I think privacy security flaw in isketch. Because all players can learning easily another player ip address with /IP command. Personal information, including someone's exact location, can be gathered from someone's IP address. This increases vulnerability to various security and privacy risks such as hacking and nuking.

IP command must removed. When this removed, another problems will be come. Example it is hard to following in game.

My suggestion : Maybe game system generate (from ip) another number instead. Isketch does not include originating ip whatever the consequences.

I thought you could only get a location from the IP address. I didn't think it would be as extensive as getting other information. I highly doubt iSketch will pass on our personal information if they did have access to it.
Plus, it also helps with their blocking and banning, as it can be pinpointed to one location.

Yes I think there is a potential privacy problem with the public availability of players' IP addresses on iSketch, even though it is useful in policing the site. Generating a different identification number is one solution, or enforcing registrations so you would only need to report a player's username if they were being troublesome. But hmmmm.... registrations.... :eek:

Registrations have always been a dodgy subject to talk about.
Why not ask feedback (info@isketch.net) for a response?
Ultimately, they are the ones who decide this sort of thing.

I didn't think it would be as extensive as getting other information. I highly doubt iSketch will pass on our personal information if they did have access to it.
Plus, it also helps with their blocking and banning, as it can be pinpointed to one location.

He means that he doesn't think it's good for players to know other players IPs.

He means that he doesn't think it's good for players to know other players IPs.

Ah, well in that case then I would agree with your suggestion eXy on encoding IP addresses for players, whereas admins will still have this information and be able to decode it.

I'm pretty sure that anyone wanting to do any harm using an IP could manage to decode any number that is issued based on an IP. Especially since you can find out your own ip and your own 'code' - and could experiment with other IPs too.

There's no point changing it to something else, if they are going to get rid of it they should just make the ip command an admin-exclusive command.

Surely, Real ips helps with their blocking and banning. But only iSketch must know this. All systems know our informations already. I dont have privacy policy problem with owner or admins of iSketch.

I want to saying players know and use generated number. Ex: a player has ip 69.89.27.227 and system generate 616.JJK.123 When you sometimes run into some rude players, you follow with this.

...they should just make the ip command an admin-exclusive command.

Without the IP facility if there was any trouble amongst iSketch players, the perpetrator won't be found as easily as using an IP. An admin member would have to be there to witness any rule-breaking or unacceptable behaviour.

I'm pretty sure that anyone wanting to do any harm using an IP could manage to decode any number that is issued based on an IP.

Yes, I agree. Maybe this new IP encoding could be based on something else?

This is a difficult discussion but I think you should still ask feedback (info@isketch.net) for their response, eXy.

iSketch is no different, to any other website, in that the IP information of where a web user is coming from is readily available to the web site owner.

iSketch is different in that it allows other web users to see other web users IP's.

But an IP doesn't give away your exact location, it gives away, at most, the Country and ISP's Location from which the IP has been assigned from.

So a Unique (nonDynamic) IP, would function in exactly the same way as a Unique registration... ie it would help identify 'you' as 'you', so there is no particular safety increase, as an IP doesn't give anymore information out about yourself.

Your IP is freely given out whenever you use the Web, it's on all the emails you send for example...

Far more damaging to your privacy is what you type anywhere on the web, which isn't protected from search engines (Google etc)... eg anything on this website, social websites (Facebook/MySpace) etc - any website where you haven't set or can't set your own privacy settings.

So basically, always be cautious and know whether what your typing is going to be 'searchable' on the internet...

Without the IP facility if there was any trouble amongst iSketch players, the perpetrator won't be found as easily as using an IP. An admin member would have to be there to witness any rule-breaking or unacceptable behaviour.

I already think it's stupid that people view screenshots with IPs as 100% correct - because as discussed in another thread, they're the easiest thing in the world to fake anyway.

Trouble among players is dealt with in most cases perfectly well with the voting system - nobody needs to send an email to feedback saying "Mr_Player with ip address ........ did this naughty thing, here is a picture of it".

In the vast majority of cases, players do not need the ip command to achieve anything.

It's a problem, but what can we do? It's not like Rob's going to change anything because we said so.

EDIT: besides, although screenshots are not perfect, they're still useful to feedback as a reference to look at a certain player for potential problems. I mean, it's not like isketch gets a report of abuse and immediately and blindly just bans people, that's not the way it works.

