On 01/17/2014 04:26 PM, Erik Moeller wrote:
I understand. Wikimedia's current abuse prevention strategies rely on limits to user privacy being maintained, and any technical solution that attempts to broaden access for Tor users is unlikely to be successful at any significant scale unless this changes, no matter how clever a solution it is.
Not necessarily. Abuse prevention requires, fundamentally, only one thing: being able to tell that edit X has been done by the same person as edit Y with N% probability. That's the fundamental decision done by administrators and checkusers when deciding whether to block a user or source of edits.
User IP and UA is one of the datapoints that is used for that determination (both by checkusers and, indirectly, by administrators via autoblocks or range blocks); but any other method by which that determination can be made would serve just as well.
That we are not currently able to satisfactorily find a method by which we can attribute online actions to an individual without (currently) placing some limits on their privacy does not mean we never will be able to -- or at least that we'll be able to tip the balance towards more privacy than less.
It's a Hard Problem. Businesses tend to fix it by tying online identities to some physical (and finite) token of existence (like a Credit Card); something which we emphatically would never want to do because that vastly /reduces/ privacy. We don't care to know who someone *is*, just whether they are the same one as before.
IMO, efforts should be directed towards that more fundamental goal; everything else will fall into place from there.
-- Marc