The IP that edited my talk page yields the following reverse DNS information:
- 68-171-231-18.rdns.blackberry.net – Research In Motion Limited – Waterloo, ON
A few hours earlier a message was left on Hipocrite’s talk page. The IP that left that message yields the following reverse DNS information:
- 206-53-147-166.rdns.blackberry.net – Research In Motion Limited, Waterloo, ON
A coincidence? I doubt it. These were the same person, identity unknown. These do not appear to be open proxies as far as I can tell. Nothing in the reverse DNS names would indicate a TOR exit node, but then again there is no requirement that TOR exit nodes self-identify as such.
So, on the one hand it is entirely possible that these edits were made by someone who simply has access to the Research in Motion Limited network.
On the other hand I have already pointed out the stupid and clumsy way TOR exit nodes have been used recently (i.e. by using nodes that self identify as being TOR nodes in their reverse DNS data), so it is by no means surprising that the person who had made that error would now be more careful in the selection of which nodes to edit from.
Notice that the nodes we are examining today, like the TOR nodes identified earlier, all geolocate to Ontario, Canada. This is reasonably good evidence that while these nodes don’t self-identify as being TOR nodes they may still be part of a TOR network that is being hosted in Ontario, Canada.
Someone is likely using a TOR network and for whatever reason they are selecting nodes which originate from Ontario, Canada. This by no means suggests that the individual or individuals in question actually reside or have any real affiliation with Ontario, they could be anywhere in the world.
Personally I find Hipocrite’s response to the message left on his talk page to be quite enlightening under the current circumstances, but YMMV. I’m suspecting a rather transparent attempt at obfuscation. Remember, this was left by an IP that is likely a TOR exit and the same person that left the message on my user page a few hours later.
Note to you check users out there: Any existing Wikipedia accounts which have been using IPs that directly or indirectly suggest they are part of a TOR network being hosted in Ontario, Canada are prime candidates for being the perpetrators behind these IP socks.
Special thanks goes out to ChrisO for looking after my talk page in this case.