On Fri, Sep 27, 2013 at 7:40 PM, Sumana Harihareswara <sumanah@wikimedia.org
wrote:
From talking to Eleanor Saitta: could we do FlaggedRevs by IP space, and/or by the intersection of IPs and topic space? Basically, let people edit from Tor IPs (and/or whitelist or blacklist categories) as long as those go through a FlaggedRevs-type process? And we could also do FlaggedRevs on specific IP ranges, like blocks that are known to be certain government office buildings.
Unfortunately this would not solve the inherent problem with users editing from Tor. The reason Tor editors are blocked is not just because of vandalism. If that were the case, we'd just block anonymous editors and allow logged in users to edit over Tor.
In other words, cleaning up vandalism from regular users vs. Tor users is the same amount of work: you revert the vandalism and possibly block the user. Like somebody else mentioned, FlaggedRevs is not related to the editors as much as it is to the content. Vandalism still has to be removed regardless of whether the page has FlaggedRevs. The only difference is that other users won't see the vandalism because it will be hidden from them.
The reason Tor users are really blocked is because Tor allows users to hide their actual IP address, which makes it difficult to IP-ban people from editing and creating accounts, which is sometimes done for severe vandals. Vandals can continue to switch IP addresses at will, create new accounts, and continue vandalizing. The only way to avoid this issue is to force users to associate themselves with a "real" IP address before anonymously editing, but that kind of defeats the point of being anonymous in the first place.
Ideas were thrown around of issuing an anonymous token. The idea is that you generate a secret token, perform some crypto on that token to mask and hide it, and then have Wikipedia sign the masked and hidden token. Because of the nature of RSA, you can have Wikipedia sign the hidden token and then later extract a signature for the real token. Then, when you switch to Tor, you give the real signed token back to Wikipedia. This allows the site to know that it previously authenticated the user without being able to link it with the original IP address. Then, you do major rate-limiting, i.e., allowing a given IP address to request a signature once every week or something. Now rather than blocking an IP address, you block the token, and since the user can only get a token once a week, they're yet again limited to using their real IP address.
However, as pointed out, this suffers from a number of issues: 1) a week is a long time, and on a shared IP address it could be impossible to use; 2) it requires a lot of client-side crypto, which has to be done in either JavaScript or a custom client; 3) since the rate-limiting is the equivalent of IP blocks, vandal IP addresses can never be blocked for more than a week, which means the problem isn't truly solved. In the end, it comes down to trying to balance the rate-limiting between usability and blocking capability. I attempted an implementation of this a while ago, but abandoned it due to lack of interest. If somebody thinks these goals are surmountable, I'm sure we can resume discussion on it and maybe I can resume implementation.
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science