On 01/17/2014 04:26 PM, Erik Moeller wrote:
I understand. Wikimedia's current abuse prevention
strategies rely on
limits to user privacy being maintained, and any technical solution
that attempts to broaden access for Tor users is unlikely to be
successful at any significant scale unless this changes, no matter how
clever a solution it is.
Not necessarily. Abuse prevention requires, fundamentally, only one
thing: being able to tell that edit X has been done by the same person
as edit Y with N% probability. That's the fundamental decision done by
administrators and checkusers when deciding whether to block a user or
source of edits.
User IP and UA is one of the datapoints that is used for that
determination (both by checkusers and, indirectly, by administrators via
autoblocks or range blocks); but any other method by which that
determination can be made would serve just as well.
That we are not currently able to satisfactorily find a method by which
we can attribute online actions to an individual without (currently)
placing some limits on their privacy does not mean we never will be able
to -- or at least that we'll be able to tip the balance towards more
privacy than less.
It's a Hard Problem. Businesses tend to fix it by tying online
identities to some physical (and finite) token of existence (like a
Credit Card); something which we emphatically would never want to do
because that vastly /reduces/ privacy. We don't care to know who
someone *is*, just whether they are the same one as before.
IMO, efforts should be directed towards that more fundamental goal;
everything else will fall into place from there.
-- Marc