Ben Brockert wrote:
YA-feature request: how about making it more private
for the users?
Instead of the utility taking one username and giving IP addresses, have
it take two usernames and have it say whether or not they are the same
IP? Or the same /24, to catch the dialup users. I don't think all sysops
should have access to all user's IPs (I say that as a sysop, not as a
tinfoil'd user), but I also think kicking sockpuppets should occur well
before arbitration.
Unfortunately the situation is more complex than that. Many users are
behind proxies, either mandated by their ISP or by choice. Occasionally
two legitimate users may use the same public or school computer. Partial
IP matches, such as someone using the same regional ISP, are very useful
despite not being certain. Two users using regional ISPs from different
regions is an excellent indication that they are not the same person.
Dialup pools and DHCP pools for DSL users are usually larger than /24.
If we could make a magic script that somehow compared two IP addresses
and produced a percentage likelihood that they were the same person,
then maybe we could avoid releasing IP addresses. But at present,
allowing competent humans to compare hostnames and traceroutes, check
for open ports, request whois information, visit ISP webpages, etc. is
the only way to produce useful information.
-- Tim Starling