MeatballWiki

UserNameDiscussion

[The following text was written before UserNames were implemented. It may still be of interest to new visitors.]

I am considering a UserName feature for UseModWiki. In version 0.9 I plan to implement user ids and preferences (using cookies), and a UserName feature would be easy to add. This version is at least several weeks away (from June 2000).

If UserNames are implemented, the host/ip would probably become a tiny link (like "CliffordAdams (*)", where the * would be a link to an IP/hostname page. (I plan to keep the host/ip public, to allow users to verify suspicious edits. Displaying the host and/or UserName will be selectable through user preferences.) Anonymous editing will be allowed, and I might include a setting for known users to temporarily edit anonymously.

One question is whether people should be able to exclusively reserve a UserName. I'm also considering allowing users to lock their "home page" for append-only edits. At the other extreme, I might just consider the UserName to be similar to summaries, with no attempt at verifying the names.

Comments and objections are welcome. --CliffordAdams

I've collapsed many comments into a PlusMinusInteresting. Most of the below considers UserNames replacing domain names/IP addresses; however, Cliff suggests combining them. Keep that in mind while assessing the merit of the comments. -- SunirShah

Plus

  • It is nice to see actual names of who is contributing. You can read those people that you think have interesting things to say, and not read those that you find add little value.
  • Any RecentChangesJunkie recognizes the domains of frequent posters anyway, but it communicates to the visitor that this is a civil site where people use their real names.
  • It is better to be known by a UserName on RecentChanges, because that leads to PeerReview
  • It allows unsigned entries on the actual page, which seems less ego-indulging and makes refactoring easier.
  • A UserName is a way of encouraging PeerReview, but is less permanent than signing an entry.
  • It permits one who posts from multiple machines/domains to use their name, therby avoiding making all readers learn the various domains the user posts under.
  • It lets users of ISPs that use wildly different domains to post under their name. Some ISPs show a variety of domains, so it makes it hard to tell who is adding what without UserName.

Minus

  • They emphasize your OnlineIdentity over the BarnRaising
  • They provide an orthogonal reward for contributing aside from favourable PeerReview--such as seeing your name in lights on RecentChanges.
  • They make celebrities of names disconnected from the content associated with the names.
  • Security: "Some whacko using anonymizer.com changed his cookie to "SunirShah" and masqueraded as me," says SunirShah.
  • Faking a domain/IP address is harder than faking an online identity.
  • UserNames lend Wiki a "ChatRoom" atmosphere.
  • CreepingFeaturism: Is it only a convenience? Does it remove one of the "misbugs" of Wiki? (ala poor diffs force rereading of entire pages)
  • Domain names/IP addresses demonstrate that the community tracks posts seriously and knows who you are. (admittedly, in a BigBrother kind of way)
  • UserName has changed the flavour of anonymity on WikiWiki. Before anonymity was a community contribution; people knew you posted anonymously, but you did it because you really were an AnonymousDonor. Now, it's there to mask your identity because you are afraid of the community--which suggests you should just abandon the community anyway.

Interesting

  • If you want to make a good name for yourself, contribute well. We'll come to know you for you and not your cookie.
  • Another method might be publishing domains on RecentChanges. At least those are memorable and difficult to fake. This traditionally served WikiWiki before UserName.
  • It would be hard to use UserName maliciously, as the rest of the community would not stand for it, especially considering Clifford's idea of providing a * link to show domain/ip.
  • You will find that people act much better when trust is assumed, rather than when ill-will is assumed. (That is why honor codes work.)

