User:ST47/Having a dynamic IP address is not sockpuppetry

This is an essay. It contains the advice or opinions of one or more Wikipedia contributors. This page is not an encyclopedia article, nor is it one of Wikipedia's policies or guidelines, as it has not been thoroughly vetted by the community. Some essays represent widespread norms; others only represent minority viewpoints.

Occasionally, a report will be made to AN, AN/I, AIV, or SPI reporting that several IP addresses, which start with some of the same numbers, seem to be operated by the same person. Such reports invariably cite WP:SOCK in calling for the IP addresses to be blocked. However, in most cases, this is not a violation of sockpuppetry policy.

Static and dynamic IP addresses

Some IP addresses are static, meaning that the same internet connection will always have the same IP address. This is often used for businesses, as servers should generally have static IP addresses so that web browsers, email clients, etc. know where to find them. However, most residential and mobile customers have a dynamic IP address, meaning that the IP address for a certain internet connection can change. For residential connections, power cycling or replacing the modem can cause the ISP to assign a new IP address. However, it's also possible for the ISP to remember what address was previously assigned, and return the same IP back to the customer. Different ISPs and regions can handle this differently - for example, my home internet connection generally keeps the same IP address even through power outages, and it only changes once a year, at most. On the other hand, I know many people whose IP changes regularly without their computer or modem ever rebooting.

Mobile ISPs are a little bit different. Mobile devices can move between different towers and even between different carrier's networks, and as these connections are broken and remade, new IP addresses tend to be assigned much more frequently. This applies to phones as well as tables and mobile hotspots. What's more, most users will have no indication whatsoever that this is even happening.

Key point: The IP address that an anonymous user is editing from can change without that user's intention or knowledge.

Effects of IPv6

IPv6 is an update to IPv4. IPv4 used 32 bits for addresses, which looked like this: 192.168.1.1. Each of the four numbers is in the range of 0 to 255, so 4 numbers, 8 bits each, gives us addresses 32 bits long. IPv6 addresses use eight hexadecimal sections, each 4 characters long, like 2804:0431:CFDC:DE58:9CF2:F081:37A6:6572. Each digit is 4 bits, so each four-digit block is 16 bits, and the whole address takes up 128. Because of the larger address space, residential and commercial ISPs assign an entire range of IPs to a given customer, not just a single address. Typically, this is a /64, meaning that the first 64 bits of the address are set by the ISP, and the remaining bits are available to the customer (typically assigned automatically and randomly). 64 bits is 16 characters, or 4 of the four-digit blocks. So, the range corresponding to the IP address above is 2804:0431:CFDC:DE58:0000:0000:0000:0000/64. We simplify this as 2804:431:CFDC:DE58::/64. Any address starting with 2804:431:CFDC:DE58: is part of the range, and should be assumed to be the same customer.

You can type these ranges into Special:Contributions to view all edits from the range, just as you could with an individual address or user account.

Key point: For all intents and purposes, an IPv6 /64 should be treated as a single customer assignment, except for mobile ISPs.

Why it isn't sockpuppetry

So, we know that all dynamic IP addresses, including residential and mobile ISPs, can change without the user even being aware of a change happening. We know that this is especially true for mobile or IPv6 IP addresses. So, how can we apply this? Imagine that you notice IP addresses making a bunch of edits you disagree with, across a number of different pages on your watchlist. For example, let's say that they are updating articles with material that seems plausible (it isn't obvious vandalism), but they aren't citing a source. The IP addresses are all different, but they start with the same few characters. They're making the same type of edits, around the same time, to similar articles - they're obviously all the same person. Sockpuppet, right? Not necessarily.

From a purely logical standpoint, let's look at what this person is doing. They aren't familiar with Wikipedia policy or markup, so they don't realize that they're violating WP:V and WP:RS with each of their edits. They also don't know that their address is changing all the time, meaning that they never see the messages that we leave on their talk page. From this person's perspective, they aren't doing anything wrong. Their edits are not providing reliable sources, but they haven't received any message asking for them. They aren't making any effort to move between IP addresses to evade a block or escape scrutiny, either, it's just how their internet connection works.