Where iSketch differs from other sites which take your IP is that obviously, it's available to non-administrators and no, that function is not always used in the best way. People can use it to follow you around, or find you when you're just trying to have a quiet game. It does take a bit of effort though and I can't help but think it's something most PITAs wouldn't be bothered with. However, it probably still remains the best way to track a trouble-maker.

Screen caps with attached IPs are still useful to feedback though, it's up to them to judge if the thing you're telling them about needs action. Most people banned from iSketch are persistent rule-breakers anyway and the admin are aware of them. A screen shot from you might support what an admin already has gathered, so don't stop sending them in.

iSketch is primarily self-policed. That's why we can see the IPs, vote to kick etc... I'm happy to have my IP shown on iSketch if it means I can see others' IPs in case of rule violation or other misconduct.

Yes, there are those who will abuse this function, but a few numpties shouldn't take away the ability of players to report actions by others which concern them.

I do think that the log on screen should make players aware that their IP can be viewed by others though. Without this, iSketch gives away information without making the user aware of it which is a little irresponsible.

Interesting discussion.

I don't think there is any issue with players knowing your IP and it certainly doesn't affect someone's privacy anymore than, for example, posting on a forum (as JASR clarified). Furthermore, 2.0 has a very valid point here - IP's do help in cases of abuse and determining factual evidence rather than hearsay.

I must admit, before I understood how much information could be gathered from an IP address - I was a little unnerved thinking that my home address could be located etc. I am since more educated and know that this is not the case at all.

The best method of hiding IP's is encrypting/hashing the IP in a way which cannot be reversed, and then have either a log of all IP's that used iSketch and what they encrypted/hashed as, to work out what they are, and/or additionally have a command for Admin's to see a users real IP on iSketch itself (for example make /ip <user> show the real IP and cloaked IP to Admin's, and only show the cloaked IP to users)

I will say that users do feel a lot more comfortable with their IP's hidden.

This is basically the method IRC networks (such as my own IRC network) use, where the users real host and IP are cloaked in a way that prevents reversing the cloaking process. And then IRC operators (like iSketch Admins) can additionally see the real host/ip too)

For example the following is a /whois of an IRC user as an IRC operator (Admin) sees it:
-!- Eboj [~Jobe@CIRC-37DBB308.lan.local]
-!- ircname : Jobe
-!- server : alpha.invictachat.net [Invicta Chat (Alpha)]
-!- hostname : ~Jobe@jobe.lan.local 192.168.1.14
-!- : is connected via SSL
-!- idle : 0 days 0 hours 0 mins 4 secs [signon: Tue Dec 16 16:58:43 2008]
-!- End of WHOIS

And then the following is as a regular user sees it:
-!- Eboj [~Jobe@CIRC-37DBB308.lan.local]
-!- ircname : Jobe
-!- server : *.collectiveirc.net [Yeah Baby!!]
-!- : is connected via SSL
-!- idle : 0 days 0 hours 0 mins 9 secs [signon: Tue Dec 16 17:00:00 2008]
-!- End of WHOIS

So to be honest, if iSketch implemented some form of IP cloaking, I would like to see it as something similar to what a lot of IRC networks do for IP cloaking.

Otherwise, I'm really not all that bothered about my IP being known.

So far i have not been able to tell much more from an IP address other than the country the owner is from and the ISP the IP is from. So, unless we're tracking someone from Sealand (http://en.wikipedia.org/wiki/Principality_of_Sealand), we're not going to get lucky with anyone given that any ISP in any country has thousands if not hundreds of thousands of users. And if lots use dynamic IPs because it's dsl or something else, it's kinda pointless stalking someone that way.

Now the point that a person stalking you on isketch using your IP is very valid, especially if the stalked is a creature of habit, always playing the same rooms with the same people.

Oh forgot to mention, there's too the issue that if the IP tracks to a specific company, a malicious report made to the company about an IP can cause a great deal of damage to the employee(s) found using that IP.

I agree that there is a privacy issue here, but I think that, it should still be displayed, but the first or last octet should be masked. So 192.168.0.1 would be 192.168.0.***

This way we could still fight muppets who keep leaving the room and coming back in as another name to annoy us!

very easy. remove ip, and add membership.

By the word "membership", I guess you mean iSketch registrations.

