Sorry...I don't understand...why would psuedonymity services be provided within Tor? An external reputation/psuedonymity server would of course "reduce" a Tor users' anonymity to mere psuedonymity, but I don't see how it would do anything more, and who cares? If Wikipedia (or anyone) doesn't want to interact with the truly anonymous (as opposed to psuedonymous), then ah well. Solution: Wait and do nothing until someone (commericially) provides such services. Am I punchdrunk or stating the obvious? -TD
From: Eugen Leitl <eugen@leitl.org> To: cypherpunks@jfet.org Subject: [arma@mit.edu: Re: Wikipedia & Tor] Date: Tue, 27 Sep 2005 21:57:50 +0200
----- Forwarded message from Roger Dingledine <arma@mit.edu> -----
From: Roger Dingledine <arma@mit.edu> Date: Tue, 27 Sep 2005 15:54:38 -0400 To: or-talk@freehaven.net Subject: Re: Wikipedia & Tor User-Agent: Mutt/1.5.9i Reply-To: or-talk@freehaven.net
On Tue, Sep 27, 2005 at 11:18:31AM -0400, Paul Syverson wrote:
On Tue, Sep 27, 2005 at 10:27:58AM -0400, Matt Thorne wrote:
everyone is so worried about it, but has any one ever been successfully been able to use tor to effectively spam anyone?
To be fair, this answer is yes. People have used Tor to deface Wikipedia pages, along with Slashdot pages, certain IRC networks, and so on. I think that counts as spam at least in a broad sense.
A potential for cooperation is the proposal below for authenticated access to Wikipedia through Tor. I will not speak to any particular design here, but if Wikipedia has a notion of clients trusted to post to Wikipedia, it should be possible to work with them to have an authentication server that controls access to Wikipedia through Tor.
As I understand it, Jimmy is hoping that we will develop and maintain this notion. We would run both "halves" of the Tor network, and when they complain about a user, we would cut that user out of the authenticated side.
Jimmy and I talked about Tor-and-Wikipedia many months ago, and the conclusion was that they (mediawiki) would be willing to try a variety of technological solutions to see if they work (i.e. cut down on vandalism and aren't too much of a burden to run). My favorite is to simply have certain address classes where the block expires after 15 minutes or so. Brandon Wiley proposed a similar idea but where the block timeout is exponentially longer for repeated abuse, so services that are frequently blocked will stay blocked longer. This is great. But somebody needs to actually code it.
Wikipedia already needs this sort of thing because of AOL IPs -- they have similar characteristics to Tor, in that a single IP produces lots of behavior, some good some bad. The two differences as I understand them are that AOL will cancel user accounts if you complain loudly enough (but there's constant tension here because in plenty of cases AOL decides not to cancel the account, so Wikipedia has to deal some other way like temporarily blocking the IP), and that it's not clear enough to the Wikipedia operators that there *are* good Tor users.
(One might argue that it's hard for Wikipedia to change their perception and learn about any good Tor uses, firstly because good users will blend in and nobody will notice, and secondly because they've prevented them all from editing so there are no data points either way.)
So I've been content to wait and watch things progress. Perhaps we will find a volunteer who wants to help hack the mediawiki codebase to be more authentication-friendly (or have more powerful blocking config options). Perhaps we'll find a volunteer to help build the blind-signature pseudonymous authenticated identity management infrastructure that Nick refers to. Perhaps the Wikimedia operators will increasingly get a sense that Tor has something to offer besides vandalism. (I presume this thread re-surfaced because Tor users and operators are periodically telling Wikipedia that they don't like being blocked.) Maybe we will come to the point eventually that it makes sense to do something different than blocking the Tor IP addresses from editing Wikipedia. (Which, we should all remember compared the Gentoo forum situation, is a great step above blocking them from both reading and writing.)
It could be that we never reach that point. Certain services on the Internet (like some IRC networks) that are really prone to abuse are probably doing the right thing by blocking all Tor users (and all AOL users, and all open proxies, and ...). And we want to keep Tor easy to block, or we're really going to start getting the other communities angry at us.
In summary, I'm not too unhappy with the status quo for now. Tor needs way more basic development / usability work still. In the absence of actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve the problem, I'm going to focus on continuing to make Tor better, so down the road maybe we'll be able to see better answers.
--Roger
----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]