Re: [EMAIL PROTECTED]: Wikipedia Tor]
Damn good point. Now that I think of it, all the classic examples of anonymous publication were really pseudonymous. (Publius, et al) They have different requirements. Votes and cash transactions and similar things require no history, no reputation. They're one-shot actions that should not be linkable to other actions. Pseudonyms are used everywhere in practice, because even my name is effectively a pseudonym unless you have some reason to try to link it to a meatspace human. This is why it's worth reading a book by Mark Twain, even though that wasn't his real name. And it would be worth reading those books even if we had no idea who had really written them. The reuptation and history of the author lets you decide whether you want to read the next of his books. The same is true of academic papers--you don't need to have met me or even to be able to find me, in order to read my papers and develop an opinion (hopefully a good one) about the quality of my work. And that determines whether you think the next paper is worth reading. --John
Re: [EMAIL PROTECTED]: Wikipedia Tor]
In many segments of the credit card insutry meatspace is also irrelevant. Anyone with a FICO greater than about 680 is almost certainly concered with maintaining their reputation with the current crop of TRWs of the world...collections efforts leverage the potential damage to the reputation, and only very gradually (if ever) fall back into actual meatspace threats (ie, docking your pay, etc...). And in many cases meatspace threats are forgone due to the collections effort (times probability of collection) yielding more than what would be recovered. So for many, it's effectively been psuedonyms for years, though their psuedonyms happen to correspond to their true names. -TD From: John Kelsey [EMAIL PROTECTED] To: Roy M. Silvernail [EMAIL PROTECTED],R.A. Hettinga [EMAIL PROTECTED] CC: James A. Donald [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Wikipedia Tor] Date: Sat, 1 Oct 2005 10:01:51 -0400 (GMT-04:00) Damn good point. Now that I think of it, all the classic examples of anonymous publication were really pseudonymous. (Publius, et al) They have different requirements. Votes and cash transactions and similar things require no history, no reputation. They're one-shot actions that should not be linkable to other actions. Pseudonyms are used everywhere in practice, because even my name is effectively a pseudonym unless you have some reason to try to link it to a meatspace human. This is why it's worth reading a book by Mark Twain, even though that wasn't his real name. And it would be worth reading those books even if we had no idea who had really written them. The reuptation and history of the author lets you decide whether you want to read the next of his books. The same is true of academic papers--you don't need to have met me or even to be able to find me, in order to read my papers and develop an opinion (hopefully a good one) about the quality of my work. And that determines whether you think the next paper is worth reading. --John
Re: [EMAIL PROTECTED]: Wikipedia Tor]
Damn good point. Now that I think of it, all the classic examples of anonymous publication were really pseudonymous. (Publius, et al) They have different requirements. Votes and cash transactions and similar things require no history, no reputation. They're one-shot actions that should not be linkable to other actions. Pseudonyms are used everywhere in practice, because even my name is effectively a pseudonym unless you have some reason to try to link it to a meatspace human. This is why it's worth reading a book by Mark Twain, even though that wasn't his real name. And it would be worth reading those books even if we had no idea who had really written them. The reuptation and history of the author lets you decide whether you want to read the next of his books. The same is true of academic papers--you don't need to have met me or even to be able to find me, in order to read my papers and develop an opinion (hopefully a good one) about the quality of my work. And that determines whether you think the next paper is worth reading. --John
Re: [EMAIL PROTECTED]: Wikipedia Tor]
In many segments of the credit card insutry meatspace is also irrelevant. Anyone with a FICO greater than about 680 is almost certainly concered with maintaining their reputation with the current crop of TRWs of the world...collections efforts leverage the potential damage to the reputation, and only very gradually (if ever) fall back into actual meatspace threats (ie, docking your pay, etc...). And in many cases meatspace threats are forgone due to the collections effort (times probability of collection) yielding more than what would be recovered. So for many, it's effectively been psuedonyms for years, though their psuedonyms happen to correspond to their true names. -TD From: John Kelsey [EMAIL PROTECTED] To: Roy M. Silvernail [EMAIL PROTECTED],R.A. Hettinga [EMAIL PROTECTED] CC: James A. Donald [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Wikipedia Tor] Date: Sat, 1 Oct 2005 10:01:51 -0400 (GMT-04:00) Damn good point. Now that I think of it, all the classic examples of anonymous publication were really pseudonymous. (Publius, et al) They have different requirements. Votes and cash transactions and similar things require no history, no reputation. They're one-shot actions that should not be linkable to other actions. Pseudonyms are used everywhere in practice, because even my name is effectively a pseudonym unless you have some reason to try to link it to a meatspace human. This is why it's worth reading a book by Mark Twain, even though that wasn't his real name. And it would be worth reading those books even if we had no idea who had really written them. The reuptation and history of the author lets you decide whether you want to read the next of his books. The same is true of academic papers--you don't need to have met me or even to be able to find me, in order to read my papers and develop an opinion (hopefully a good one) about the quality of my work. And that determines whether you think the next paper is worth reading. --John
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
On 29 Sep 2005 09:57:54 -0400, Tyler Durden wrote: One way to build a psuedo-pseudonymous mechanism to hang off of Tor that would be easy for the Wikipedians to deal with would be to have a server that lets you connect to it using Tor, log in using some authentication protocol or other, then have it generate different outgoing addresses based on your ID. So user #37 gets to initiate connections from 10.0.0.37, user #258 gets to initiate connections from 10.0.1.2, etc. Isn't the IPv4 address space potentially too small in the intermediate run for this approach? Sounds like you'd need IPv6... -TD Walking away from TOR and Wikipedia implementations... Already, IPs have reputations associated with them and serve as pseudonyms. Blacklists are one example of this reputation being used or abused. In some distant future, with the switch to IPv6, there exists the potential for so many entities to have IPs that IPs will function as identities on a much broader scale. This will facilitate a great deal of reputation and trust being established on the basis of IPs with other measures, similar to the early days of the net but with a less open mentality. And, off on a tangent... (Since this was still in my shorter term memory after the NYC BSD Con a few weeks ago...) The general point of DKIM (http://mipassoc.org/dkim/index.html) is to have a sender domain mail server sign messages, and then a receiver domain mail server can query the public key for the sender domain and verify the signature. DKIM suggested that public keys be stored in DNS records for domains. While this storage could be per domain, it could also be per sub-domain, per end entities of a domain, etc. Given the driver to combat spam, you never know, something like this could happen in the next few years. Issues of the capabilities of the current DNS and DNS security infrastructure aside, we then have a universal public key distribution mechanism. So, IPs can be tied to domains, domains can be tied to public keys, sub-domains, or end entities, sub-domains can be tied to public keys or end entities, end entities can be tied to public keys, and so on and so forth. Reputations can be built, and there are lots of ways of establishing trust for keys as needed, be it simple PKI, web of trust, etc. It all seems more fluid than anything we have now. A lot could then happen for end users transparently, much like when they swipe a credit card. DKIM is just one example of that. -Andrew
[EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]]]
- Forwarded message from cyphrpunk [EMAIL PROTECTED] - From: cyphrpunk [EMAIL PROTECTED] Date: Thu, 29 Sep 2005 16:44:37 -0700 To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]] Reply-To: [EMAIL PROTECTED] One of the problems with the idea of a pseudonym service distinguishing between good and 'bad users is that it has no way on its own of telling the difference. The service manages pseudonyms, which are intended to be used out on the web in some way. But the service can't tell if people are playing nicely or not. The only way this could happen is if the service receives *complaints*. This is the only feedback mechanism possible. I gather that Tor does in fact send out complaints about people who misbehave. Perhaps blog services do so as well. One problem is that these complaints generally don't arrive in real time. It takes time for a human being to notice that some vandalism has occured and register a complaint. If the pseudonym service is going to be able to respond, it has to know which pseudonym was active at the time the bad actions occured. Jimmy Wales very accurately describes the problem with pseudonyms at the web-server level. If Wikipedia or blog comments require the use of pseudonyms, these can be linked after the fact. I am very sensitive to this problem myself. The implied solution is that the pseudonym service would maintain the pseudonyms, but would not reveal them to the web service. Rather, it would only provide a certificate that the pseudonym is currently in good standing, i.e. it has not received (too many) complaints. This implies that the pseudonym service must maintain a record of recently used pseudonyms, and have some way of mapping them to what the web services (which issue the complaints, services like Wikipedia) would have seen. This mapping might be by IP address, or if Wikipedia and other services are willing to do more, it could perhaps be an opaque identifier which the pseudonym service provided at the time the web service (Wikipedia) asked whether this pseudonym was a good guy or not. As a specific example, the pseudonym service might have replied, to a query from Wikipedia, Yes, this user is a good guy, and the sequence number of this reply is #1493002. Then later if abuse occured, Wikipedia (or the blog service, or other victim of vandalism) comes back and said we had a problem with the user who was certified with sequence number #1493002. The pseudonym server would map this back to the pseudonym in use at that time, and invalidate the pseudonym (or at least give it a bad mark, with enough such marks killing the nym). The main problems with this solution are first, it requires considerable manual work on the part of the pseudonym server, similar to the work necessary at an ISP to resolve complaints about users. It could be a full time job. And second, it requires custom software at Wikipedia and other web services that might be willing to work to implement such a solution. The second problem could be alleviated by the use of a related service, a web proxy that is only for good pseudonyms. The web proxy would provide transparent pass-through similar to anonymizer.com, but only for users who were able to provide the kind of certification described above, from the pseudonym server. In this way, the outgoing IP addresses belonging to the web proxy would be good from the POV of Wikipedia and other web services. Those services could continue to use IP blocking as one of their main tools for handling misuse, treating the web proxy service as being like an ISP. The web proxy service could be bundled with the pseudonym service, or they could exist independently. CP - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
Quoting Bill Stewart [EMAIL PROTECTED]: One way to build a psuedo-pseudonymous mechanism to hang off of Tor that would be easy for the Wikipedians to deal with would be to have a server that lets you connect to it using Tor, log in using some authentication protocol or other, then have it generate different outgoing addresses based on your ID. So user #37 gets to initiate connections from 10.0.0.37, user #258 gets to initiate connections from 10.0.1.2, etc. The problem I see with this is that it continues to train Wikipedia to use IP addresses as credentials. That's a Bad Thing IMHO. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
At 05:37 PM 9/27/2005, lists wrote: Tyler Durden wrote: Sorry...I don't understand...why would psuedonymity services be provided within Tor? I find the concept of having both pseudonymous and anonymous traffic through TOR quite interesting. In some cases, you really do wish to just TOR itself does not necessarily have to deal with this. There could be services flowing through TOR that provide this. However, TOR nodes implementing pseudonymous traffic for their own network seems more natural and easier to do. One way to build a psuedo-pseudonymous mechanism to hang off of Tor that would be easy for the Wikipedians to deal with would be to have a server that lets you connect to it using Tor, log in using some authentication protocol or other, then have it generate different outgoing addresses based on your ID. So user #37 gets to initiate connections from 10.0.0.37, user #258 gets to initiate connections from 10.0.1.2, etc. The reason to use Tor mechanisms is to make connection potentially easier by reducing the number of mechanisms a client needs; the reason to use different IP addresses is for Wikipedia's convenience. It's mainly useful in environments where you can use private address space, so if you're running it on a Tor-friendly location as opposed to Wikipedia's rack space, you might want to tunnel it across the Internet through something other mechanism such as GRE/L2TP/IPSEC/etc.
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
One way to build a psuedo-pseudonymous mechanism to hang off of Tor that would be easy for the Wikipedians to deal with would be to have a server that lets you connect to it using Tor, log in using some authentication protocol or other, then have it generate different outgoing addresses based on your ID. So user #37 gets to initiate connections from 10.0.0.37, user #258 gets to initiate connections from 10.0.1.2, etc. Isn't the IPv4 address space potentially too small in the intermediate run for this approach? Sounds like you'd need IPv6... -TD
Re: Wikipedia Tor
That's trivial: charge Tor-originated users for editing. That 0.0001% (all three of them) that actually contributes to Wikipedia will be resourceful enough to create untraceable payment accounts. ..and ensure that all future Tor-originated Wikipedia entries are about anonymous payments and transactions... -TD
Re: Wikipedia Tor
But now we're back to the question: how can Tor be improved to deal with this very serious and important problem? What are the steps that might be taken, however imperfect, to reduce the amount of abuse coming from Tor nodes? That's trivial: charge Tor-originated users for editing. That 0.0001% (all three of them) that actually contributes to Wikipedia will be resourceful enough to create untraceable payment accounts. end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
Quoting Bill Stewart [EMAIL PROTECTED]: One way to build a psuedo-pseudonymous mechanism to hang off of Tor that would be easy for the Wikipedians to deal with would be to have a server that lets you connect to it using Tor, log in using some authentication protocol or other, then have it generate different outgoing addresses based on your ID. So user #37 gets to initiate connections from 10.0.0.37, user #258 gets to initiate connections from 10.0.1.2, etc. The problem I see with this is that it continues to train Wikipedia to use IP addresses as credentials. That's a Bad Thing IMHO. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
[EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]]]
- Forwarded message from Nick Mathewson [EMAIL PROTECTED] - From: Nick Mathewson [EMAIL PROTECTED] Date: Thu, 29 Sep 2005 00:38:01 -0400 To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]] User-Agent: Mutt/1.4.2.1i Reply-To: [EMAIL PROTECTED] Hi again, Jimmy! On Wed, Sep 28, 2005 at 06:57:37AM -0400, Jimmy Wales wrote: [...] I said no such thing. Tor servers exist for the sole purpose of aiding people who have a genuine need for privacy. Tor operators by and large are unhappy that Tor users can't edit Wikipedia, and are genuinely interested in exploring solutions, especially solutions which involve changes or enhancements to the Tor architecture which help solve the problem not just for Wikipedia but for _all_ internet services which desire to carefully balance a desire for privacy and openness against abuse. I think I've identified one of the reasons some people here are disturbed about your suggestions. When you talk about changing the Tor architecture, they think you mean changes to Tor that would require all users to have pseudonyms, or ostracize the users who didn't. When you say Tor should do X, they think you mean the Tor software should do X.{1} If that were what you meant, they would be right to be concerned. Pseudonymity is wrong for many users. Complicating the core Tor implementation would be bad. But these aren't your goals, if I understand correctly. Wikipedia doesn't ultimately care how Tor is implemented, or what it contains, so long as it is significantly less effective as a tool for Wikipedia abuse. Yes? This could be achieved, as some people fear, through modifying the core of Tor. But that isn't the only way to change matters. As discussed, introducing a separate pseudonymous authentication service (perhaps even an anonymous credential service, if we can find a way to do this without patent infringement) would serve just as well, and require no modifications to the Tor code. Users who didn't want to use such a service would be no worse off than they are today. Users who wanted to use Tor and edit Wikipedia at the same time could decide whether the implications of such a service were acceptable to them. {1} To be clear, I think that it's more accurate to talk about changes to the User/Tor/Wikipedia interaction, and to suggest a need for action by the Tor project and its supporters, than to talk about a need for changes in Tor's architecture, and a need for action by Tor. yrs, -- Nick Mathewson - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
[EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]]]
- Forwarded message from David Benfell [EMAIL PROTECTED] - From: David Benfell [EMAIL PROTECTED] Date: Thu, 29 Sep 2005 02:59:44 -0700 To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]] User-Agent: Mutt/1.5.7i Reply-To: [EMAIL PROTECTED] On Thu, 29 Sep 2005 00:17:07 -0400, Nick Mathewson wrote: I assume that you're not just ignoring everybody else and replying only to what Jimmy says, right? There have been other posts here explaining why pseudonymity and Tor are not at odds, so long as pseudonymity is user selected. Pseudonyms are a separate problem from Tor. As someone posted, Tor does not prevent people from using pseudonyms. If pseudonyms will solve Wikipedia's problem, then fine; a good portion of this argument has been about Wikipedia's need for authentication. See my comments following your footnote. Wikipedia has user accounts and IP-based blocking. That's a kind of authentication. Wikipedia does not require you to use a user account to edit pages, and does not do much to ensure that user accounts belong to real people. That's a lack of authentication. Now why couldn't *he* say that? The man's involved with an encyclopedia project; he should be able to write. The way this particular aspect of our disagreement arose is that I accused him of wanting Tor to do his authentication for him. He claimed that Wikipedia does do its own authentication. Now you explain that Wikipedia does not *require* authentication. Which undermines the usefulness of offering authentication. It's like how Tor blocks some highly-abusable services, like SMTP on port 25, but doesn't do content filtering to try to hunt for abusive behavior on exiting streams. We filter out some abuse, but we can't filter out all abuse without turning off the network. An anti-Tor rhetorician could say, You filter abuse, but you don't filter abuse! But what would that prove? You are attempting to compare Tor's security policy to Wikipedia's security policy. Tor has a security policy. Tor's security policy is to protect originating IP addresses which might be connected to persons. We hope, in combination with Privoxy, it protects anonymity reasonably well. On the reasonable (I think) premise that other sites are primarily responsible for their own security, it only limits some abuse. Now, what is Wikipedia's security policy? With no authentication requirement, and a policy that allows anyone to edit (unless they're connecting from a blacklisted IP address), I might as well ask, What is truth? {1} This case is more commonly known, in the literature, as pseudonymous communication than anonymous communication. Then again, if you're going to invoke dictionaries in a technical discussion, anonymity becomes a very broad term. But Tor is about anonymity. Not about pseudonymity. Not about other forms of authentication. As it should be. From a communication perspective, anonymity has a very specific meaning. It means we cannot identify a person. Note that the failure to identify a person makes no reference to kind of identification. There need be no preference for real life names versus pseudonyms versus IP addresses versus whatever else you can think of. Anything that identifies a person contradicts the concept that this person is anonymous. This has practical implications. For instance, as someone pointed out, when the Chinese police raid a dissident's apartment, and search his hard drive, they are able to tie the pseudonym to a real life identity. If the police can also connect the pseudonym to what they consider crime, the distinction between a pseudonym and a real life name loses much of its value; hopefully, the pseudonym permitted the dissident to continue his activities for longer. Now, I will certainly agree, as someone else pointed out, that Tor should permit the use of pseudonyms or other forms of authentication. But the fact remains that any identification--as implied by authentication--contradicts anonymity; it is therefore something which Tor should not involve itself with. Simply put, it is not and cannot be Tor's problem. -- David Benfell, LCP [EMAIL PROTECTED] --- Resume available at http://www.parts-unknown.org/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
[EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]]]
- Forwarded message from Jimmy Wales [EMAIL PROTECTED] - From: Jimmy Wales [EMAIL PROTECTED] Date: Thu, 29 Sep 2005 07:40:41 -0400 To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]] User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) Reply-To: [EMAIL PROTECTED] Nick Mathewson wrote: But these aren't your goals, if I understand correctly. Wikipedia doesn't ultimately care how Tor is implemented, or what it contains, so long as it is significantly less effective as a tool for Wikipedia abuse. Yes? That's right. I'm not an expert in Tor-ish matters, and so despite my strident manner at times, I am very happy to learn more and understand why some initial suggestion I might have has already been considered and rejected with good cause. And as an ongoing gesture of goodwill, let me explain _why_ I want Tor to be significantly less effective as a tool for Wikipedia abuse. It isn't because Tor is a threat to our work. One of the nice things about how Tor is implemented is that we can easily get a list of the exit servers and block them. Problem solved. No, the reason I am interested in exploring possibilities for reducing the abuse is not to protect wikipedia, but to make it possible for Tor's goals to be achieved more effectively. {1} To be clear, I think that it's more accurate to talk about changes to the User/Tor/Wikipedia interaction, and to suggest a need for action by the Tor project and its supporters, than to talk about a need for changes in Tor's architecture, and a need for action by Tor. Yes. The one thing I should caution against, though, is assuming that the right solution to the problem should involve anything complicated on the part of Wikipedia. We're willing to do whatever, but I'm also interested in how this problem can be solved more generally. In this way, tor servers can be allowed to post anonymously and in a hit-and-run fashion to blogs, for example. --Jimbo - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
One way to build a psuedo-pseudonymous mechanism to hang off of Tor that would be easy for the Wikipedians to deal with would be to have a server that lets you connect to it using Tor, log in using some authentication protocol or other, then have it generate different outgoing addresses based on your ID. So user #37 gets to initiate connections from 10.0.0.37, user #258 gets to initiate connections from 10.0.1.2, etc. Isn't the IPv4 address space potentially too small in the intermediate run for this approach? Sounds like you'd need IPv6... -TD
Re: Wikipedia Tor
That's trivial: charge Tor-originated users for editing. That 0.0001% (all three of them) that actually contributes to Wikipedia will be resourceful enough to create untraceable payment accounts. ...and ensure that all future Tor-originated Wikipedia entries are about anonymous payments and transactions... -TD
Re: Wikipedia Tor
But now we're back to the question: how can Tor be improved to deal with this very serious and important problem? What are the steps that might be taken, however imperfect, to reduce the amount of abuse coming from Tor nodes? That's trivial: charge Tor-originated users for editing. That 0.0001% (all three of them) that actually contributes to Wikipedia will be resourceful enough to create untraceable payment accounts. end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com
[EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]]]
- Forwarded message from Jimmy Wales [EMAIL PROTECTED] - From: Jimmy Wales [EMAIL PROTECTED] Date: Tue, 27 Sep 2005 19:50:52 -0400 To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]] User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) Reply-To: [EMAIL PROTECTED] Eugen Leitl wrote: Wikipedia already needs this sort of thing because of AOL IPs -- they have similar characteristics to Tor, in that a single IP produces lots of behavior, some good some bad. So Wikipedia understands that the transport layer isn't to blame, yet they persist in asking for changes in the Tor transport to address the problem of malicious users? *groan* Actually, the transport layer *is* to blame. I don't know how much more clear I can be about it. Because Tor users are almost universally bad, because almost no good edits come out of the Tor network, we block them. Why is it that Tor users are so bad? The main reason is that the anonymity provides them with cover. AOL users are sort of bad, but not universally bad. Why is that? It is in part because of the way their transport layer is designed. That's not the perception they need to change. They need to realize that if an avenue for action without responsibility exists, someone will use it. We *do* realize that. That's exactly what I'm talking about. Tor provides an avenue for action without responsibility, and people do use it. Wikis get defaced all the time *without* AOL or Tor, because the philosophy allows anyone to edit. It is that philosophy that is in error, not the transport layers used by the vandals. If what you're saying is I think it is fine for Wikipedia to block Tor, then you really aren't contributing productively to this conversation. There are some facts we know: we can usefully reduce the amount of anonymous grief we get by blocking Tor exit servers. So, this is what we are currently doing. I consider this unfortunate, but there you go. We are not looking for a perfect solution. Yes, Wikis will be vandalized. We're prepared to deal with that, we do deal with that. But what I am seeking is some efforts to think usefully about how to helpfully reconcile our dual goals of openness and privacy. I don't say privacy is wrong, so Tor should change their philosophy. I make no apologies for simply ignoring you if you say that openness is wrong, so Wikipedia should change their philosophy. Roger gets it. The Wikipedians don't. What is it that we don't get? This thread started off because a Tor server complained to me about the blocking, and part of my response is that one beef I have is that some people in the Tor community seem very happy to simply stick their heads in the sand and pretend that Wikipedians don't get it. That's not helpful. --Jimbo - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]]]
- Forwarded message from Jimmy Wales [EMAIL PROTECTED] - We are not looking for a perfect solution. Yes, Wikis will be vandalized. We're prepared to deal with that, we do deal with that. But what I am seeking is some efforts to think usefully about how to helpfully reconcile our dual goals of openness and privacy. Wikipedia should allow Tor users to register Wikipedia nyms. Then they could block: Tor users trying to edit without a nym; Tor users trying to edit with a nym that has a bad reputation; and they could rate-limit Tor users trying to edit with a nym that has insufficient history to be classified as good or bad; while not blocking Tor users trying to edit with a nym that has a good reputation. This will require some changes to the MediaWiki software that Wikipedia uses. AFAIK, there's currently no way to rate-limit nyms that have insufficient history, and blocks on IP addresses are currently all or nothing. --apb (Alan Barrett)
Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]]]
- Forwarded message from Jimmy Wales [EMAIL PROTECTED] - From: Jimmy Wales [EMAIL PROTECTED] Date: Tue, 27 Sep 2005 19:50:52 -0400 To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]] User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) Reply-To: [EMAIL PROTECTED] So Wikipedia understands that the transport layer isn't to blame, yet they persist in asking for changes in the Tor transport to address the problem of malicious users? *groan* Actually, the transport layer *is* to blame. I don't know how much more clear I can be about it. Because Tor users are almost universally bad, because almost no good edits come out of the Tor network, we block them. This is getting close to the 'agree to disagree' point, but I'll go one more round. No, the transport layer is not to blame. The malicious users are to blame. The subset of Tor users abusing Wikipedia may be almost universally bad, but that is still a subset, and doesn't indight Tor itself. If what you're saying is I think it is fine for Wikipedia to block Tor, then you really aren't contributing productively to this conversation. There are some facts we know: we can usefully reduce the amount of anonymous grief we get by blocking Tor exit servers. So, this is what we are currently doing. I consider this unfortunate, but there you go. What I'm saying is that Tor is designed to provide anonymity, and does this fairly well. That anonymity is at odds with the social contract where it provides an avenue for malicious action without responsibility, but that fact is not the fault of the anonymity or its enablers; it is the fault of the bad actors. We are not looking for a perfect solution. Yes, Wikis will be vandalized. We're prepared to deal with that, we do deal with that. But what I am seeking is some efforts to think usefully about how to helpfully reconcile our dual goals of openness and privacy. I don't say privacy is wrong, so Tor should change their philosophy. I make no apologies for simply ignoring you if you say that openness is wrong, so Wikipedia should change their philosophy. I'm not saying openness is wrong. I'm saying it has its costs, which you obviously already recognize, and reducing those costs may require embracing a less-than-fully-open philosophy. That modification may include blocking Tor exit nodes, based on the behavior of bad actors. That's unfortunate, but expedient. But trying to force-fit pseudonymity on the Tor anonymity model is an attempt to shift your costs onto Tor. Roger gets it. The Wikipedians don't. What is it that we don't get? That Tor is working as designed, and that the problem with bad actors using its cloak is a problem with the actors themselves. As Bob Hettinga noted elsewhere, perfect pseudonymity *is* perfect anonymity. Arguably, perfect pseudonymity is a more useful construct, but it is a much harder problem than anonymity. And given that perfect pseudonyms are perfectly disposable, that still won't address the bad actor problem completely. Openness requires responsibility, and responsibility implies accountability, so the only perfect solution is 100% meatspace correlation to enable enforcement of the social contract. That might solve your vandalism problem, but it introduces other issues. This thread started off because a Tor server complained to me about the blocking, and part of my response is that one beef I have is that some people in the Tor community seem very happy to simply stick their heads in the sand and pretend that Wikipedians don't get it. That's not helpful. Those people are not sticking their heads in the sand. They're correctly noting that nothing is broken except the bad actors. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
[EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]]]]]
- Forwarded message from Jimmy Wales [EMAIL PROTECTED] - From: Jimmy Wales [EMAIL PROTECTED] Date: Wed, 28 Sep 2005 09:27:12 -0400 To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) Reply-To: [EMAIL PROTECTED] Eugen Leitl wrote: What is it that we don't get? That Tor is working as designed, and that the problem with bad actors using its cloak is a problem with the actors themselves. Finally, we note that exit abuse must not be dismissed as a peripheral issue: when a system's public image suffers, it can reduce the number and diversity of that system's users, and thereby reduce the anonymity of the system itself. I'm pleased to report that the original design documents rightly agree with me that the it is in the interest of the longterm success of the Tor project that an attitude of throwing up our hands in defeat is not enough. Those people are not sticking their heads in the sand. They're correctly noting that nothing is broken except the bad actors. That *is* sticking their heads in the sand. Yes, we can lay moral blame on the bad actors. That's fine. Let's all stop typing for a minute or two and just _hate_ them for it. Ok, now we all feel better. :-) But now we're back to the question: how can Tor be improved to deal with this very serious and important problem? What are the steps that might be taken, however imperfect, to reduce the amount of abuse coming from Tor nodes? --Jimbo - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]]]
Quoting Alan Barrett [EMAIL PROTECTED]: - Forwarded message from Jimmy Wales [EMAIL PROTECTED] - We are not looking for a perfect solution. Yes, Wikis will be vandalized. We're prepared to deal with that, we do deal with that. But what I am seeking is some efforts to think usefully about how to helpfully reconcile our dual goals of openness and privacy. Wikipedia should allow Tor users to register Wikipedia nyms. Then they could block: Tor users trying to edit without a nym; Tor users trying to edit with a nym that has a bad reputation; and they could rate-limit Tor users trying to edit with a nym that has insufficient history to be classified as good or bad; while not blocking Tor users trying to edit with a nym that has a good reputation. s/Tor/all/g This is an excellent summation, except that there is no compelling reason to treat Tor-carried traffic differently than any other traffic. Credentialing and reputation tracking are good ideas, and should be applied universally. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
[EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]]]]]
- Forwarded message from Geoffrey Goodell [EMAIL PROTECTED] - From: Geoffrey Goodell [EMAIL PROTECTED] Date: Wed, 28 Sep 2005 09:55:41 -0400 To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor User-Agent: Mutt/1.5.6+20040907i Reply-To: [EMAIL PROTECTED] On Wed, Sep 28, 2005 at 09:27:12AM -0400, Jimmy Wales wrote: But now we're back to the question: how can Tor be improved to deal with this very serious and important problem? What are the steps that might be taken, however imperfect, to reduce the amount of abuse coming from Tor nodes? I think that we can agree that there are short-term and long-term solutions to this problem. In the short-term, we can block Tor nodes by routing address and develop special mechanisms to allow Tor users to edit Wikipedia content anyway. We can do this either via some sort of indirection or via some sort of special change to Wikipedia itself, working around the limitations in Mediawiki. We can focus on the short-term for now. However, I think that most proponents of Tor believe that in the long-term, Wikipedia should support location-independent users. So we need a plan going forward, and this plan should be sufficiently general to apply to any location-independent users, not just users of Tor. I think that many of us hope that some day the Internet will be flat and routing information will be useless in tracking identity or reputation. This will be difficult to achieve, but it is certainly my hope. As such, I am loath to encourage the design of systems that require any form of access control at the network layer, and I believe that the right thing to do is avoid such temptation, even if software tools like Mediawiki appear to be designed with network-layer access control in mind. Geoff - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
[EMAIL PROTECTED]: Re: Wikipedia Tor]