These registrations have been a topic of much debate. There are both pros and cons for making registrations available to all iSketch users and I feel that this (http://www.isketchforum.net/registrations-using-domain-t2677.html) thread is related, and may be useful for you to read.

Even from lurking I've seen registration is a can of worms.
I think that yes, this is a good idea, but less and less people are using static IPs now so it might not work as well as it would seem in practice.

Even from lurking I've seen registration is a can of worms.
I think that yes, this is a good idea, but less and less people are using static IPs now so it might not work as well as it would seem in practice.

Do you mean can of worms in the debate respect? Or do you think there are negative aspects to registration? If you do, what were you thinking could be the down side?

Registrations arent by your ip number anyways. My registration is for my name only and follows me wherever I go. It's only so no one can use that name. It's basically a waste of time because even if someone registers, they can still go into isketch and use a different name. That's why I like using /ip to see who I'm really talking to/sketching with & for the frequent namechanges and tracking muppets that ZeBadger talks about.
My /ip comes up 3 cities below me so it's not really my address let alone my city. But if you want my 5 flatscreen tvs or all my electronic equipment, the doors always open. Just come in and get them. Nothing is that important. LOL

Personal information, including someone's exact location, can be gathered from someone's IP address.

Lol, only illegally by hacking the ISP. You'd have to seriously offend someone to make them want to obtain your location through some criminal gang that has an amazing hacker or ISP-insider. As JASR rightly pointed out every website you visit can log your I.P. so there's just as much risk browing the web. Another valid point of his is privacy regarding social networking sites. If you can get a few details about a person, i.e. first name, age, town it's often just a matter of using some clever google search string to find out their surname and then looking up their address in the phonebook.

Lol @ Sealand 2.0.

Hello

Unfortunately more serious problems could occur.

Imagine a depraved/perverted* adult, and how it could be so easy for him to look for and to find a prey located in his city or nearby, among the little boys or little girls (or young credulous/unsuspecting* adults too) connected to iSktech.

He just has to be patient enough. And probably less patient if he lives in country smaller than USA. I let you imagine what could happen... This frightens me... for my own children and for those from other parents.

So, I don't know which way the IP problem could be solved, but what I'm sure that it must be solved.
Don't forget that iSketch is a place where adults and children can speak together.

Maybe someone will reply that iSketch isn't the only website concerned... Then well, first, I will reply that I don't know many other sites where you can get so easily a user's IP (in fact I don't know any other one). And second, I will say that it's not because there's fire at your neighbour's that you won't make your best to put out the fire that is burning at your home.

I'm impatient to know your point of view. And more impatient to know that those really serious kind of problems will be avoided.

Berne

*Sorry if I don't use the right terms, I'm not very clever in English language !

For information about the 'unsafe' uses of an IP see previous post (http://www.isketchforum.net/showpost.php?p=154459&postcount=10)

Regarding Kids/Adults on the same site, iSketch IS exactly the same as almost all of the web.

If kid(s) are browsing the internet without knowing what might be out there (ie not everyone is 'good'), and without their families support/guidance/oversight, and also without the knowledge of what to do about it (ie ignore/report)... they really shouldn't be on the internet. :rolleyes:

Adults need to take responsibility for their kids actions/understanding/behaviour/online activity, it is not for a website to do that.

1st lesson on the internet for kids: don't give out, or publish personal information to anyone

I agree with you about parents responsabilities.

But as you said :
iSketch is different in that it allows other web users to see other web users IP's.So iSketch make things easier for bad guys.


But I don't see where is the usefulness of the /IP command available for every user ?

Why couldn't it be disabled ?

I think it's there to help us, if anything. For example, if there was some serious abuse, racism, voting abuse, etc, we could take screenshots and with the IP address (which is important). That way feedback/admins are able to deal with the person. i.e. to block/ban them, if and when necessary.

Not only that, but it's particularly useful when you've been on iSketch and know a lot of regulars and have many friends. "Imposters" lurk around a lot, and therefore, checking the IP quickly to make sure it's your friend before chatting to them, is also handy.

So yeah, there are a few positive reasons for having the /ip command :) I'm definitely more for it than against it, because I've used/needed it in a few positive ways in the past.

Isn't the IP command a bit outdated now anyway? I can still see how it has it's uses and it would have worked better way back at the beginning of 'der internets', when static IPs where the norm but most users have a dynamic IPs now, so it's probably difficult to ban on this basis without banning someone (or everyone) from that IP range. Of course the banning system doesn't quite work that way... but it has done and it has happened. Can't help but think there's an easier way...