Signed posts are inferior to UserName, as they last longer and are harder to refactor. DomainNames?/IP addresses are not necessary, as has been proven on WardsWiki. -- AnonymousDonor

For opinionated comments or testimonials, signatures should last as long as the content does because a name should be attributed with the comment (to take responsibility). Also, ThreadMode is actually easier to read and refactor with signatures than without. Finally, it would be a folly to rely on the temporary RecentChanges to flag ownership of content because comments often last for years. If that information is important to your message, write it with the content. -- SunirShah

Valid points, all. I was thinking more along the lines of minor edits or even new content that the author did not wish to encumber with their identity. A contributor may choose not to sign posts that are not critical of others, ideas that stand on their own, or even just spelling fixes. But, using UserName allows for some measure of PeerReview. Looking back over RecentChanges on WardsWiki, many of the edits made per day fall into this category. -- AnonymousDonor

PS. Personally, I prefer not to sign many of my contributions, but I have been signing them all on Meatball, as the lack of UserName would remove any accountability if I did not sign them. -- AnonymousDonor

Not exactly true. Accountability is loose. It doesn't really matter most of the time, but it's nice to remind ourselves that this is still an academic environment. Feel free not to sign things that you find unimportant. Don't feel free to think this is an open forum where you can write whatever you want without consequences. That's the extreme that domains/user names counter. A BalancingForce, if you will -- SunirShah

I am hoping for a situation like described above (see Plus), but I also recognize the possibility of the attacks pointed out. Personally, I wish the C2 wiki kept the domain names, and simply added the UserName when available. I think that the attacks can be handled with anti-abuse features (see below).

A few replies to specific points above:

  • UseModWiki will display domain names if available, otherwise it displays the (partial) IP address. I have disabled the domain lookup on usemod.com to reduce CPU/network usage.
    • Tonight I just realized that I can have Perl do the inverse lookup for page edits, with no slowdown for normal page display. I may add this feature soon.
  • Domain names are not more secure than IP addresses. All the web servers I know of look up the domain from the incoming IP address--if you spoof the address you spoof the domain.
  • UseModWiki logs all edits to a non-public file, including the time and IP address. In cases of subtle abuse, it will be possible to reconstruct what happened.
  • UserName locking could be made as secure as SlashDot logins, if cookies are used properly.
  • I am planning to keep the IP/host of editors publically available. I may even make tools to help reviewers find suspicious mismatches.

Anti-Abuse:

Also, for version 1.0 I hope to add some anti-abuse features, including:

  • Admin page deletion.
  • Admin RecentChanges log editing (removing bad RC entries)
  • Admin user/cookie blocking--stupid attackers won't think to erase their cookies.
  • Admin IP blocking (specific and network), for editing and/or reading.
  • Admin restore pages from daily/weekly backups.
  • Admin suspend other admin.
  • Emergency remote read-only mode (lock out *all* edits)
  • (maybe) Flow rate limiting like C2 (probably with a higher limit)
  • (later) Edit rate limiting, by user and by network.

The "Admin" features may be sharable with trusted users. If several users are given admin abilities, they should be able to quickly contain attacks. If a user persists in attacking, their IP or network may be filtered. If an admin abuses their power, they won't have it for long. --CliffordAdams

Clifford, this seems like way more than what is needed. WardsWiki seems to do just fine without the admin stuff. It seems that the community is remarkably able to deal with problems. Why concentrate power in a few (Admin) hands? All this desire for control wants me want to run far, far away from this site. -- AnonymousDonor

Separate in your mind the UseModWiki development project from MeatballWiki itself. They are separate entities. MeatballWiki may use the UseModWiki script, but it doesn't mean changes to UseModWiki script are necessary for MeatballWiki itself. For instance, UseMod:SubPages are disabled.

Finally, if you don't trust the proprietors of the site (~government), you can't function positively inside the site anyway. Don't forget, Cliff wrote the script and owns the database file(s). He can do anything he wants. So can Ward, or CmdrTaco. Your doctor can give away your medical history to his friends if he felt like it, provided he didn't get caught. You can't live life not trusting anyone. -- SunirShah

My point exactly. I would rather trust, and be proven wrong, than to not trust, and be proven correct. -- AnonymousDonor

I vote for Usernames. Trust is good, if enhanced by some trust-building tools. E.g. Usernames and their contributions could be backed by mirroring essential contributions on the homepage of the originators. I think this becomes important, when Wikis maturate to real-world value-generators. Currently Wikis (although populated by highly intelligent people) are on the level of kindergarten-cooperation, not yet sensibilized for economic value. -- FridemarPache.

