On 4 January 2013 20:44, bawolff <bawolff+wn(a)gmail.com> wrote:
On Fri, Jan 4, 2013 at 9:53 AM, Tyler Romeo
<tylerromeo(a)gmail.com> wrote:
[..]
As far as a solution goes, I have a complete
codebase for
Extension:TokenAuth, which allows users to have MediaWiki sign a blinded
token, which can then be used to bypass a specific IP block in order to
log
in and edit. It is almost ready; there are just a
few functionality
problems with the JavaScript crypto library.
That sounds really cool. However I'm not sure how it solves the
problem. If we allow people to get tokens signed that lets them bypass
the TOR blocks, we may as well just not hand out tor blocks in the
first place (if everyone can get a blinded token), or hand out the
overrides via IP block exempt group (If we limit who can get such
tokens).
Bawolff has it right, pretty much. For legitimate users, an IPBE can be
handed out. We have very limited human resources on the projects themselves
to address the issuing of tokens and IPBEs now.
For me, this is largely a philosophical argument; yes, it would be in
keeping with the "everyone can edit" ethic to enable Tor editing. For a
very small number of WMF projects, it might attract a greater number of
editors; if the project itself wants to consider Tor editing appropriate,
it would be nice to find a way to exempt that project from the general
prohibition. On the other hand, for the vast majority of projects, it would
attract more problems and/or require excess attention from the limited
number of volunteers (ie, checkusers) who are qualified to determine if an
IPBE or "Tor token" is appropriate for a specific user. On some projects,
almost every single editor who has ever been found to use [not yet blocked]
Tor IPs was identified as such because of a legitimate concern about that
editor's behaviour.
Risker/Anne