we are essentially saying that it's impossible to do research with anonymity tools in this kind of environment. We have the benefit of having a receptive ear amongst the security folks on campus who would like to do away with IP-based authentication. -Joe
On 5/16/06, Watson Ladd <[EMAIL PROTECTED]> wrote:
On May 16, 2006, at 4:32 PM, Michael Holstein wrote: >> Specifically, we're arguing to various administrative and technical >> committees that the whole damn network shouldn't be trusted by >> services that we subscribe to... and instead, the proxy service that >> berkeleyites use to connect to library services off campus should be >> used on campus too (so that a much smaller segment of our network is >> "trusted"). > > We actually already have this as well .. a proxy that allows > internal users to breeze through, and external ones to > authenticate. Why the journals think it fit to trust a /16 or > greater is beyond me. Are the on-campus proxies really necessary in that case? > > Problem is .. I don't think they'll buy the argument "you need to > change your way of doing things so I can offer an anonymous proxy > and not cause you problems". They'll just say "why run the proxy at > all?". > > For the short-term, I wrote a script that wgets the library's list > of subscriptions, and munges that to get the unique domain links, > and puts those into /etc/hosts with bogus addresses that are denied > by the exit policy (eg: 127.0.0.2 some.domain). Yes, I realize this > doesn't prevent access by IP, but if I can keep out 95% of the > miscreants, that's fine by me. > > I hate to break things on purpose, but I do have to dance around a > bit to keep this going. > > My biggest mistake perhaps was actually giving the library folks an > honest answer when they asked .. had I just said "oh .. I'll look > into that" and fixed it, they'd have happily gone away. Instead, I > sent them the boiler-plate response about TOR and they started > asking questions. > > Lesson learned : don't call TOR an "anonymous proxy". It's a > "privacy router designed to help the Chinese". Try making up some other excuse, like being able to track who is accessing journal articles and with what frequency. I think that will work. > > /mike. "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
-- Joseph Lorenzo Hall PhD Student, UC Berkeley, School of Information <http://josephhall.org/>
