AccountlessUserIdentification is related to IpEditing. The relation is, that AccountlessUserIdentification relies on and required IP-editing, and a system that supports accounts may also support IP-editing. Example: WikiIndex supports both, encourages RealName''''''s for accounts and protects only few hight-importance pages from IP-editing. * Wards Wiki does not support accounts in general and reserves very few pages for editing by the admin(s). * A system that would allow accountless user identification to the max would be so vulnerable, that EveryIdiot on the net could behave like SuperUser on dope and delete the whole system. ---- A solution to the required login for EditsRequireKarma and WikiNeedsTrustMetrics. I don't think that a login or account is required to make trust metrics work. A three-level procedure for assigning trust to parties would accommodate passers-by and temporary users as well as regulars: * One-time visitors would be identified by their IP address, which wouldn't even require cookies. * If cookies are enabled, a unique cookie ID would suffice to identify a person further. This is enough to handle temporary users and may suffice for many regulars who don't hop browsers and/or pcs. If a cookie is created, it is granted the karma of the current IP, allowing smooth transition. * If a regular user does want to hop browsers or conserve his karma to prevent cookie-timeout or loss, he can create a real account. In this case, the karma is transferred from cookie to account. In each case, the server keeps track of how much trust/karma is awarded each party. Of course, passers-by are grouped by IP and IPs may change, but this behaviour is acceptable for a one-time visitor. -- GunnarZarncke Counterpoints: * If only IP addresses are used, it would be easy to abuse by people with dialup, or with some other way to change addresses. ** This depends on the TrustMetric or karma granted to previously unused IP addresses. * If cookies are used, it would be easy to abuse also. A vandal or spammer can just change his cookie so that it identifies him as some prominent author. ** Hijacking is not that easy. Unlike the cookies used today, these cookies would just contain a random number. The hijacker would have to guess the prominent author's number. ''PersonalWatchListImplementation has a section along these same lines, but argues for a cookies-only approach.'' Thanks, I didn't know that page. I think, I will refactor that to refer to this page. ''I don't think the system proposed on this page is superior. This page uses IP addresses, cookies, and user accounts to accomplish the same thing as PersonalWatchListImplementation achieves with just cookies.'' It ''is'' superior in its simplicity, yes. But what do you do if the visitor has disabled cookies? May he edit nothing? And the proposed solution for transferring the cookie is also sub-optimal being only for experienced cookie-users. But I won't dispute that one might improve them enough to avoid accounts altogether. -- .gz ''In PersonalWatchList, it's not a big deal if the user has cookies disabled - he can still edit pages, just not update his watch list.'' Of course. ''If I may interject, it is well known that some users post from the same IP address. And other users post from two IP addresses. The solution will work only for users who are willing to cooperate, which is SoftSecurity, which will not do much to alleviate the problems with SoftSecurity failures.'' There is some value in trying to accommodate people who have cookies disabled, but I don't think we should be bending over backwards for them. Anyone who has cookies normally disabled is well aware of the limitations they are placing on themself. If a cookie is lost in PersonalWatchList, the user is inconvenienced due to his own choice, but the system is not compromised. In EditsRequireKarma, it's not clear if the system would be compromised. Suppose I "log in" with a cookie, do something bad that will lower my karma, and then delete my cookies and rinse and repeat. The only way to stop that is to have something stronger than cookies, or start new accounts with such a small amount of karma that they can't even post. But then there would need to be a way for them to grow karma without posting. * One should always be clear about that there is no totally accountless system. There is always a SuperUser who sets up the system and configures it. the so called accountless system just erases the hierarchy between IP-editor and common user account. --ManorainjanHolzapfel ---- See also: * EditsRequireKarma * WikiNeedsTrustMetrics ---- CategoryWikiConcept