could want.

4

It’d be a little silly for someone to use wikiHow for that, though. Think about it - that means they’d have to go to the trouble to make an account here, find someone’s IP address, check whether that IP is viable (you can’t reasonably download something suspicious from a school network, for example), and then use a proxy to create that IP specifically… when they could just have a proxy or alternate means spoof their IP and be done with it:slight_smile:

Also, if someone’s going to do something that’s actually illegal, they’re not going to snipe someone else’s IP to get them in trouble for it, because they’d be caught that way. The download trail would lead to another device, the IP and device info wouldn’t necessarily match, that sort of thing. They’d just create an entirely new IP to avoid looking suspicious.

5

May I ask, why was my comment deleted above?

6

Hi @JustJoshua , I understand your concern about the safety of anonymous editors. It’s good that you care about their safety. I did want to say though, that there no need to worry, because there is virtually no risk to anonymous editors for revealing their IP address. For one, hackers are already actively trying to hack everyone devices every day. In fact, home routers often experience several hacking attempts per day by automated programs and scanners, but these are all typically blocked by the routers firewall. Additionally, every possible IP address is already known and their is no reason for a hacker to pick one from an editor on wikiHow instead of just choosing one randomly, it would be a waste of time.

I also understand your concern about hackers using editors IP addresses to do bad things, but I wouldn’t worry about that either. For one thing, if a hacker is trying to hide their true IP address, they will use the Tor network (which is basically a free VPN) instead of using someone else’s IP address. Also, spoofing an IP address is difficult, and when you do it, you can’t receive a reply (so someone can’t download something suspicious by spoofing an IP address).

I hope that this eases your concerns. If you have any specific questions, then you can ask me.

7

@JustJoshua I think this is baked into the MediaWiki software.

I understand your concerns, but there is a clear warning that reads:  “You are not logged in.  Your IP address will be visible in this page’s history.” everytime an anon edits wikiHow.  The reason we have to use the IP address is to stop abuse.  wikiHow can contact the ISP behind the IP and file an abuse complaint, which could result in the offending user losing their internet access.

An IP address is linked to a general location, but that’s it.  If anyone saw Sally’s IP address, they could just see that they live in lower Manhattan, NY, but that is it.  ISPs can trace them to particular units or addresses, but that data is invisible.  (Sally is just a fictional wikiHow editor.)

8

I think that time is a very long time (course of several years, maybe even tens of years), because my IP address has not changed since at least 2014.  We have also had Xfinity and switched to AT&T, but the IP address is still the same.  But for proxies, IP addresses do circulate, which is why it is common for ranges to be blocked on some wikis.

9

Ok, I guess I don’t have a reason to worry, then. You guys can close this thread now, I just wanted to see what were people’s opinions on the matter. At the time it seemed unsafe, but now, I guess not really. Sorry for arousing any concern into anyone that might’ve been worried about this.