On Mar 10, 2015 12:05 PM, "Risker" <risker.wp(a)gmail.com> wrote:
Thanks for your responses, Chris. Regardless of what processes are
proposed, I suspect that the strongest objections will be socially based
rather than technically based. Bawolff has a valid point, that success on
a smaller wiki may have an effect on the social perception of the use of
Tor on enwiki - but if it is started on another wiki, please ensure that
there is actual community agreement and that there are sufficient
administrators who are willing and able to promptly address any problems.
We may have 700 wikis, but really only about 50-60 of them have sufficient
daily activity and editorial community size to be able to manage any
problems that might arise from this.
To my experience, the majority of experienced editors who are asking for
IPBE or something similar tend to be editing through VPNs that are
hard-blocked for various reasons (most commonly spamming and/or heavy-duty
vandalism - and if it's spamming, it's usually blocked at the global
level). There are some exceptions - particularly related to users working
from countries where there are entirely valid security concerns (we could
probably all recite the list). And IPBE does permit editing through Tor
now. Whether continuing with IPBE or providing an alternative, the user
would still have to persuade the same administrators/community members of
the legitimacy of their request.
I cannot speak for the entire enwiki community (let alone any other
community) about whether or not there would be acceptance for the idea of
a
user having two unlinked accounts, one
"regular" account and one "Tor" one
- given my role as a Checkuser I'm exposed to a much higher frequency of
socking complaints than most community members - but given it's been darn
hard to keep the community from flat-out banning multiple unlined
accounts,
I have my doubts it will be greeted with open arms,
even if it "works" on
other wikis. (Pretty much the only exception that has received support is
"editing in a high risk topic area", so there *may* be some support).
Unfortunately, there's been plenty of history on enwiki of experienced
users having multiple accounts that were used inappropriately, including
administrator accounts, so that raises the bar even higher.
Also....I'm a little unclear about something. If a "Tor-enabled" account
creates new accounts, will those accounts be able to edit through Tor,
too?
The account creation would come from the proxy, so the wiki would have to
trust that the proxy is only handing out accounts to users who have been
Risker/Anne
On 10 March 2015 at 14:33, Chris Steipp <csteipp(a)wikimedia.org> wrote:
> On Tue, Mar 10, 2015 at 10:39 AM, Risker <risker.wp(a)gmail.com> wrote:
>
> > A few questions on this:
> >
> >
> > - So, this would result in the creation of a new account,
correct?
If
> > so, most of the security is lost by the
enwiki policy of requiring
> > linking
> > to one's other accounts, and if the user edited in the same topic
area
> > as
> > their other account, they're likely to be blocked for socking.
(This
> > is a
> > social limitation on the idea, not a technical one.)
> >
>
> Registering a pseudonym through this process implies that you are an
> existing editor (we could even limit the process to only one pseudonym
per
> existing account, so you know there's a 1-1
mapping), just not linking
to
> which one you are. Do you think enwiki be open to
considering that?
>
>
> > - Why would we permit more than one account?
> >
>
> I was originally thinking that if something happened (forgotten
password,
> etc.), you could start over. But not a hard
requirement.
>
>
> > - It's not usually experienced editors who seem to have an issue on
> > English projects; most of the huffing and puffing about Tor seems
to
> > come
> > from people who are not currently registered/experienced editors,
so
> the
> > primary "market" is a group of people who wouldn't meet the
proposed
> > criteria.
>
>
> There may not be enough intersection between users who we have some
trust
> in and those who want to edit via Tor. I'm
hopeful that we can define
> "established" to be some group that is large enough that it will include
> productive editors who also should use Tor, but small enough to preclude
> spammers. I'm assuming if we start with some guideline, then we can
adjust
> up (if there's too much spam) or down (if
there aren't enough users)
> depending on the results.
>
>
> >
>
> - On reading this over carefully, it sounds as though you're
proposing
> > what is essentially a highly technical
IPBE process in which there
is
> > even
> > less control than the project has now, particularly in the ability
to
> > address socking and POV/COI editing. Am I
missing something?
> >
>
> In a way it is, but there are couple advantages over IPBE as I see it:
> * Neither the WMF nor checkusers can correlate the identities, whereas
with
> IPBE, it's possible that a checkuser can
still see the IP that created
the
> account requesting the IPBE. This is less
control, but also less risk if
> the wmf/checkuser is coerced into revealing that information.
> * Hopefully it will be a less manual process, since the only manual
(which
> could be automated if the right heuristics were
found) step is
confirming
> that the requesting user is
"established". There's no further rights
that
> have to be granted and maintained.
>
> It also give slightly more control in that:
> * We're not giving out the IPBE right
> * The whole system can be blocked (hopefully temporarily) with a single
> block or revoking the OAuth key, if there is ever a sudden flood of spam
>
> Admittedly, we could do all of this (except making the identities
> unlinkable) by having an edit-via-tor right that is different from IPBE,
> but the unlikability I think is important for our users.
>
>
> >
> > Risker/Anne
> >
> > On 10 March 2015 at 13:16, Giuseppe Lavagetto <
glavagetto(a)wikimedia.org>
> > wrote:
> >
> > > Hi Chris,
> > >
> > > I like the idea in general, in particular the fact that only
> > > "established" editors can ask for the tokens. What I don't
get is
why
this proxy
should be run by someone that is not the WMF, given - I
guess - it would be exposed as a TOR hidden service, which will mask
effectively the user IP from us, and will secure his communication
from snooping by exit node managers, and so on.
I guess the righteously traffic on such a proxy would be so low (as
getting a token is /not/ going to be automated/immediate even for
logged in users) that it could work without using up a lot of
resources.
Cheers,
Giuseppe
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l