Re: [cyphrpunk@gmail.com: Re: Hello directly from Jimbo at Wikipedia]

----- Forwarded message from cypherpunk <cyphrpunk@gmail.com> -----

From: cypherpunk <cyphrpunk@gmail.com>

Subject: Re: Hello directly from Jimbo at Wikipedia

As an occasional Tor and Wikipedia user, let me add a couple of points.

First, in case it is not obvious, the problem with the present system is that Tor users can no longer edit on Wikipedia. I have done so in the past, in what I like to think is a constructive manner, but cannot do so since this summer. I have valid although perhaps unpopular contributions to make, and not only is my freedom to express myself limited, the quality of the material on Wikipedia suffers due to the absence of my perspective. The status quo is not acceptable and we should work to find a solution.

Leaving aside the qualitative discussion, let's remember that the freedom to express onesself does not imply the obligation for any other party to listen.

Looking at the proposals for authentication servers and such, I see a major issue which is not being addressed. That is, how does the web server distinguish "authenticated" Tor users from unathenticated ones? If this is via a complicated protocol, there is no point as the servers won't use it.

The problem at hand does not require "authenticated" Tor users. It requires authenticated Wikipedia users.

This does not necessarily mean building complex authentication protocols into the Tor network, and having two classes of traffic flowing around. It could be that this authenticated Tor is a separate network. It only lets users in who are authenticated, and owns a specific set of IP addresses which servers can whitelist. The regular Tor exit nodes can be blacklisted as they are now.

Tor is transport layer. Authentication for a specific service (such as Wikipedia) is the responsibility of that service and belongs in the session layer. An authenticated network and an anonymizing network are mutually exclusive.

What does Wikipedia need? What is the minimum level of service they require? Presumably, it is similar to what they can get via ISPs, who also map many users to a fixed set of IP addresses. Wikipedia can complain to the ISP, and it will get back in some form to that user.

No, Wikipedia needs to realize that the IP address correlation they enjoy outside of Tor is a happy accident, and that they should stop treating IP addressess as user credentials. If they want credentials, they need to implement them. -- Roy M. Silvernail is roy@rant-central.com, and you're not "It's just this little chromium switch, here." - TFT SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com