/me avoids bringing up the R word again....

Also, I'll repeat again that iSketch should make it clear that your IP address is being shown to other players before you enter the game. That way, you have the choice of displaying your IP or not. With the current system you have no choice unless you're iSketch savvy.

Also, I'll repeat again that iSketch should make it clear that your IP address is being shown to other players before you enter the game. That way, you have the choice of displaying your IP or not. With the current system you have no choice unless you're iSketch savvy.

To be honest, I feel it is not up to iSketch to educate users in some of the finer points of the internet. However out of good will it would be nice to see.

My reasoning being that a lot of websites you can go on have stats counters that produce a log of all IP's which have visited a site, and can then easily be found for that site. TO see examples, just do a google search for your own IP.

To be honest, I feel it is not up to iSketch to educate users in some of the finer points of the internet. However out of good will it would be nice to see.

My reasoning being that a lot of websites you can go on have stats counters that produce a log of all IP's which have visited a site, and can then easily be found for that site. TO see examples, just do a google search for your own IP.

That's true, I hadn't thought of it that way. My IP is dynamic so there will be plenty from my range. However, there's something different about someone who has the capability to get the stat counter code and enter it having my IP and that divvy called 'I_kill_kittens' who merely types IP because his homey told him about it 'lyk'. lol

As somebody with a static IP I would welcome the removal of the /ip command from anybody but Admin, who need access to it. I've had it used to stalk me and doubtless others have suffered the same way.

Whilst it's true statcounters and the like record visiting IP addresses, these are generally only visible to the site owner and not anybody who cares to type /ip even if they're clinically insane. I think, given that children frequent iSketch (and we can't ignore they do, much as we try), that access to such information should be restricted.

Yes, parents have a responsibility to monitor and protect their sprogs online, so do we in much the same way as if we saw a child open to danger in 'real life' we would hopefully not ignore that danger. How many are even aware their IP is visible? There's no warning it will be so anybody, child or not, may be ignorant of the fact until it's too late.

Why do people have to have access to others' IP address anyway? If it's so that we can verify the person is who they say they are then surely the best solution would be, dare I mention the word, registrations? That way Rob could remove this contentious command and we can tell who is who by their nickname. Seems fairly obvious to me :razz:

I think this whole IP issue sort of hinges on the fact that we are allowed to see IPs. If we had never been able to see IPs, no one would be complaining about how it can be abused, or even how useful it is, for that matter. I think being able to see IPs should be seen as a privilege and not a right, and if it's taken away, then I wouldn't complain (too loudly) of what a great feature it was, and how much worse the game has become because I can't access such information anymore.

On the point of tracking stalkers and avoiding people you don't want to play with, well, if the stalker/annoying person/PITA is being passive, it doesn't hurt me, and if I'm worried about what info they might collect about me, then I'd just stick to the general rule of *not* saying anything I don't want everyone to know, in public chat. About sending screenshots to feedback of players abusing votes/being racist, etc, I would just move to a different room/vote to boot/notify an admin if they are on. iSketch is just a game after all (I can't remind myself enough times of this fact), and I shouldn't let such things get to me to the point where it ruins my day. I have enough real life problems without taking on virtual ones as well. And there are always UCR rooms :) which is definitely heaven-sent as far as privacy and ensuring a peaceful game are concerened. As a disclaimer, yes I know some of you have been really affected by stalkers and what not, but to be completely frank, I think those problems can be sorted out/ignored/whatever without bringing IPs/registrations into it.

On the topic of registrations: I don't really think that the removal of the IP command needs to be substituted with registrations either. If it's just about tracking people, then anyone who wanted to abuse the system could do it even when there are registrations so that doesn't really solve the problem in one go. And yes, I know most PITAs aren't very technologically advanced and this would stump them, but the point remains that the worst/more serious ones probably are quite tech-savvy, so this does not eradicate everything. I'm sure if we had had registrations, then they were taken away for some reason, people would have become so dependent on them, they would have been unable to imagine playing iSketch without them.

In summary, I guess it's sometimes a case of not missing what you don't have, so it's almost too bad that IPs were made available to all players in the first place.

/me gets off the soap box

I, personally, would love for the IP command to be removed. I've always felt uncomfortable with it. :sad: