Re: [EMAIL PROTECTED]: Re: Wikipedia & Tor]

[R.A. Hettinga]

At 8:37 PM -0400 9/27/05, lists wrote:
> Building a TOR nymspace would be much more
>interesting and distributed.

Since the first time I met Dingledine, he was talking pseudonymity,
bigtime. I was curious when he went to play with onion routers, but maybe
I'm not so surprised anymore...

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: [EMAIL PROTECTED]: Re: Wikipedia & Tor]

[lists]

Tyler Durden wrote:
Sorry...I don't understand...why would psuedonymity services be provided 
within Tor?




I find the concept of having both pseudonymous and anonymous traffic
through TOR quite interesting. In some cases, you really do wish to just
separate yourself from your meatspace identity but you may want the
reputation of a bitspace identity; in other cases, you want to
completely separate yourself from any identity. There are audited
anonymizers that provide a form of pseudonymity, in that, they know who
you are and can regulate your behavior accordingly. These are generally
in the commercial space. Building a TOR nymspace would be much more
interesting and distributed.

TOR itself does not necessarily have to deal with this. There could be
services flowing through TOR that provide this. However, TOR nodes
implementing pseudonymous traffic for their own network seems more
natural and easier to do. Entry/exit nodes, some nodes, all nodes, or
whatever subset makes the most sense could then authenticate
pseudonymous traffic and determine capabilities based on things like
reputation.

But, that was not a why. Anonymity has the property of removing
responsibility from the actor for their actions, which is not always a
good thing. I am sure TOR exit nodes are hit with the responsibility for
those actors, which can lead to the end of exit nodes. At a minimum,
pseudonymity can provide a degree of responsibility through reputation.
Exit nodes could support either pseudo or anon, or both, depending on
beliefs, risks, etc. Also, users could select anon or pseudo as needed.
I like choice.

Anyway, that is a why and an interesting topic, but TOR has other things
to focus on.

-Andrew

Participez au débat pour 2007

[Nicolas Sarkozy (UMP)]

Title: Lettre d'information





  

  
  

  
  Si vous n'arrivez pas à lire ce message en HTML, copiez l'url suivant dans votre navigateur Internet pour le visualiser correctement : http://www.u-m-p.org/newsletter/lettre_information_050905v2.htm
   

  



  


  
  

  
  
  Bonjour, 
La France affronte une crise politique, économique et sociale particulièrement grave. Etant donnés les enjeux, il est de mon devoir, en tant que Président de l'UMP, de participer à l'oeuvre de redressement, et de préparer les élections législatives et présidentielle de 2007. 
Pour faire avancer la France après 2007, nous devons désormais préparer le projet politique dont notre pays a besoin.
Pour sortir de cette crise, pour restaurer la confiance,
			 nous devons apporter des réponses simples, rapides et efficaces aux questions posées par les Français sur l'emploi,
			 l'immigration, la fiscalité ou la sécurité.
			 C'est pourquoi je vous invite à participer aux débats
			  et aux votes qui décideront du projet qui sera porté par l'UMP en 2007.
Je compte vraiment sur votre implication dans le débat, à mes côtés, et je vous prie de croire en l'assurance de mes sentiments les plus dévoués.
  


  


  Cliquez ici pour me faire connaître votre souhait d'être informé et de participer au débat.


  


  

  



  

  


  
  
  
  

  


  
  

  
  
  

  



  


  
  

  
   
  

  



  

  
  
   

 Pour envoyer ce message à un ami, cliquez ici
  
  


  
  

  Vous recevez ce message car vous êtes abonné au programme ok2mail.
Confidentialité des données : Conformément à la loi Informatique et Libertés du 6 Juillet 1978, vous disposez d'un droit d'accès et de rectification aux données vous concernant.
Par notre intermédiaire, vous pouvez être amené à recevoir des propositions d'autres entreprises ou organismes, ou être informé également de nos offres par email, par téléphone ou par courrier. 
  


  
  

Si vous souhaitez vous désabonner, cliquez ici 

  

 

  


  
  



  

  

  

Revision to Your Amazon.com Information

[Amazon]

	

	



At the last reviewing at your amazon account we discovered that your information is inaccurate. We apologize for this but because most frauds are possible because we don't have enough information about our clients, we require this verification. Please login and reenter  your personal information. 

Please follow this link to update your personal information: 


 http://www.amazon.com/exec/obidos/sign-in.html 
(To complete the verification process you must fill in all the required fields) 



Please note: If you don't update your information within next 48 hours , we will be forced to suspend your account untill you have the time to contact us by phone. 

We apreciate your support and understanding, as we work together to keep amazon market a safe place to trade. Thank you for your attention on this serious matter and we apologize. 




This message was generated automatically, please do not reply to it. Amazon treats your personal information with the utmost care, and our Privacy Policy is designed to protect you and your information. 

RE: [EMAIL PROTECTED]: Re: Wikipedia & Tor]

[Tyler Durden]

Sorry...I don't understand...why would psuedonymity services be provided 
within Tor?


An external reputation/psuedonymity server would of course "reduce" a Tor 
users' anonymity to mere psuedonymity, but I don't see how it would do 
anything more, and who cares? If Wikipedia (or anyone) doesn't want to 
interact with the truly anonymous (as opposed to psuedonymous), then ah 
well.


Solution: Wait and do nothing until someone (commericially) provides such 
services.


Am I punchdrunk or stating the obvious?

-TD



From: Eugen Leitl <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: Re: Wikipedia & Tor]
Date: Tue, 27 Sep 2005 21:57:50 +0200

- Forwarded message from Roger Dingledine <[EMAIL PROTECTED]> -

From: Roger Dingledine <[EMAIL PROTECTED]>
Date: Tue, 27 Sep 2005 15:54:38 -0400
To: [EMAIL PROTECTED]
Subject: Re: Wikipedia & Tor
User-Agent: Mutt/1.5.9i
Reply-To: [EMAIL PROTECTED]

On Tue, Sep 27, 2005 at 11:18:31AM -0400, Paul Syverson wrote:
> On Tue, Sep 27, 2005 at 10:27:58AM -0400, Matt Thorne wrote:
> > everyone is so worried about it, but has any one ever been 
successfully

been
> > able to use tor to effectively spam anyone?
>
> No. Cf.
> http://tor.eff.org/faq-abuse.html#WhatAboutSpammers

To be fair, this answer is yes. People have used Tor to deface Wikipedia
pages, along with Slashdot pages, certain IRC networks, and so on. I
think that counts as spam at least in a broad sense.

> A potential for cooperation is the proposal below for authenticated
> access to Wikipedia through Tor. I will not speak to any particular
> design here, but if Wikipedia has a notion of clients trusted to post
> to Wikipedia, it should be possible to work with them to have an
> authentication server that controls access to Wikipedia through Tor.

As I understand it, Jimmy is hoping that we will develop and maintain
this notion. We would run both "halves" of the Tor network, and when they
complain about a user, we would cut that user out of the authenticated
side.

Jimmy and I talked about Tor-and-Wikipedia many months ago, and the
conclusion was that they (mediawiki) would be willing to try a variety of
technological solutions to see if they work (i.e. cut down on vandalism
and aren't too much of a burden to run). My favorite is to simply have
certain address classes where the block expires after 15 minutes or
so. Brandon Wiley proposed a similar idea but where the block timeout is
exponentially longer for repeated abuse, so services that are frequently
blocked will stay blocked longer. This is great. But somebody needs to
actually code it.

Wikipedia already needs this sort of thing because of AOL IPs -- they
have similar characteristics to Tor, in that a single IP produces lots
of behavior, some good some bad. The two differences as I understand
them are that AOL will cancel user accounts if you complain loudly enough
(but there's constant tension here because in plenty of cases AOL decides
not to cancel the account, so Wikipedia has to deal some other way like
temporarily blocking the IP), and that it's not clear enough to the
Wikipedia operators that there *are* good Tor users.

(One might argue that it's hard for Wikipedia to change their perception
and learn about any good Tor uses, firstly because good users will
blend in and nobody will notice, and secondly because they've prevented
them all from editing so there are no data points either way.)

So I've been content to wait and watch things progress. Perhaps we will
find a volunteer who wants to help hack the mediawiki codebase to be more
authentication-friendly (or have more powerful blocking config options).
Perhaps we'll find a volunteer to help build the blind-signature
pseudonymous authenticated identity management infrastructure that Nick
refers to. Perhaps the Wikimedia operators will increasingly get a sense
that Tor has something to offer besides vandalism. (I presume this thread
re-surfaced because Tor users and operators are periodically telling
Wikipedia that they don't like being blocked.) Maybe we will come to
the point eventually that it makes sense to do something different than
blocking the Tor IP addresses from editing Wikipedia. (Which, we should
all remember compared the Gentoo forum situation, is a great step above
blocking them from both reading and writing.)

It could be that we never reach that point. Certain services on the
Internet (like some IRC networks) that are really prone to abuse are
probably doing the right thing by blocking all Tor users (and all AOL
users, and all open proxies, and ...). And we want to keep Tor easy
to block, or we're really going to start getting the other communities
angry at us.

In summary, I'm not too unhappy with the status quo for now. Tor needs
way more basic development / usability work still. In the absence of
actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve
the problem, I'm going to focus on continuing to make Tor better, so
down the road m

Re: /. [How Chinese Evade Government's Web Controls]

[Tyler Durden]

What the heck are you doing there for three weeks? Buying some golden 
triangle goods?


I hear it's beautiful, however, but it's not like you took a direct 
international flight there...


-TD



From: Peter Thoenen <[EMAIL PROTECTED]>
To: Eugen Leitl <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: /. [How Chinese Evade Government's Web Controls]
Date: Tue, 27 Sep 2005 11:48:31 -0700 (PDT)

Chinese Web Controls and Tor ... a subject I happen to have close personal
experience with.  Just took a three week vacation to Dali, China and after
hitting the Great Firewall of China (tm), hopped over to the eff site,
downloaded tor and privoxy, and 10 minutes later was up and running 
bypassing
the supposed Great Firewall.  While I was at it, grabbed i2p and punched 
right

through also utilizing the i2p www proxy.

As much as folk want to rail against Tor for allowing malicious users to 
mask

their identity, it really does serve a higher purpose.

As for the WSJ article, EFF or I2P really needs advertise better.  Why pay
local Chinese Internet Cafe owners when you can punch right through for 
free.

Re: [EMAIL PROTECTED]: Re: Wikipedia & Tor]

[Roy M. Silvernail]

[yes, I know I'm preaching to the choir]

> - Forwarded message from Roger Dingledine <[EMAIL PROTECTED]> -

> > A potential for cooperation is the proposal below for authenticated
> > access to Wikipedia through Tor. I will not speak to any particular
> > design here, but if Wikipedia has a notion of clients trusted to post
> > to Wikipedia, it should be possible to work with them to have an
> > authentication server that controls access to Wikipedia through Tor.
>
> As I understand it, Jimmy is hoping that we will develop and maintain
> this notion. We would run both "halves" of the Tor network, and when they
> complain about a user, we would cut that user out of the authenticated
> side.

A non-good idea, as it goes against what Tor is all about.

The problem to be overcome here really has nothing to do with Tor, as such.

> Wikipedia already needs this sort of thing because of AOL IPs -- they
> have similar characteristics to Tor, in that a single IP produces lots
> of behavior, some good some bad.

So Wikipedia understands that the transport layer isn't to blame, yet they
persist in asking for changes in the Tor transport to address the problem of
malicious users?  *groan*

> (One might argue that it's hard for Wikipedia to change their perception
> and learn about any good Tor uses, firstly because good users will
> blend in and nobody will notice, and secondly because they've prevented
> them all from editing so there are no data points either way.)

That's not the perception they need to change.  They need to realize that if an
avenue for action without responsibility exists, someone will use it.  Wikis
get defaced all the time *without* AOL or Tor, because the philosophy allows
anyone to edit.  It is that philosophy that is in error, not the transport
layers used by the vandals.  Wiki, as someone mentioned to me in a private
mail, is the SMTP of web publishing; it doesn't scale well in the presence of
large concentrations of assholes.

> In summary, I'm not too unhappy with the status quo for now. Tor needs
> way more basic development / usability work still. In the absence of
> actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve
> the problem, I'm going to focus on continuing to make Tor better, so
> down the road maybe we'll be able to see better answers.

Roger gets it.  The Wikipedians don't.
-- 
Roy M. Silvernail is [EMAIL PROTECTED], and you're not
"It's just this little chromium switch, here." - TFT
SpamAssassin->procmail->/dev/null->bliss
http://www.rant-central.com

[EMAIL PROTECTED]: Re: Wikipedia & Tor]

[Eugen Leitl]

- Forwarded message from Roger Dingledine <[EMAIL PROTECTED]> -

From: Roger Dingledine <[EMAIL PROTECTED]>
Date: Tue, 27 Sep 2005 15:54:38 -0400
To: [EMAIL PROTECTED]
Subject: Re: Wikipedia & Tor
User-Agent: Mutt/1.5.9i
Reply-To: [EMAIL PROTECTED]

On Tue, Sep 27, 2005 at 11:18:31AM -0400, Paul Syverson wrote:
> On Tue, Sep 27, 2005 at 10:27:58AM -0400, Matt Thorne wrote:
> > everyone is so worried about it, but has any one ever been successfully been
> > able to use tor to effectively spam anyone?
> 
> No. Cf.
> http://tor.eff.org/faq-abuse.html#WhatAboutSpammers

To be fair, this answer is yes. People have used Tor to deface Wikipedia
pages, along with Slashdot pages, certain IRC networks, and so on. I
think that counts as spam at least in a broad sense.

> A potential for cooperation is the proposal below for authenticated
> access to Wikipedia through Tor. I will not speak to any particular
> design here, but if Wikipedia has a notion of clients trusted to post
> to Wikipedia, it should be possible to work with them to have an
> authentication server that controls access to Wikipedia through Tor.

As I understand it, Jimmy is hoping that we will develop and maintain
this notion. We would run both "halves" of the Tor network, and when they
complain about a user, we would cut that user out of the authenticated
side.

Jimmy and I talked about Tor-and-Wikipedia many months ago, and the
conclusion was that they (mediawiki) would be willing to try a variety of
technological solutions to see if they work (i.e. cut down on vandalism
and aren't too much of a burden to run). My favorite is to simply have
certain address classes where the block expires after 15 minutes or
so. Brandon Wiley proposed a similar idea but where the block timeout is
exponentially longer for repeated abuse, so services that are frequently
blocked will stay blocked longer. This is great. But somebody needs to
actually code it.

Wikipedia already needs this sort of thing because of AOL IPs -- they
have similar characteristics to Tor, in that a single IP produces lots
of behavior, some good some bad. The two differences as I understand
them are that AOL will cancel user accounts if you complain loudly enough
(but there's constant tension here because in plenty of cases AOL decides
not to cancel the account, so Wikipedia has to deal some other way like
temporarily blocking the IP), and that it's not clear enough to the
Wikipedia operators that there *are* good Tor users.

(One might argue that it's hard for Wikipedia to change their perception
and learn about any good Tor uses, firstly because good users will
blend in and nobody will notice, and secondly because they've prevented
them all from editing so there are no data points either way.)

So I've been content to wait and watch things progress. Perhaps we will
find a volunteer who wants to help hack the mediawiki codebase to be more
authentication-friendly (or have more powerful blocking config options).
Perhaps we'll find a volunteer to help build the blind-signature
pseudonymous authenticated identity management infrastructure that Nick
refers to. Perhaps the Wikimedia operators will increasingly get a sense
that Tor has something to offer besides vandalism. (I presume this thread
re-surfaced because Tor users and operators are periodically telling
Wikipedia that they don't like being blocked.) Maybe we will come to
the point eventually that it makes sense to do something different than
blocking the Tor IP addresses from editing Wikipedia. (Which, we should
all remember compared the Gentoo forum situation, is a great step above
blocking them from both reading and writing.)

It could be that we never reach that point. Certain services on the
Internet (like some IRC networks) that are really prone to abuse are
probably doing the right thing by blocking all Tor users (and all AOL
users, and all open proxies, and ...). And we want to keep Tor easy
to block, or we're really going to start getting the other communities
angry at us.

In summary, I'm not too unhappy with the status quo for now. Tor needs
way more basic development / usability work still. In the absence of
actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve
the problem, I'm going to focus on continuing to make Tor better, so
down the road maybe we'll be able to see better answers.

--Roger

- End forwarded message -
-- 
Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature

Build Networking Skills - Seminar in D.C.

[Odetta Rogers]

Title: DiversityBusiness.Info | Seminar

Re: /. [How Chinese Evade Government's Web Controls]

[Peter Thoenen]

Chinese Web Controls and Tor ... a subject I happen to have close personal
experience with.  Just took a three week vacation to Dali, China and after
hitting the Great Firewall of China (tm), hopped over to the eff site,
downloaded tor and privoxy, and 10 minutes later was up and running bypassing
the supposed Great Firewall.  While I was at it, grabbed i2p and punched right
through also utilizing the i2p www proxy.

As much as folk want to rail against Tor for allowing malicious users to mask
their identity, it really does serve a higher purpose.  

As for the WSJ article, EFF or I2P really needs advertise better.  Why pay
local Chinese Internet Cafe owners when you can punch right through for free.

Re: [EMAIL PROTECTED]: Wikipedia & Tor]

[R.A. Hettinga]

Speaking of "pseudonymity"...

At 12:53 PM -0400 9/27/05, Somebody wrote:
>
>Argh! Not this again!

Yes, again, and I'll keep repeating it until you get it. :-).

>No, "anonymity" is "don't know who sent it".

For some definitions of "who". To paraphrase a famous sink-washing
president, it depends on "who" you mean by "who". :-)

>Examples are anonymizing
>remailers which give all incoming users the same outgoing name, or the
>Anonymous Coward comments in /. (Disregard for now details such as the
>/. admins being able to link an AC comment to an IP address.)

Fine. Ignore the output thereof as noise, it's probably safe to do so.
Though concordance programs are your friends. Behavior is biometric, after
all. The words you use give you away, and can be filtered accordingly. Ask
someone named Detweiller about that. Or, for that matter, Kaczynski. Or
your trading patterns in market. Just like your "fist", in telegraphy.


>"Perfect pseudonymity" is "can't tie it to meatspace".

See "who", above. Since we haven't quite gotten AI down just yet, that's
good enough for me, though I expect, like Genghis, and not True Names,
we'll figure out that "intelligence" is an emergent property of *active*
physical manifestation, and not a giant pile of data.

> Different
>communications from the same sender can be tied to each other.
>Examples include most of the free email services, and digitally
>signing a message sent through an anonymizer.

Yup. That's what I mean by reputation, if I take your meaning right.

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: [EMAIL PROTECTED]: Wikipedia & Tor]

[Roy M. Silvernail]

Quoting "R.A. Hettinga" <[EMAIL PROTECTED]>:

> At 8:43 AM -0700 9/27/05, James A. Donald wrote:
> >In the long run, reliable pseudonymity will prove more
> >valuable than reliable anonymity.
>
> Amen. And, at the extreme end of the curve, perfect psedudonymity *is*
> perfect anonymity.
>
> "Character. I wouldn't buy anything from a man with no character if he
> offered me all the bonds in Christendom."
>-- J. Pierpont Morgan, Testimony to Congress, 1913.
>
> Reputation is *everything* folks.

Damn good point.  Now that I think of it, all the classic examples of
"anonymous" publication were really pseudonymous.  (Publius, et al)
-- 
Roy M. Silvernail is [EMAIL PROTECTED], and you're not
"It's just this little chromium switch, here." - TFT
SpamAssassin->procmail->/dev/null->bliss
http://www.rant-central.com

Re: [EMAIL PROTECTED]: Wikipedia & Tor]

[R.A. Hettinga]

At 8:43 AM -0700 9/27/05, James A. Donald wrote:
>In the long run, reliable pseudonymity will prove more
>valuable than reliable anonymity.

Amen. And, at the extreme end of the curve, perfect psedudonymity *is*
perfect anonymity.

"Character. I wouldn't buy anything from a man with no character if he
offered me all the bonds in Christendom."
   -- J. Pierpont Morgan, Testimony to Congress, 1913.

Reputation is *everything* folks.

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

/. [How Chinese Evade Government's Web Controls]

[Eugen Leitl]

Link: http://slashdot.org/article.pl?sid=05/09/27/1235203
Posted by: CmdrTaco, on 2005-09-27 13:37:00

   [1]Carl Bialik from the WSJ writes "China is moving to 'centralize all
   China-based Web news and opinion under a state regulator,' the Wall
   Street Journal reports, but determined citizens have found a way out
   of previous restrictions in what has become a cat-and-mouse game:
   '[2]Many Chinese Internet users, dismissing what they call government
   scare tactics, find ways around censorship. The government requires
   users of cybercafs to register with their state-issued ID cards on
   each visit, but some users avoid cybercaf registration by paying off
   owners. In response, the government has installed video cameras in
   some cafs and shut others. ... While certain words such as "democracy"
   are banned in online chat rooms, China's Web users sometimes transmit
   sensitive information as images, or simply speak in code, inserting
   special characters such as underscoring into typing.' Also noteworthy
   is that major portals seem to be cooperating with authorities'
   restrictions: 'Insiders who work for the big portal sites say they are
   already in regular contact with authorities about forbidden topics,
   such as the outlawed Falun Gong religious group, which their teams of
   Web editors pull off bulletin boards.'"

References

   1. mailto:[EMAIL PROTECTED]
   2. 
http://online.wsj.com/public/article/0,,SB112777213097452525-zRQZ3S8IZkZDPMZNay0R6RUfXOw_20060926,00.html?mod=blogs

- End forwarded message -
-- 
Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature

Re: [EMAIL PROTECTED]: Wikipedia & Tor]

[James A. Donald]

--
From:   "Tyler Durden"
<[EMAIL PROTECTED]>
> A very subtle attack, perhaps? If I were so-and-so, I
> consider it a real coup to stop the kinds of
> legitimate Wikipedia entries that might be made from
> Tor users. And if this is the case, you can bet that
> there are other "obvious" targets that have been
> hammered through Tor.

In the long run, reliable pseudonymity will prove more
valuable than reliable anonymity.


--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 wE/La87xersBx39sShMCS6TkdqJr6DSYslVdXZkf
 4GY6BRCS/b8OBic0E/U36X+dc1UIs2oNAkWyXXCQB

Re: [EMAIL PROTECTED]: Wikipedia & Tor]

[Tyler Durden]

What's the problem here? The Wikipedia guy sees lots of garbage coming out 
of IP address set {X} so he blocks said address set. Somewhat regrettable 
but no suprise, is it?


On the other hand, doesn't it seem a little -odd- that the Tor network is 
already being "used" in this way? Granted, even I the great Tyler Durden was 
able to get a Tor client up-and-running, but I find it suspicious that this 
early wave of Tor users also happen to have a high % of vandals...something 
stinks.


A very subtle attack, perhaps? If I were so-and-so, I consider it a real 
coup to stop the kinds of legitimate Wikipedia entries that might be made 
from Tor users. And if this is the case, you can bet that there are other 
"obvious" targets that have been hammered through Tor.


In other words, someone said, "Two can play at this game."

-TD




From: "Roy M. Silvernail" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [EMAIL PROTECTED]: Wikipedia & Tor]
Date: Tue, 27 Sep 2005 10:02:09 -0400

Quoting Eugen Leitl <[EMAIL PROTECTED]>:

> - Forwarded message from Arrakis Tor <[EMAIL PROTECTED]> -

> This is a conversation with Jimmy Wales regarding how we can get
> Wikipedia to let Tor get through.

> I completely fail to comprehend why Tor server operators consistently
> refuse to take responsibility for their crazed users.

On one hand, this shows a deep misunderstanding of Tor and its purposes. On 
the
other, I remain disappointed in the number of vandals that take advantage 
of

Tor and other anonymizing services. On the gripping hand, perhaps the Wiki
philosophy is flawed.
--
Roy M. Silvernail is [EMAIL PROTECTED], and you're not
"It's just this little chromium switch, here." - TFT
SpamAssassin->procmail->/dev/null->bliss
http://www.rant-central.com

Re: [EMAIL PROTECTED]: Wikipedia & Tor]

[Roy M. Silvernail]

Quoting Eugen Leitl <[EMAIL PROTECTED]>:

> - Forwarded message from Arrakis Tor <[EMAIL PROTECTED]> -

> This is a conversation with Jimmy Wales regarding how we can get
> Wikipedia to let Tor get through.

> I completely fail to comprehend why Tor server operators consistently
> refuse to take responsibility for their crazed users.

On one hand, this shows a deep misunderstanding of Tor and its purposes. On the
other, I remain disappointed in the number of vandals that take advantage of
Tor and other anonymizing services. On the gripping hand, perhaps the Wiki
philosophy is flawed.
-- 
Roy M. Silvernail is [EMAIL PROTECTED], and you're not
"It's just this little chromium switch, here." - TFT
SpamAssassin->procmail->/dev/null->bliss
http://www.rant-central.com

IMPORTANT NOTIFICATION

[service]

 
 
Dear Minder Member,  
We have temporarily suspended your email account [EMAIL PROTECTED] 
This might be due to either of the following reasons:  
1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
See the details to reactivate your Minder account. 
Sincerely,The Minder Support Team  
 
+++ Attachment: No Virus (Clean) 
+++ Minder Antivirus - www.minder.net 
 
 

[EMAIL PROTECTED]: Wikipedia & Tor]

[Eugen Leitl]

- Forwarded message from Arrakis Tor <[EMAIL PROTECTED]> -

From: Arrakis Tor <[EMAIL PROTECTED]>
Date: Tue, 27 Sep 2005 07:48:22 -0500
To: [EMAIL PROTECTED]
Subject: Wikipedia & Tor
Reply-To: [EMAIL PROTECTED]

This is a conversation with Jimmy Wales regarding how we can get
Wikipedia to let Tor get through.




