The ban was imposed reluctantly and I have been seeking a solution to the problem. I believe that I may have identified such a solution but if it is not acceptable to our community (including ACs) then it can go no further. I wish to outline my proposal here and leave it open to comments to see if it can be at least part of the solution.

There are many reasons for wishing to post as Anonymous Coward (AC). Almost all of them can be divided into 1 of 2 groups: those wishing to protect their identity so that they are not leaving a searchable trail of their views or personal data on the internet, or those not wishing to be held responsible for their actions. The problem that SoylentNews faces is that they are all treated the same by the site software. This has meant that the majority of ACs are now having to suffer an exclusion ban preventing them from participating in the full site because of the actions and behaviour of a small but significant minority.

There is nothing inherently wrong in anonymity but it does cause problems for sites such as ours. The site can only treat individual ACs differently if it can identify them as different entities. This does not require any personal information but there has to be something that makes AC[0] different from AC[1]...AC[n]. Whereas IP hashes were once a practical solution they are no longer as effective as they were in 2014 for various reasons, including the increasing adoption of IPv6 and the widespread use of TOR and VPNs. The only other 'personal' information that the site held was an optional email contact address. This too is no longer valid because ACs fear that they will be identified by someone or some organisation and held to account for their views sometime in the future. As things stand, ACs have to be treated as a single account.

There has to be a token of some kind which is provided by the AC to the site. There is no avoiding this fact. The token must not be relatable to any real person or account because there will always be a fear that it could be used against them. Therefore the token must be generated by the ACs themselves so that they have complete trust in it and know that it contains nothing that will provide a link to them.

In the outline below, specific formats or time periods are simply examples. They can be changed to suit as circumstances dictate.

Assumptions:

ACs will continue to have full and free access to journals. Some of those ACs may also want to participate in the discussions on the main site as fully as possible, including perhaps the ability to moderate other comments and receive karma.

Theoretical outline:

The AC will create their own token in a specific format (I suggest a SHA256 hash) using any method they wish. They will then know how that token was generated and can be assured that it contains no other information. The SHA256 hash has been chosen to ensure that it has a reasonable chance of being unique and to make it impractical for an attacker to mount a brute force attack.

If an AC wishes to participate in main site stories he must register the token that he has generated with the site. This will be done through a web page and the only information that will be required is the token. The web page would also provide a randomly generated token if the AC does not know how to create one themself, but this will only be created if a button requesting one is pressed. The web page will acknowledge receipt of the token, display it on the screen and allow the AC to copy/paste it, or verify that it is the same that he intended to input, and record it in a safe place. The only information that the site will hold is the token. If the token is lost or corrupted by the AC then the site can do nothing to help recover it as it does not know to which AC it belongs. The AC alone is responsible for the security of the token.

There will then be a waiting period of a predetermined duration before the token will be activated on the site. Perhaps several days or even a week or two. This is to prevent 'drive-by' abuse of the front page stories. There has to be an 'implied' cost to help combat the requests for repeated tokens, although the delay alone cannot prevent such an occurrence by itself.

Once the waiting period has elapsed, the AC can attempt to comment on main page stories. The first time that they do this the site will prompt the AC for their token and, if accepted, they will receive a cookie which will permit them to comment on stories. The cookie will have a set life - let us assume for the moment that this is 6 hours. Once the cookie has lapsed the procedure will begin again when the AC next attempts to make a comment.

While the cookie is valid the AC can continue to use the site in exactly the same manner as any logged in user. The only information that the site will have is that the token is currently active and what remains of the cookie's period of validity. It will not know any other information. The AC comments will appear exactly as they always have. It will not display any additional information regarding the AC, indeed there is no additional information to display.

Tokens that are not used over an extended period of time (e,g 3 months) will be deleted from the database. This is to prevent a potential bad actor from building up a list of valid tokens that could be subsequently used for a combined attack on the site.

If an AC account is used in any way that contravenes the normal running of the site, including but not limited to excessive Spam posting, personal attacks, threats, intimidation or moderation abuse, then the token can be revoked immediately by the site and to prevent it from being used again.

Possible Weaknesses:

Theoretically there is nothing to prevent an AC from creating multiple tokens. However, experience has shown that there is nothing to gain by doing this unless the tokens are used to abuse the system. Mod bombing, coordinated moderation abuse etc could (and occasionally does) take place with logged in accounts as well. There are procedures and software in place to assist with the detection of such activity. Tokens that remain dormant for an extended period of time will be deleted to help prevent multiple token generation.

The site will know nothing about the identity of the AC so, other than by revoking a token to remove access to the front page, the AC cannot face a permanent ban that would prevent them from accessing some parts of the site. This is exactly the situation we are in today.

Any widespread abuse of the system can be countered by switching the token/cookie authorisation off, thus resulting in ALL ACs being restricted to journals only: this again is the position that they are in today. The main site will always be protected in preference to supporting AC posting.

Additional Advantages:

The proposal ensures that ACs can continue to use TOR or VPNs to further protect their security and anonymity.

ACs who have a valid token could theoretically also create journals, and have moderation rights in journals too if this was thought to be desirable.

As individual ACs will have an internal (but meaningless) identity they can also have moderation points, karma etc. I realise that this is not considered to be of any worth by most ACs but the fact remains that it is a possibility.

What Is Now Required?

I am trying to identify an acceptable solution to a major problem. This is a discussion, and with current resources there is as yet no estimate of when such a system could be introduced to our site. We are not going to invest significant effort if the proposal is unacceptable to our community which includes ACs.

I am not an expert on cryptography, nor will I be the one writing the code if the if this option is eventually implemented. I need people who have more experience than I have in these areas to help solve any problems that exist in this proposal. By all means tell me it will not work if that is the case, but a potential solution is much more valuable to me.

I therefore welcome any comments on the practical aspects of this initiative and, just as importantly, on whether it receives the approval of our AC community. I would hope to see a clear statement indicating how many ACs would use this system if it was to be implemented. Staying silent will have to count as a 'No' vote, I will post this as a Meta and as a Journal entry to gather as many comments as I can. I cannot foresee the site ever returning the the position that existed earlier on this year without some major changes in the way we protect and control access to the discussions on the main pages. This may not be a perfect solution but it is, in my opinion, a practical one at least worth considering and possibly trialling if the software changes required are not too onerous.