- Forwarded message from Jimmy Wales [EMAIL PROTECTED] - From: Jimmy Wales [EMAIL PROTECTED] Date: Wed, 28 Sep 2005 11:00:58 -0400 To: [EMAIL PROTECTED] Cc: Paul Syverson [EMAIL PROTECTED] Subject: Re: Wikipedia Tor User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) Reply-To: [EMAIL PROTECTED] Paul Syverson wrote: I want to emphasize a central aspect of my suggestion: The goal is not just to provide a filter for abusive posts, it's to change incentives. This is exactly the right approach! We can't know for sure without running the experiment, but my guess is that if abusive posts through Tor never succeed (OK perhaps virtually never), and if the process of posting through Tor informs posters of that fact, then Tor will become worth it for your admins. The abusers will disappear or greatly diminish because they will know from being warned, and if necessary from experience, that their attempts will fail. Posts through Tor will then mostly have value (in the sense of not being abusive in the ways that prompted this discussion.) I would say that even some fairly slight changes to the incentive structure may help a lot. The less desirable Tor is for problem users, the more they will shift to traditional broken open proxies. We can play whack-a-mole with these as we do now, while at the same time leaving Tor more open. Yes, I know (and I'm sure Jimmy knows) that this won't solve the longterm underlying issues. Abusive posters will just move on to another avenue than Tor. But I think it will be a quick, cheap, and big win for both Tor and Wikipedia. Yes, but I don't really mind them moving to other avenues. That's the point. If I didn't love Tor, I wouldn't care about blocking Tor either. Let them abuse broken proxy servers, let them do whatever, that's fine, we can deal with it. We just want to open up to Tor. Yes, as Marc Abel suggested you could implement passwords, pseudonyms, or hell ZKPs. But this is stepping onto the slippery slope of trying to solve the more longterm problem that using IP addresses in the way Wikipedia does is a temporarily useful kludge. (Kludges are great, but function creep is dangerous and can make for bigger problems in the long run.) Let me see if I can explain a bit more of the math behind this. I'm just going to make up a hypothetical example. Suppose 100 out of every 1,000,000 edits to Wikipedia is malicious. And suppose we study them and discover, hmm, 25 of them come from Tor, which is easily blockable. 50 of them come from static ips or dynamic ips that are expensive for users to get new. 25 of them are from broken proxies. Now, our present solution is to block Tor, do various things in other situations, and this works reasonably well. Of the 25 bad edits we block from Tor, some portion of them surely shift to other means, but not all of them. So we find it to be a net win. Except. Except we don't really like to block Tor. Now, fast forward, and imagine that the expensive ip situation goes away in a few years, either due to widespread onion routing, or whatever you may want to dream up that makes our temporary kludge of using ips no longer functional. Then we'll still only have 100 out of every 1,000,000 edits to Wikipedia as being malicious. How we'll deal with that is how we'll deal with that, but that's fine. We'll manage. For now the key thing to do is to shift the incentives on the bad users so that Tor is less desirable for them than playing with the broken proxies or just doing whatever with a dialup account or aol addresses or whatever. --Jimbo - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
At 05:37 PM 9/27/2005, lists wrote: Tyler Durden wrote: Sorry...I don't understand...why would psuedonymity services be provided within Tor? I find the concept of having both pseudonymous and anonymous traffic through TOR quite interesting. In some cases, you really do wish to just TOR itself does not necessarily have to deal with this. There could be services flowing through TOR that provide this. However, TOR nodes implementing pseudonymous traffic for their own network seems more natural and easier to do. One way to build a psuedo-pseudonymous mechanism to hang off of Tor that would be easy for the Wikipedians to deal with would be to have a server that lets you connect to it using Tor, log in using some authentication protocol or other, then have it generate different outgoing addresses based on your ID. So user #37 gets to initiate connections from 10.0.0.37, user #258 gets to initiate connections from 10.0.1.2, etc. The reason to use Tor mechanisms is to make connection potentially easier by reducing the number of mechanisms a client needs; the reason to use different IP addresses is for Wikipedia's convenience. It's mainly useful in environments where you can use private address space, so if you're running it on a Tor-friendly location as opposed to Wikipedia's rack space, you might want to tunnel it across the Internet through something other mechanism such as GRE/L2TP/IPSEC/etc.
Re: [EMAIL PROTECTED]: Wikipedia Tor]
Speaking of pseudonymity... At 12:53 PM -0400 9/27/05, Somebody wrote: Argh! Not this again! Yes, again, and I'll keep repeating it until you get it. :-). No, anonymity is don't know who sent it. For some definitions of who. To paraphrase a famous sink-washing president, it depends on who you mean by who. :-) Examples are anonymizing remailers which give all incoming users the same outgoing name, or the Anonymous Coward comments in /. (Disregard for now details such as the /. admins being able to link an AC comment to an IP address.) Fine. Ignore the output thereof as noise, it's probably safe to do so. Though concordance programs are your friends. Behavior is biometric, after all. The words you use give you away, and can be filtered accordingly. Ask someone named Detweiller about that. Or, for that matter, Kaczynski. Or your trading patterns in market. Just like your fist, in telegraphy. Perfect pseudonymity is can't tie it to meatspace. See who, above. Since we haven't quite gotten AI down just yet, that's good enough for me, though I expect, like Genghis, and not True Names, we'll figure out that intelligence is an emergent property of *active* physical manifestation, and not a giant pile of data. Different communications from the same sender can be tied to each other. Examples include most of the free email services, and digitally signing a message sent through an anonymizer. Yup. That's what I mean by reputation, if I take your meaning right. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [EMAIL PROTECTED]: Wikipedia Tor]
Quoting R.A. Hettinga [EMAIL PROTECTED]: At 8:43 AM -0700 9/27/05, James A. Donald wrote: In the long run, reliable pseudonymity will prove more valuable than reliable anonymity. Amen. And, at the extreme end of the curve, perfect psedudonymity *is* perfect anonymity. Character. I wouldn't buy anything from a man with no character if he offered me all the bonds in Christendom. -- J. Pierpont Morgan, Testimony to Congress, 1913. Reputation is *everything* folks. Damn good point. Now that I think of it, all the classic examples of anonymous publication were really pseudonymous. (Publius, et al) -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
At 8:37 PM -0400 9/27/05, lists wrote: Building a TOR nymspace would be much more interesting and distributed. Since the first time I met Dingledine, he was talking pseudonymity, bigtime. I was curious when he went to play with onion routers, but maybe I'm not so surprised anymore... Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
Tyler Durden wrote: Sorry...I don't understand...why would psuedonymity services be provided within Tor? I find the concept of having both pseudonymous and anonymous traffic through TOR quite interesting. In some cases, you really do wish to just separate yourself from your meatspace identity but you may want the reputation of a bitspace identity; in other cases, you want to completely separate yourself from any identity. There are audited anonymizers that provide a form of pseudonymity, in that, they know who you are and can regulate your behavior accordingly. These are generally in the commercial space. Building a TOR nymspace would be much more interesting and distributed. TOR itself does not necessarily have to deal with this. There could be services flowing through TOR that provide this. However, TOR nodes implementing pseudonymous traffic for their own network seems more natural and easier to do. Entry/exit nodes, some nodes, all nodes, or whatever subset makes the most sense could then authenticate pseudonymous traffic and determine capabilities based on things like reputation. But, that was not a why. Anonymity has the property of removing responsibility from the actor for their actions, which is not always a good thing. I am sure TOR exit nodes are hit with the responsibility for those actors, which can lead to the end of exit nodes. At a minimum, pseudonymity can provide a degree of responsibility through reputation. Exit nodes could support either pseudo or anon, or both, depending on beliefs, risks, etc. Also, users could select anon or pseudo as needed. I like choice. Anyway, that is a why and an interesting topic, but TOR has other things to focus on. -Andrew
