On 4 January 2013 20:44, bawolff bawolff+wn@gmail.com wrote:
On Fri, Jan 4, 2013 at 9:53 AM, Tyler Romeo tylerromeo@gmail.com wrote: [..]
As far as a solution goes, I have a complete codebase for Extension:TokenAuth, which allows users to have MediaWiki sign a blinded token, which can then be used to bypass a specific IP block in order to
log
in and edit. It is almost ready; there are just a few functionality problems with the JavaScript crypto library.
That sounds really cool. However I'm not sure how it solves the problem. If we allow people to get tokens signed that lets them bypass the TOR blocks, we may as well just not hand out tor blocks in the first place (if everyone can get a blinded token), or hand out the overrides via IP block exempt group (If we limit who can get such tokens).
Bawolff has it right, pretty much. For legitimate users, an IPBE can be handed out. We have very limited human resources on the projects themselves to address the issuing of tokens and IPBEs now.
For me, this is largely a philosophical argument; yes, it would be in keeping with the "everyone can edit" ethic to enable Tor editing. For a very small number of WMF projects, it might attract a greater number of editors; if the project itself wants to consider Tor editing appropriate, it would be nice to find a way to exempt that project from the general prohibition. On the other hand, for the vast majority of projects, it would attract more problems and/or require excess attention from the limited number of volunteers (ie, checkusers) who are qualified to determine if an IPBE or "Tor token" is appropriate for a specific user. On some projects, almost every single editor who has ever been found to use [not yet blocked] Tor IPs was identified as such because of a legitimate concern about that editor's behaviour.
Risker/Anne