> Anyone with a port 80 can vandalize your website.

Yes, but we notice that we can control a significant amount of vandalism
by blocking ip numbers which have proven to be particularly problematic.
 TOR servers are among the absolute worst.  And TOR operators don't seem
to care.

 We go to the trouble
> to  block  all  the  file  sharing clients, and often abused ports and
> protocols like IRC. Many of us typically block ports which do not have
> any  legitimate  reason for being used. If all it take is a port 80 to
> vandalize  the  wikipedia,  of which port 80 is a public service, then
> there  is  no point in discriminating against Tor users since every IP
> is an equal opportunity offender.

Equal *opportunity*, but we have very strong empirical evidence here.
TOR ip numbers are the worst offenders that we have seen.  People use
TOR specifically to hide their identity, specifically to vandalize
wikipedia.

> You say that tor is quite irresponsibly managed. How would you propose
> we manage tor servers differently?

Ban users who vandalize wikipedia.  That'd be a start.  Rate limit edits
at Wikipedia, that'd be good.  Write an extension to your software which
would help us to distinguish between "trusted" and "newbie" Tor clients.

I completely fail to comprehend why Tor server operators consistently
refuse to take responsibility for their crazed users.

- End forwarded message -
-- 
Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature

You have successfully updated your password

[info]

 
 
Dear user cypherpunks,  
You have successfully updated the password of your Minder account. 
If you did not authorize this change or if you need assistance with your account, please contact Minder customer service at: [EMAIL PROTECTED] 
Thank you for using Minder! 
The Minder Support Team  
 
+++ Attachment: No Virus (Clean) 
+++ Minder Antivirus - www.minder.net 
 
 

[EMAIL PROTECTED]: RE: [p2p-hackers] Re: [rest-discuss] Re: RESTful authorization]

[Eugen Leitl]

- Forwarded message from Nick Lothian <[EMAIL PROTECTED]> -

From: Nick Lothian <[EMAIL PROTECTED]>
Date: Tue, 27 Sep 2005 11:05:31 +0930
To: "Peer-to-peer development." <[EMAIL PROTECTED]>
Subject: RE: [p2p-hackers] Re: [rest-discuss] Re: RESTful authorization
Reply-To: "Peer-to-peer development." <[EMAIL PROTECTED]>

> 
> p2p-hackers, meet rest-discuss.  rest-discuss, I'd like to 
> introduce you to p2p-hackers.
> 
> RESTafarians: there is a long-running conversation on 
> p2p-hackers about friendnets, also known as darknets, small 
> world networks, and F2F networks; also capabilities security, 
> sometimes known as smart contracts.  An example thread begins 
> at http://zgp.org/pipermail/p2p-hackers/2005-August/002915.html 
> 
> p2p-hackers: Tyler Close' method for HTTP access control 
> using nothing but unguessable (and secret) URIs came up on 
> REST-discuss.  That thread begins at 
> http://groups.yahoo.com/group/rest-discuss/message/5228  In 
> the context of friendnets, Tyler's scheme is a beautifully 
> simple way of controlling access using nothing but low-tech 
> means.  Not only does it limit access to trusted parties, it 
> also allows for transitive relationships.  (Warning: his 
> scheme is counterintuitive, since the dependence on secret 
> URLs smells like security through obscurity).
> 

Interesting idea.

It may not be security via obscurity, but it does appear to ignore a
number of practical considerations.

For instance, what about the secret URL being passed on in referrer
headers to other pages? I think some browsers block it when you go from
a secure page to a non-secure page on another site (although I'm unsure
about that). The argument that users shouldn't put links to on a secured
page is more surprising than the things it is trying to avoid (to me
anyway).

OTOH, all browsers block HTTP authenticaion credentials from being
passed in the referrer header.

Nick
___
p2p-hackers mailing list
[EMAIL PROTECTED]
http://zgp.org/mailman/listinfo/p2p-hackers
___
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

- End forwarded message -
-- 
Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature