[arma at mit.edu: Re: Wikipedia & Tor]

Tyler Durden camera_lumina at hotmail.com
Tue Sep 27 14:41:02 PDT 2005 

Sorry...I don't understand...why would psuedonymity services be provided 
within Tor?

An external reputation/psuedonymity server would of course "reduce" a Tor 
users' anonymity to mere psuedonymity, but I don't see how it would do 
anything more, and who cares? If Wikipedia (or anyone) doesn't want to 
interact with the truly anonymous (as opposed to psuedonymous), then ah 
well.

Solution: Wait and do nothing until someone (commericially) provides such 
services.

Am I punchdrunk or stating the obvious?

-TD


>From: Eugen Leitl <eugen at leitl.org>
>To: cypherpunks at jfet.org
>Subject: [arma at mit.edu: Re: Wikipedia & Tor]
>Date: Tue, 27 Sep 2005 21:57:50 +0200
>
>----- Forwarded message from Roger Dingledine <arma at mit.edu> -----
>
>From: Roger Dingledine <arma at mit.edu>
>Date: Tue, 27 Sep 2005 15:54:38 -0400
>To: or-talk at freehaven.net
>Subject: Re: Wikipedia & Tor
>User-Agent: Mutt/1.5.9i
>Reply-To: or-talk at freehaven.net
>
>On Tue, Sep 27, 2005 at 11:18:31AM -0400, Paul Syverson wrote:
> > On Tue, Sep 27, 2005 at 10:27:58AM -0400, Matt Thorne wrote:
> > > everyone is so worried about it, but has any one ever been 
>successfully
>been
> > > able to use tor to effectively spam anyone?
> >
> > No. Cf.
> > http://tor.eff.org/faq-abuse.html#WhatAboutSpammers
>
>To be fair, this answer is yes. People have used Tor to deface Wikipedia
>pages, along with Slashdot pages, certain IRC networks, and so on. I
>think that counts as spam at least in a broad sense.
>
> > A potential for cooperation is the proposal below for authenticated
> > access to Wikipedia through Tor. I will not speak to any particular
> > design here, but if Wikipedia has a notion of clients trusted to post
> > to Wikipedia, it should be possible to work with them to have an
> > authentication server that controls access to Wikipedia through Tor.
>
>As I understand it, Jimmy is hoping that we will develop and maintain
>this notion. We would run both "halves" of the Tor network, and when they
>complain about a user, we would cut that user out of the authenticated
>side.
>
>Jimmy and I talked about Tor-and-Wikipedia many months ago, and the
>conclusion was that they (mediawiki) would be willing to try a variety of
>technological solutions to see if they work (i.e. cut down on vandalism
>and aren't too much of a burden to run). My favorite is to simply have
>certain address classes where the block expires after 15 minutes or
>so. Brandon Wiley proposed a similar idea but where the block timeout is
>exponentially longer for repeated abuse, so services that are frequently
>blocked will stay blocked longer. This is great. But somebody needs to
>actually code it.
>
>Wikipedia already needs this sort of thing because of AOL IPs -- they
>have similar characteristics to Tor, in that a single IP produces lots
>of behavior, some good some bad. The two differences as I understand
>them are that AOL will cancel user accounts if you complain loudly enough
>(but there's constant tension here because in plenty of cases AOL decides
>not to cancel the account, so Wikipedia has to deal some other way like
>temporarily blocking the IP), and that it's not clear enough to the
>Wikipedia operators that there *are* good Tor users.
>
>(One might argue that it's hard for Wikipedia to change their perception
>and learn about any good Tor uses, firstly because good users will
>blend in and nobody will notice, and secondly because they've prevented
>them all from editing so there are no data points either way.)
>
>So I've been content to wait and watch things progress. Perhaps we will
>find a volunteer who wants to help hack the mediawiki codebase to be more
>authentication-friendly (or have more powerful blocking config options).
>Perhaps we'll find a volunteer to help build the blind-signature
>pseudonymous authenticated identity management infrastructure that Nick
>refers to. Perhaps the Wikimedia operators will increasingly get a sense
>that Tor has something to offer besides vandalism. (I presume this thread
>re-surfaced because Tor users and operators are periodically telling
>Wikipedia that they don't like being blocked.) Maybe we will come to
>the point eventually that it makes sense to do something different than
>blocking the Tor IP addresses from editing Wikipedia. (Which, we should
>all remember compared the Gentoo forum situation, is a great step above
>blocking them from both reading and writing.)
>
>It could be that we never reach that point. Certain services on the
>Internet (like some IRC networks) that are really prone to abuse are
>probably doing the right thing by blocking all Tor users (and all AOL
>users, and all open proxies, and ...). And we want to keep Tor easy
>to block, or we're really going to start getting the other communities
>angry at us.
>
>In summary, I'm not too unhappy with the status quo for now. Tor needs
>way more basic development / usability work still. In the absence of
>actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve
>the problem, I'm going to focus on continuing to make Tor better, so
>down the road maybe we'll be able to see better answers.
>
>--Roger
>
>----- End forwarded message -----
>--
>Eugen* Leitl <a href="http://leitl.org">leitl</a>
>______________________________________________________________
>ICBM: 48.07100, 11.36820            http://www.leitl.org
>8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
>
>[demime 1.01d removed an attachment of type application/pgp-signature which 
>had a name of signature.asc]

More information about the cypherpunks-legacy mailing list