On Thu, Dec 27, 2012 at 7:26 PM, Sumana Harihareswara
<sumanah(a)wikimedia.org> wrote:
3) Look at Nymble -
http://freehaven.net/anonbib/#oakland11-formalizing
and
http://cgi.soic.indiana.edu/~kapadia/nymble/overview.php . It would
allow Wikimedia to distance itself from knowing people's identities, but
still allow admins to revoke permissions if people acted up. The user
shows a real identity, gets a token, and exchanges that token over tor
for an account. If the user abuses the site, Wikimedia site admins can
blacklist the user without ever being able to learn who they were or
what other edits they did. More:
https://cs.uwaterloo.ca/~iang/ Ian
Golberg's, Nick Hopper's, and Apu Kapadia's groups are all working on
Nymble or its derivatives. It's not ready for production yet, I bet,
but if someone wanted a Big Project....
A few things strike me there:
1: Is there one central PM and NM, or can there be multiple competing
PM and NM providers? If the latter, there's no indication of how easy
it is to set up a PM or NM. If the vandal can set up their own PM or
NM, they can easily pretend to be an entirely new person for each
edit, rendering the whole thing pointless.
2: It looks like Nymble allows us to block the person, but only for a
short period of time (less than one day by default) at the discretion
of the NM, since the "linking token" only works within one
"linkability window".
3: The inability to see what other edits the user did before being
blocked may also be a sticking point, as one of the first things many
do when reverting vandalism is to check Special:Contributions to see
if the user vandalized anything else at the same time.