[tor-talk] Wikimedia and Tor

z9wahqvh z9wahqvh at gmail.com
Wed Oct 1 17:05:22 UTC 2014


On Wed, Oct 1, 2014 at 9:57 AM, Derric Atzrott <datzrott at alizeepathology.com
> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I was curious if any of you here might have any ideas?  How can we verify
> that
> a person is who they say they are, and block them if they are abusive in
> such
> a way that it is at least difficult for them to evade the block, but that
> does
> not impose a requirement so high as to be prohibitive to those who aren't
> causing issues?
>

Is there any mechanism available by which, e.g., known & trusted editors
could request Tor access for specific login credentials/accounts, and Tor
only allowed for those accounts? This would also help to address Derric's
interest in allowing users from repressive regimes without allowing the
vast amounts of destructive edits that have so far come from Tor. Since
Wikimedia accounts are designed to be at least quasi-anonymous, placing a
request for Tor access through the Wikimedia messaging system should not in
itself reveal one's identity.

so one way to get one of these accounts would be, as many of us do, create
a regular (non-Tor) account, perform a good number of simple,
non-destructive edits (cleaning up already-marked items on WP pages, for
example), and then to request a special Tor account.

maybe if this works for established editors, a trial could be run to allow
a limited number of new accounts through Tor to be set up, again by
personal request, and edits allowed only through those approved accounts,
allowing the Wikimedia software to carefully watch over these accounts for
destructive editing and blocking them if this happens. People would
therefore not be allowed to automatically create accounts in Tor in
Wikimedia projects, nor to edit without logging in, but if the method
works, a certain amount of editing over Tor could be possible.

the overhead in approving accounts would be relatively low, and a limited
number could be created, so that not a great deal of oversight would be
necessary. Perhaps even a secure messaging facility could be created to
request such accounts (if it doesn't exist already).

As long as the basic mechanism is to allow only certain accounts to use
Tor, I presume that Tor itself would make spoofing those accounts
difficult.

I would presume that a Tor-based Wikimedia account opened solely by
messaging Wikimedia securely would be relatively hard to track down to a
specific individual (especially if it eventually becomes possible to
request these without first becoming a trusted editor), but I may not be
thinking through all the possibilities.


More information about the tor-talk mailing list