I still believe that Nymble is the way to go here. It is the only solution that successfully allows negotiation of a secure collateral that can still be blacklisted after abuse has occurred.
Although, as mentioned, it is all about the collateral. Making the user provide something that requires work to obtain. *-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science On Tue, Sep 30, 2014 at 3:40 PM, Risker <[email protected]> wrote: > Okay, so I have to ask. What is this obsession with enabling TOR editing? > > Stewards are having to routinely disable significant IP ranges because of > spamming/vandalism/obvious paid editing/etc through anonymizing proxies, > open proxies, and VPNs - so I'm not really seeing a positive advantage in > enabling an editing vector that would be as useful to block as the old AOL > IPs.[1] If the advocates of enabling TOR were all willing to come play > whack-a-mole - and keep doing it, day in and day out, for years - there > might be something to be said for it. But it would be a terrible waste of > a lot of talent, and I'm pretty sure none of you are all that interested in > devoting your volunteer time that way. > > We know what the "technical" solution would be here: to turn the > on/off switch to "on". Enabling TOR from a technical perspective is > simple. Don't forget, while you're at it, to address the unregistered > editing attribution conundrum that has always been the significant > secondary issue. > > I'd encourage all of you to focus on technical ways to prevent > abusive/inappropriate editing from all types of anonymizing edit platforms, > including VPNs, sites like Anonymouse, etc. TOR is but > one editing vector that is similarly problematic, and it would boggle the > minds of most users to discover that developers are more interested in > enabling another of these vectors rather than thinking about how to prevent > problems from the ones that are currently not systemically shut down. > > Risker/Anne > > > [1] Historical note - back in the day, AOL used to reassign IPs with every > new link accessed through the internet (i.e., new IP every time someone > went to a new Wikipedia page). It was impossible to block AOL vandals. > This resulted in most of the known AOL IP ranges being blocked, since there > was no other way to address the problem. > > > > On 30 September 2014 14:52, Brian Wolff <[email protected]> wrote: > > > On 9/30/14, Derric Atzrott <[email protected]> wrote: > > > Alright, this is a long email, and it acts to basically summarise all > of > > the > > > discussions that have already happened on this topic. I'll be posting > a > > > copy > > > of it to Mediawiki.org as well so that it will be easier to find out > > about > > > what has already been proposed in the future. > > > > > > There is a policy side to this, Meta has the "No open proxies" policy, > > which > > > would need to be changed, but I doubt that such policies will be > changed > > > unless those of us on this list can come up with a good way to allow > Tor > > > users > > > to edit. If we can come up with a way that solves most of the problems > > the > > > community has, then I think there is a good chance that this policy can > > be > > > changed. > > > > > > I'd like to add an idea I've been thinking about to make TOR more > > acceptable. > > > > A big part of the problem is that there are hundreds (thousands?) of > > exit nodes, so if someone is being bad, they just have to wait 5 > > minutes to get a new one, making it very hard to block them. > > > > So what we could do, is map all tor connections to appear (To MW) as > > if they are coming from a few private IP addresses. This way its easy > > to block temporarily (in case of a whole slew of vandalism comes in), > > the political decision on whether to block or not becomes a local > > problem (The best kind of solution to a problem is the type that makes > > it somebody else's problem ;) I would personally hope that admins > > would only give short term block to such an address during waves of > > vandalism, but ultimately it would be up to them. > > > > To be explicit, the potential idea is as follows: > > *User access via tor > > *MediaWiki sees its a tor request > > *Try to do limited browser fingerprinting, to perhaps mitigate the > > affect of an unclued user not using tor browser being bad ruining it > > for everyone. Say take a hash of the user-agent and various accept > > headers, and turn it into a number between 1 and 16. > > *Make MW think the IP is 172.16.0.<number from previous step> > > > > Then all the tor edits are all together, and easy to notice if > > somebody is abusing them, and easy for a local admin to block all at > > once if need be. > > > > This would also make most of the rate limiting apply against all > > people accessing via tor instead of doing rate limiting per exit node, > > which is probably a good thing, and would prevent repetitive abuse, > > people registering 10 billion accounts, etc. If we did this, we may > > also want to make pretty much every action trigger a captcha for those > > addresses (perhaps even if you are logged in from those addresses), > > instead of the current lax captcha triggering (On the bright side, our > > captchas are actually readable by people, unlike say cloudflare's > > (recaptcha) which I can't make heads or tails of). > > > > If there are further concerns about potential abuse, we could tag all > > edits coming from TOR (including if user is logged in) with an edit > > tag of "tor" (Although that might be in violation of privacy policy by > > exposing how a logged in user is accessing the site). > > > > Thoughts? Would this actually make TOR be acceptable to the Wikipedians? > > > > --bawolff > > > > _______________________________________________ > > Wikitech-l mailing list > > [email protected] > > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