[EMAIL PROTECTED]: Re: Wikipedia Tor]
- Forwarded message from Roger Dingledine [EMAIL PROTECTED] - From: Roger Dingledine [EMAIL PROTECTED] Date: Tue, 27 Sep 2005 15:54:38 -0400 To: [EMAIL PROTECTED] Subject: Re: Wikipedia Tor User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] On Tue, Sep 27, 2005 at 11:18:31AM -0400, Paul Syverson wrote: On Tue, Sep 27, 2005 at 10:27:58AM -0400, Matt Thorne wrote: everyone is so worried about it, but has any one ever been successfully been able to use tor to effectively spam anyone? No. Cf. http://tor.eff.org/faq-abuse.html#WhatAboutSpammers To be fair, this answer is yes. People have used Tor to deface Wikipedia pages, along with Slashdot pages, certain IRC networks, and so on. I think that counts as spam at least in a broad sense. A potential for cooperation is the proposal below for authenticated access to Wikipedia through Tor. I will not speak to any particular design here, but if Wikipedia has a notion of clients trusted to post to Wikipedia, it should be possible to work with them to have an authentication server that controls access to Wikipedia through Tor. As I understand it, Jimmy is hoping that we will develop and maintain this notion. We would run both halves of the Tor network, and when they complain about a user, we would cut that user out of the authenticated side. Jimmy and I talked about Tor-and-Wikipedia many months ago, and the conclusion was that they (mediawiki) would be willing to try a variety of technological solutions to see if they work (i.e. cut down on vandalism and aren't too much of a burden to run). My favorite is to simply have certain address classes where the block expires after 15 minutes or so. Brandon Wiley proposed a similar idea but where the block timeout is exponentially longer for repeated abuse, so services that are frequently blocked will stay blocked longer. This is great. But somebody needs to actually code it. Wikipedia already needs this sort of thing because of AOL IPs -- they have similar characteristics to Tor, in that a single IP produces lots of behavior, some good some bad. The two differences as I understand them are that AOL will cancel user accounts if you complain loudly enough (but there's constant tension here because in plenty of cases AOL decides not to cancel the account, so Wikipedia has to deal some other way like temporarily blocking the IP), and that it's not clear enough to the Wikipedia operators that there *are* good Tor users. (One might argue that it's hard for Wikipedia to change their perception and learn about any good Tor uses, firstly because good users will blend in and nobody will notice, and secondly because they've prevented them all from editing so there are no data points either way.) So I've been content to wait and watch things progress. Perhaps we will find a volunteer who wants to help hack the mediawiki codebase to be more authentication-friendly (or have more powerful blocking config options). Perhaps we'll find a volunteer to help build the blind-signature pseudonymous authenticated identity management infrastructure that Nick refers to. Perhaps the Wikimedia operators will increasingly get a sense that Tor has something to offer besides vandalism. (I presume this thread re-surfaced because Tor users and operators are periodically telling Wikipedia that they don't like being blocked.) Maybe we will come to the point eventually that it makes sense to do something different than blocking the Tor IP addresses from editing Wikipedia. (Which, we should all remember compared the Gentoo forum situation, is a great step above blocking them from both reading and writing.) It could be that we never reach that point. Certain services on the Internet (like some IRC networks) that are really prone to abuse are probably doing the right thing by blocking all Tor users (and all AOL users, and all open proxies, and ...). And we want to keep Tor easy to block, or we're really going to start getting the other communities angry at us. In summary, I'm not too unhappy with the status quo for now. Tor needs way more basic development / usability work still. In the absence of actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve the problem, I'm going to focus on continuing to make Tor better, so down the road maybe we'll be able to see better answers. --Roger - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
[yes, I know I'm preaching to the choir] - Forwarded message from Roger Dingledine [EMAIL PROTECTED] - A potential for cooperation is the proposal below for authenticated access to Wikipedia through Tor. I will not speak to any particular design here, but if Wikipedia has a notion of clients trusted to post to Wikipedia, it should be possible to work with them to have an authentication server that controls access to Wikipedia through Tor. As I understand it, Jimmy is hoping that we will develop and maintain this notion. We would run both halves of the Tor network, and when they complain about a user, we would cut that user out of the authenticated side. A non-good idea, as it goes against what Tor is all about. The problem to be overcome here really has nothing to do with Tor, as such. Wikipedia already needs this sort of thing because of AOL IPs -- they have similar characteristics to Tor, in that a single IP produces lots of behavior, some good some bad. So Wikipedia understands that the transport layer isn't to blame, yet they persist in asking for changes in the Tor transport to address the problem of malicious users? *groan* (One might argue that it's hard for Wikipedia to change their perception and learn about any good Tor uses, firstly because good users will blend in and nobody will notice, and secondly because they've prevented them all from editing so there are no data points either way.) That's not the perception they need to change. They need to realize that if an avenue for action without responsibility exists, someone will use it. Wikis get defaced all the time *without* AOL or Tor, because the philosophy allows anyone to edit. It is that philosophy that is in error, not the transport layers used by the vandals. Wiki, as someone mentioned to me in a private mail, is the SMTP of web publishing; it doesn't scale well in the presence of large concentrations of assholes. In summary, I'm not too unhappy with the status quo for now. Tor needs way more basic development / usability work still. In the absence of actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve the problem, I'm going to focus on continuing to make Tor better, so down the road maybe we'll be able to see better answers. Roger gets it. The Wikipedians don't. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]]]
Quoting Alan Barrett [EMAIL PROTECTED]: - Forwarded message from Jimmy Wales [EMAIL PROTECTED] - We are not looking for a perfect solution. Yes, Wikis will be vandalized. We're prepared to deal with that, we do deal with that. But what I am seeking is some efforts to think usefully about how to helpfully reconcile our dual goals of openness and privacy. Wikipedia should allow Tor users to register Wikipedia nyms. Then they could block: Tor users trying to edit without a nym; Tor users trying to edit with a nym that has a bad reputation; and they could rate-limit Tor users trying to edit with a nym that has insufficient history to be classified as good or bad; while not blocking Tor users trying to edit with a nym that has a good reputation. s/Tor/all/g This is an excellent summation, except that there is no compelling reason to treat Tor-carried traffic differently than any other traffic. Credentialing and reputation tracking are good ideas, and should be applied universally. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
RE: [EMAIL PROTECTED]: Re: Wikipedia Tor]