From a policy standpoint, WP:SOCK states that it is improper to use multiple accounts to deceive or mislead other editors, disrupt discussions, distort consensus, avoid sanctions, evade blocks, or otherwise violate community standards and policies. They aren't clearly doing any of those things - their use of multiple IP addresses may be confusing, but it does not violate WP:SOCK unless the user is doing it to deceive or mislead - this person doesn't even know that they're doing it. It is often impossible for a person in this situation to avoid their IP address changing, even if they are aware that it is doing so. The only solution would be to require the user to create an account, which WMF policy does not support.

Key point: Moving between different IP addresses is not automatically a violation of WP:SOCK. It's just how the internet works.

We do have tools to address these issues. If you disagree with their edits, revert them with an explanation in your edit summary. Open a thread on the article talk page about the issue, and mention it in your article page edit summaries, to make sure the other editor is aware of it. If a user is persistently edit warring without discussion, and especially if they violate WP:3RR or are edit warring over a large number of articles, then bring the case to WP:ANEW. If a user is making problematic edits and is not responding to any attempts to reach them, you can report them to WP:ANI to request that the entire range be blocked with a block message explaining the problem, and asking the user to make an unblock request to discuss it further.

Of course, simple vandalism should be reported to WP:AIV - and if you report an IPv6 address to AIV, the template will automatically provide a link to the /64 range, to encourage the responding admin to consider a rangeblock per WP:/64. Don't report simple vandalism to WP:SPI or the Administrator's Noticeboards unless it is an especially complicated case - you'll usually get a faster response from AIV.

Sometimes they should be blocked anyway

What would this page be without a long list of exceptions? A user who is moving between multiple IP addresses can be violating WP:SOCK, that violation just isn't an automatic conclusion upon seeing someone making similar edits from multiple different IP addresses.

• Editing from open proxies, VPNs, colocation web hosts, or cloud service providers is not permitted. A user who actively uses those techniques (rather than passively using a dynamic IP) to evade blocks or escape scrutiny is violating WP:SOCK, and in any case, the open proxies or service provider IPs should be blocked. You can report proxy IPs to Wikipedia:WikiProject on open proxies/Requests, to WP:AIV if they are actively vandalizing, or to WP:SPI.
• Using public wi-fi hotspots is another way to change IPs. Use of public wi-fi isn't prohibited like open proxies are, but if a user appears to be using public wi-fi hotspots to evade blocks or escape scrutiny, you can report it to WP:SPI. The IP address's WHOIS information may be helpful to tell whether an IP is a public wi-fi or not. For example, this is the public wi-fi at a Home Depot, and this is a public library.
• If one of their IP addresses is blocked, then future edits during the duration of that block constitute block evasion. You can report this to WP:AIV for the fastest response, or perhaps to WP:ANI or WP:SPI. Make sure to link to the contributions page of the address that already is blocked, and to examples of that block being evaded by the other IPs.
  • In this case, WP:EVADE allows you to revert any edits made by alternate IP addresses in violation of the original block. Note that this is not retroactive - there is no special permission to revert edits that were made while no block was in place. However, if IP address 1 is blocked, and then IP address 2 starts making the same edits, you should report IP address 2 to WP:AIV for block evasion, and you may revert any edits made by IP address 2 while IP address 1 was blocked.
  • If you intend to claim the WP:3RR exemption for those reverts, make sure to note in your edit summary that you are reverting edits made by a sockpuppet of a blocked user. Otherwise, it may appear to an admin that you have violated 3RR.
• Since policies apply to individuals, not IP addresses, a user who uses four different IP addresses to make four reverts to the same article within a 24 hour period has violated WP:3RR, even if they weren't intentionally changing IPs to evade scrutiny. Report the range to WP:ANEW.