On Mon, Dec 30, 2013 at 7:34 PM, Chris Steipp <cste...@wikimedia.org> wrote:
> I was talking with Tom Lowenthal, who is a tor developer. He was trying to > convince Tilman and I that IP's were just a form of collateral that we > implicitly hold for anonymous editors. If they edit badly, we take away the > right of that IP to edit, so they have to expend some effort to get a new > one. Tor makes that impossible for us, so one of his ideas is that we shift > to some other form of collateral-- an email address, mobile phone number, > etc. Tilman wasn't convinced, but I think I'm mostly there. > This is a viable idea. Email addresses are a viable option considering they take just as much (if not a little bit more) effort to change over as IP addresses. We can take it even a step further and only allow email addresses from specific domains, i.e., we can restrict providers of so-called "throwaway emails". Probably won't accomplish too much, but in the end it's all just a means of making it more difficult for vandals. It will never be impossible. > We probably don't want to do that work in MediaWiki, but with OAuth, anyone > can write an editing proxy that allows connections from Tor, ideally > negotiates some kind of collateral (proof of work, bitcoin, whatever), and > edits on behalf of the tor user. Individuals can still be held accountable > (either blocked on wiki, or you can block them in your app), or if your app > lets too many vandals in, we'll revoke your entire OAuth consumer key. > It is definitely outside of core scope, but is it within OAuth scope? If anything I think it would be some sort of separate extension that relies on OAuth, but is not actually part of OAuth itself. *-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l