Wikivoyage talk:IP block exemption

IP block exemptions
According to IP block exempt, administrators get this right, making it redundant in administrators. At least two users, including User:AndreCarrotflower, have administrator rights already and therefore do not need the IP block exemption. --Comment by Selfie City  ( talk  |  contributions ) 15:14, 23 July 2019 (UTC)


 * You can always see the sub-rights for this wiki specifically (different wikis can have different configurations) at Special:ListGroupRights.
 * My impression is that having "redundant" rights isn't really important. WhatamIdoing (talk) 17:36, 23 July 2019 (UTC)
 * Redundant rights are usually immaterial and sometimes helpful. Say Andre resigns his administratorship. Now the bureaucrat who flips off the admin bit doesn't need to remember that Andre also needs an IP block exemption. Powers (talk) 13:20, 24 July 2019 (UTC)


 * (AndreCarrotflower is a bureaucrat.) Probably right. --Comment by Selfie City  ( talk  |  contributions ) 15:42, 24 July 2019 (UTC)

Apple's iOS 15 IP hiding tool
Finally got around to reading this week's tech news, and: "iOS 15 has a new function called Private Relay (Apple website). This can hide the user's IP when they use Safari browser. This is like using a VPN in that we see another IP address instead. It is opt-in and only for those who pay extra for iCloud. It will come to Safari users on OSX later. There is a technical discussion about what this means for the Wikimedia wikis."

There's a full discussion at T289795, but in short, this tool will essentially, with this tool, instead of using your own IP address, where instead of the actual IP address used, it will instead be an IP used on Apple's servers.

Given this, I'm presuming we're going to have to treat Apple IPs similar to how we treat VPNs and Open Proxies, and block them, and give users who have a genuine need to use this IP hiding tool IPBE just like VPNs.

There is already a discussion on the English Wikipedia and the Phricator about this. No harm in planning on what we should do about this, but it would be good to start to plan on our open proxies policy. SHB2000 (talk | contribs | meta.wikimedia) 13:11, 2 October 2021 (UTC)


 * Is Apple providing privacy or is this a Trojan horse allowing Apple to spy on premium customers? Anyway, if we block the IP addresses concerned, we will be blocking those who use iCloud+ and Safari, the default browser on Apple smartphones. The WMF techs assume about 30% of Safari users will be affected, if trying to edit without logging in. Percentage of Safari edits among the anonymous edits vary from 0 to 50% between languages (on Wikipedia).


 * People won't know the consequences of enabling the service, so many will do it out of pure naïvety, and won't be able to disable it for editing Wikivoyage. At the moment, there is no specific message, so they won't know they are blocked because of iCloud+. The block affects also logged-in editors, as proxies are usually blocked with such settings.


 * –̃LPfi (talk)


 * Judging from LPfi's comment, it sounds like we shouldn't do those blocks. This explains why some of the recent IP range blocks have affected me only on Windows devices. --Comment by Selfie City  ( talk  |  contributions ) 15:51, 2 October 2021 (UTC)
 * I think proxy blocking is done centrally. The WMF technical folks are thinking hard about how this could be handled. –LPfi (talk) 16:03, 2 October 2021 (UTC)
 * Oh, okay. Good to know they're aware of things such as this. --Comment by Selfie City  ( talk  |  contributions ) 16:13, 2 October 2021 (UTC)
 * @Jon Kolbert put global blocks on (nearly?) all of these IP addresses at the end of August. People hit by these blocks are not able to create an account, which will cost us some new registered editors in addition to good-faith edits.  The linked FAQ page at m:WikiProject on open proxies/Help:blocked provides no advice to existing registered editors affected by this.  In this particular situation, your options are:
 * Turn off Apple's privacy features (seems like a bad idea, and against the movement's values?)
 * Switch to another web browser (I hear that others are planning to do similar things in the next year or so, though, so this isn't a long-term solution)
 * Request the "IPBE" userright at m:Global permissions#Requests for global IP block exemption
 * If you use Safari regularly (especially if you know that you/your network is a paying iCloud+ subscriber), it might not be a bad idea to request IPBE now. This is currently affecting some mobile editors, and it will start affecting some desktop users in a couple of weeks.
 * I'm not entirely sure that these should have been blocked. They're not really open proxies ("a proxy that anyone can use freely" – when you have to pay for the service, it's a closed proxy, not an open one).  I suspect that this was blocked because it's like a large VPN. WhatamIdoing (talk) 16:23, 2 October 2021 (UTC)
 * There's a couple of other stewards who've been putting g blocks on these IP addresses as well, but yeah, mostly Jon Kolbert. SHB2000 (talk | contribs | meta.wikimedia) 23:20, 2 October 2021 (UTC)
 * @LPFi, if it's a regular VPN and not some deeper hack inside Safari, they can't spy too much - since most of the traffic nowadays is encrypted by https. They will just see you are going to wv, YouTube or whatever, but not any details.... -- andree 05:47, 3 October 2021 (UTC)
 * It is not a regular VPN, but anyway, seeing where you go tells plenty, if you go to places like greenpeace.org, whiteforce.example, havingakid.example or findajob.example. –LPfi (talk) 08:03, 3 October 2021 (UTC)