Sorry...I don't understand...why would psuedonymity services be provided within Tor? An external reputation/psuedonymity server would of course reduce a Tor users' anonymity to mere psuedonymity, but I don't see how it would do anything more, and who cares? If Wikipedia (or anyone) doesn't want to interact with the truly anonymous (as opposed to psuedonymous), then ah well. Solution: Wait and do nothing until someone (commericially) provides such services. Am I punchdrunk or stating the obvious? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: Wikipedia Tor] Date: Tue, 27 Sep 2005 21:57:50 +0200 - Forwarded message from Roger Dingledine [EMAIL PROTECTED] - From: Roger Dingledine [EMAIL PROTECTED] Date: Tue, 27 Sep 2005 15:54:38 -0400 To: [EMAIL PROTECTED] Subject: Re: Wikipedia Tor User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] On Tue, Sep 27, 2005 at 11:18:31AM -0400, Paul Syverson wrote: On Tue, Sep 27, 2005 at 10:27:58AM -0400, Matt Thorne wrote: everyone is so worried about it, but has any one ever been successfully been able to use tor to effectively spam anyone? No. Cf. http://tor.eff.org/faq-abuse.html#WhatAboutSpammers To be fair, this answer is yes. People have used Tor to deface Wikipedia pages, along with Slashdot pages, certain IRC networks, and so on. I think that counts as spam at least in a broad sense. A potential for cooperation is the proposal below for authenticated access to Wikipedia through Tor. I will not speak to any particular design here, but if Wikipedia has a notion of clients trusted to post to Wikipedia, it should be possible to work with them to have an authentication server that controls access to Wikipedia through Tor. As I understand it, Jimmy is hoping that we will develop and maintain this notion. We would run both halves of the Tor network, and when they complain about a user, we would cut that user out of the authenticated side. Jimmy and I talked about Tor-and-Wikipedia many months ago, and the conclusion was that they (mediawiki) would be willing to try a variety of technological solutions to see if they work (i.e. cut down on vandalism and aren't too much of a burden to run). My favorite is to simply have certain address classes where the block expires after 15 minutes or so. Brandon Wiley proposed a similar idea but where the block timeout is exponentially longer for repeated abuse, so services that are frequently blocked will stay blocked longer. This is great. But somebody needs to actually code it. Wikipedia already needs this sort of thing because of AOL IPs -- they have similar characteristics to Tor, in that a single IP produces lots of behavior, some good some bad. The two differences as I understand them are that AOL will cancel user accounts if you complain loudly enough (but there's constant tension here because in plenty of cases AOL decides not to cancel the account, so Wikipedia has to deal some other way like temporarily blocking the IP), and that it's not clear enough to the Wikipedia operators that there *are* good Tor users. (One might argue that it's hard for Wikipedia to change their perception and learn about any good Tor uses, firstly because good users will blend in and nobody will notice, and secondly because they've prevented them all from editing so there are no data points either way.) So I've been content to wait and watch things progress. Perhaps we will find a volunteer who wants to help hack the mediawiki codebase to be more authentication-friendly (or have more powerful blocking config options). Perhaps we'll find a volunteer to help build the blind-signature pseudonymous authenticated identity management infrastructure that Nick refers to. Perhaps the Wikimedia operators will increasingly get a sense that Tor has something to offer besides vandalism. (I presume this thread re-surfaced because Tor users and operators are periodically telling Wikipedia that they don't like being blocked.) Maybe we will come to the point eventually that it makes sense to do something different than blocking the Tor IP addresses from editing Wikipedia. (Which, we should all remember compared the Gentoo forum situation, is a great step above blocking them from both reading and writing.) It could be that we never reach that point. Certain services on the Internet (like some IRC networks) that are really prone to abuse are probably doing the right thing by blocking all Tor users (and all AOL users, and all open proxies, and ...). And we want to keep Tor easy to block, or we're really going to start getting the other communities angry at us. In summary, I'm not too unhappy with the status quo for now. Tor needs way more basic development / usability work still. In the absence of actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve the problem, I'm going to focus on continuing to make Tor better, so down the road maybe we'll be able
Re: [EMAIL PROTECTED]: Wikipedia Tor]
-- From: Tyler Durden [EMAIL PROTECTED] A very subtle attack, perhaps? If I were so-and-so, I consider it a real coup to stop the kinds of legitimate Wikipedia entries that might be made from Tor users. And if this is the case, you can bet that there are other obvious targets that have been hammered through Tor. In the long run, reliable pseudonymity will prove more valuable than reliable anonymity. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG wE/La87xersBx39sShMCS6TkdqJr6DSYslVdXZkf 4GY6BRCS/b8OBic0E/U36X+dc1UIs2oNAkWyXXCQB
Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]]]
- Forwarded message from Jimmy Wales [EMAIL PROTECTED] - We are not looking for a perfect solution. Yes, Wikis will be vandalized. We're prepared to deal with that, we do deal with that. But what I am seeking is some efforts to think usefully about how to helpfully reconcile our dual goals of openness and privacy. Wikipedia should allow Tor users to register Wikipedia nyms. Then they could block: Tor users trying to edit without a nym; Tor users trying to edit with a nym that has a bad reputation; and they could rate-limit Tor users trying to edit with a nym that has insufficient history to be classified as good or bad; while not blocking Tor users trying to edit with a nym that has a good reputation. This will require some changes to the MediaWiki software that Wikipedia uses. AFAIK, there's currently no way to rate-limit nyms that have insufficient history, and blocks on IP addresses are currently all or nothing. --apb (Alan Barrett)
[EMAIL PROTECTED]: Wikipedia Tor]
- Forwarded message from Arrakis Tor [EMAIL PROTECTED] - From: Arrakis Tor [EMAIL PROTECTED] Date: Tue, 27 Sep 2005 07:48:22 -0500 To: [EMAIL PROTECTED] Subject: Wikipedia Tor Reply-To: [EMAIL PROTECTED] This is a conversation with Jimmy Wales regarding how we can get Wikipedia to let Tor get through. Anyone with a port 80 can vandalize your website. Yes, but we notice that we can control a significant amount of vandalism by blocking ip numbers which have proven to be particularly problematic. TOR servers are among the absolute worst. And TOR operators don't seem to care. We go to the trouble to block all the file sharing clients, and often abused ports and protocols like IRC. Many of us typically block ports which do not have any legitimate reason for being used. If all it take is a port 80 to vandalize the wikipedia, of which port 80 is a public service, then there is no point in discriminating against Tor users since every IP is an equal opportunity offender. Equal *opportunity*, but we have very strong empirical evidence here. TOR ip numbers are the worst offenders that we have seen. People use TOR specifically to hide their identity, specifically to vandalize wikipedia. You say that tor is quite irresponsibly managed. How would you propose we manage tor servers differently? Ban users who vandalize wikipedia. That'd be a start. Rate limit edits at Wikipedia, that'd be good. Write an extension to your software which would help us to distinguish between trusted and newbie Tor clients. I completely fail to comprehend why Tor server operators consistently refuse to take responsibility for their crazed users. - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: [EMAIL PROTECTED]: Wikipedia Tor]
Quoting Eugen Leitl [EMAIL PROTECTED]: - Forwarded message from Arrakis Tor [EMAIL PROTECTED] - This is a conversation with Jimmy Wales regarding how we can get Wikipedia to let Tor get through. I completely fail to comprehend why Tor server operators consistently refuse to take responsibility for their crazed users. On one hand, this shows a deep misunderstanding of Tor and its purposes. On the other, I remain disappointed in the number of vandals that take advantage of Tor and other anonymizing services. On the gripping hand, perhaps the Wiki philosophy is flawed. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Re: [EMAIL PROTECTED]: Wikipedia Tor]
What's the problem here? The Wikipedia guy sees lots of garbage coming out of IP address set {X} so he blocks said address set. