Seems like all it would take to solve this dilemma is an encrypted proxy that delivers the decryption code(s) to the WMF developers. So the editor gets privacy from User:JoeSchmoe but Wikipedians with a certain level of permissions could determine the point of origin.
Logging in does exactly that. It hides your IP address from anyone without the checkuser bit.
Something like that would come in very handy for the editors from mainland China, and a couple of smaller countries that firewall access.
That's not a matter of hiding your identity, it's a matter of hiding the identity of the site you are viewing. Anonymous proxies/TOR do both, but they are different things.