On Mon, Dec 30, 2013 at 7:34 PM, Chris Steipp csteipp@wikimedia.org wrote:
I was talking with Tom Lowenthal, who is a tor developer. He was trying to convince Tilman and I that IP's were just a form of collateral that we implicitly hold for anonymous editors. If they edit badly, we take away the right of that IP to edit, so they have to expend some effort to get a new one. Tor makes that impossible for us, so one of his ideas is that we shift to some other form of collateral-- an email address, mobile phone number, etc. Tilman wasn't convinced, but I think I'm mostly there.
This is a viable idea. Email addresses are a viable option considering they take just as much (if not a little bit more) effort to change over as IP addresses. We can take it even a step further and only allow email addresses from specific domains, i.e., we can restrict providers of so-called "throwaway emails". Probably won't accomplish too much, but in the end it's all just a means of making it more difficult for vandals. It will never be impossible.
We probably don't want to do that work in MediaWiki, but with OAuth, anyone can write an editing proxy that allows connections from Tor, ideally negotiates some kind of collateral (proof of work, bitcoin, whatever), and edits on behalf of the tor user. Individuals can still be held accountable (either blocked on wiki, or you can block them in your app), or if your app lets too many vandals in, we'll revoke your entire OAuth consumer key.
It is definitely outside of core scope, but is it within OAuth scope? If anything I think it would be some sort of separate extension that relies on OAuth, but is not actually part of OAuth itself.
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science