On Tue, Mar 10, 2015 at 10:39 AM, Risker risker.wp@gmail.com wrote:
A few questions on this:
- So, this would result in the creation of a new account, correct? If
so, most of the security is lost by the enwiki policy of requiring linking to one's other accounts, and if the user edited in the same topic area as their other account, they're likely to be blocked for socking. (This is a social limitation on the idea, not a technical one.)
Registering a pseudonym through this process implies that you are an existing editor (we could even limit the process to only one pseudonym per existing account, so you know there's a 1-1 mapping), just not linking to which one you are. Do you think enwiki be open to considering that?
- Why would we permit more than one account?
I was originally thinking that if something happened (forgotten password, etc.), you could start over. But not a hard requirement.
- It's not usually experienced editors who seem to have an issue on
English projects; most of the huffing and puffing about Tor seems to come from people who are not currently registered/experienced editors, so the primary "market" is a group of people who wouldn't meet the proposed criteria.
There may not be enough intersection between users who we have some trust in and those who want to edit via Tor. I'm hopeful that we can define "established" to be some group that is large enough that it will include productive editors who also should use Tor, but small enough to preclude spammers. I'm assuming if we start with some guideline, then we can adjust up (if there's too much spam) or down (if there aren't enough users) depending on the results.
- On reading this over carefully, it sounds as though you're proposing
what is essentially a highly technical IPBE process in which there is even less control than the project has now, particularly in the ability to address socking and POV/COI editing. Am I missing something?
In a way it is, but there are couple advantages over IPBE as I see it: * Neither the WMF nor checkusers can correlate the identities, whereas with IPBE, it's possible that a checkuser can still see the IP that created the account requesting the IPBE. This is less control, but also less risk if the wmf/checkuser is coerced into revealing that information. * Hopefully it will be a less manual process, since the only manual (which could be automated if the right heuristics were found) step is confirming that the requesting user is "established". There's no further rights that have to be granted and maintained.
It also give slightly more control in that: * We're not giving out the IPBE right * The whole system can be blocked (hopefully temporarily) with a single block or revoking the OAuth key, if there is ever a sudden flood of spam
Admittedly, we could do all of this (except making the identities unlinkable) by having an edit-via-tor right that is different from IPBE, but the unlikability I think is important for our users.
Risker/Anne
On 10 March 2015 at 13:16, Giuseppe Lavagetto glavagetto@wikimedia.org wrote:
Hi Chris,
I like the idea in general, in particular the fact that only "established" editors can ask for the tokens. What I don't get is why this proxy should be run by someone that is not the WMF, given - I guess - it would be exposed as a TOR hidden service, which will mask effectively the user IP from us, and will secure his communication from snooping by exit node managers, and so on.
I guess the righteously traffic on such a proxy would be so low (as getting a token is /not/ going to be automated/immediate even for logged in users) that it could work without using up a lot of resources.
Cheers,
Giuseppe
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l