On Wed, Mar 11, 2015 at 9:10 AM, Chris Steipp <cste...@wikimedia.org> wrote:
> Setting up a proxy like this is definitely an option I've considered. As I > did, I couldn't think of a good way to limit the types of accounts that > used it, or come up with an acceptable collateral I could keep from the > user, that would prevent enough spammers to keep it from being blocked > while being open to people who needed it. Well, the obvious collateral is always money; and with bitcoin going mainstream, untraceable money transfers are now accessible even to nontechnical users (although I don't know Not sure if the mere act of buying bitcoins could endanger someone in certain oppressive regimes). Something like $10 is probably not a serious hurdle to anyone intent on avoiding censorship but enough to deter spammers. The money could be donated to the Tor project, or retained and returned after a certain number of edits. To make blocks more granular, some identifier such as the bitcount transaction ID could be exposed via XFF so administrators would still be able to assign blocks based on collaterals. That seems to me like a significantly easier setup than using the reputation of an existing user as collateral - that becomes really difficult if you want to both keep the association hidden and punish users who vouch for spammers. Maybe the proxy is not even necessary (it would certainly bring a host of usability issues) and all that's needed is a gateway to buy editblocked rights for users. The blinded token approach lets > the proxy rely on a trusted assertion about the identity, by the people who > it will impact if they get it wrong. That seemed like a good thing to me. I don't think it's the most practical solution for this specific use case, but if it could be generalized, the ability to create a limited number of tokens per user which are anonymous but assert that the creator passed some condition (e.g. >1000 edits) and can be used up in some way would be exciting as it would allow proper voting systems. No idea if that can be fit into the OAuth framework, though (or if it's even possible without having two independent authorities both of which have only partial access to the data). _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l