On Thu, Dec 27, 2012 at 7:26 PM, Sumana Harihareswara sumanah@wikimedia.org wrote:
- Look at Nymble - http://freehaven.net/anonbib/#oakland11-formalizing
and http://cgi.soic.indiana.edu/~kapadia/nymble/overview.php . It would allow Wikimedia to distance itself from knowing people's identities, but still allow admins to revoke permissions if people acted up. The user shows a real identity, gets a token, and exchanges that token over tor for an account. If the user abuses the site, Wikimedia site admins can blacklist the user without ever being able to learn who they were or what other edits they did. More: https://cs.uwaterloo.ca/~iang/ Ian Golberg's, Nick Hopper's, and Apu Kapadia's groups are all working on Nymble or its derivatives. It's not ready for production yet, I bet, but if someone wanted a Big Project....
A few things strike me there:
1: Is there one central PM and NM, or can there be multiple competing PM and NM providers? If the latter, there's no indication of how easy it is to set up a PM or NM. If the vandal can set up their own PM or NM, they can easily pretend to be an entirely new person for each edit, rendering the whole thing pointless.
2: It looks like Nymble allows us to block the person, but only for a short period of time (less than one day by default) at the discretion of the NM, since the "linking token" only works within one "linkability window".
3: The inability to see what other edits the user did before being blocked may also be a sticking point, as one of the first things many do when reverting vandalism is to check Special:Contributions to see if the user vandalized anything else at the same time.