If domains are visible, most of the Minus points disappear. So, there really isn't any serious opposition to Cliff's idea. By the way, it would be unfair to yell at Cliff for having admin on his own machine. Especially because he and he alone is responsible to himself, his internet provider and the community to keep it out of trouble. -- SunirShah

One idea I would like to discuss. Is anonymity ever good on a Wiki? I ask, as always providing the domain seeks to prevent anonymity. Although in reality it just makes it harder. I bet most Meatballers have access to multiple domains, and if one wished to get malicious could resort to something like anonymizer.com. I do know that there is valuable content added to WardsWiki by people using the UserName AnonymousDonor. Would preventing that behaviour be good? -- AnonymousDonor

There's no need to provide the privilege of anonymity. What do people have to say that they need fear retribution? That is a powerful tool to give people and should only be used if you need to protect your sources. Even pseudonymity isn't good because there's no reason to hide. -- SunirShah

I was thinking more along the lines of allowing people to work how they feel comfortable. There are some people that like being in the spotlight, and there are those that prefer to do the unseen things. Many people psoting on WardsWiki do not use UserName or sign their entries. I see nothing bad in that. I presume it just "fits" them better. Anyway, I would like to hear if any others have any ideas on the good and bad of being able to contribute anonymously.

As an example, check out RecentChanges on WardsWiki. Someone posting under AnonymousDonor added "Springer-Verlag have also published: Frank van der Linden (Ed.), "Development and Evolution of Software Architectures for Product Families", Lecture Notes in Computer Science 1429, Springer 1998. ISBN 3-540-64916-6." to Wiki:ProductLineApproach"". This addtion of content was certainly not malicious, added to the quality of content on WardsWiki, and was done by someone wishing to remain anonymous. What is the harm in that? Does preventing this ability help or hurt Wikis? -- AnonymousDonor

Well, what did anonymity buy the poster? Certainly no one would be retributive regarding a posting like that, so there's no real reason to be anonymous. In fact, the only time I've ever seen a need for anonymity is in an environment of RecordKeepers.

I'm not against anonymity when it serves to protect people. Indeed, once I get around to writing some ideas re: ViewPoint, you'll see that anonymity (and/or pseudonymity) will play a role. However, on a Wiki where everyone is supposed to be working together and not fighting each other, it's just pointless.

In the case you present, I submit the donor would have been content just to post without signing anything and not worry about his/her domain on RecentChanges. That's humble enough. Indeed, no one will consider that being in the spotlight.

In fact, there is no reason why they cannot post without signing entries and still leave their domains on RecentChanges. It hurts no one and works pretty well. Here PeerReview isn't of the person, but of the content, so people will just ignore the domain. -- SunirShah

I don't know. I guess I am still uneasy with this. You mention anonymity is OK if there is a reason. (Prove need before allowing "priviledge" of anonymity.) I would rather see it as allow anonymity unless it leads to problems not correctible by the community. I would rather give those who prefer to contribute anonymously that option. There are a few bad apples that would attempt to abuse the priviledge, but on WardsWiki, the community does a pretty effective job of shutting down abuses. I rather like allowing people to contribute in a way they find confortable, even if it is not perceived as comfortable or necessary for others. In any case, I don't see further exchanges between us adding much on this topic. Does anyone else have any thought on this? -- AnonymousDonor

I don't believe any of the minus points produce genuine damaging effects. It all seems pretty minor compared to the impact of signatures on the pages themselves. -- DaveHarris

CategoryIdentity

Edit this page | History