On 11 March 2015 at 05:23, Gergo Tisza gtisza@wikimedia.org wrote:
On Tue, Mar 10, 2015 at 5:40 PM, Chris Steipp csteipp@wikimedia.org wrote:
I'm actually envisioning that the user would edit through the third
party's
proxy (via OAuth, linked to the new, "Special Account"), so no special permissions are needed by the "Special Account", and a standard block on that username can prevent them from editing. Additionally, revoking the OAuth token of the proxy itself would stop all editing by this process,
so
there's a quick way to "pull the plug" if it looks like the edits are predominantly unproductive.
I'm probably missing the point here but how is this better than a plain edit proxy, available as a Tor hidden service, which a 3rd party can set up at any time without the need to coordinate with us (apart from getting an OAuth key)? Since the user connects to them via Tor, they would not learn any private information; they could be authorized to edit via normal OAuth web flow (that is not blocked from a Tor IP); the edit would seemingly come from the IP address of the proxy so it would not be subject to Tor blocking. _______________________________________________
Those kinds of services are probably already range blocked or are likely to be range blocked, because they're one of the main vectors through which we get spam particularly, and abusive harassment-type vandalism secondarily. The user would still need IPBE or similar permissions to edit through that service.
Risker/Anne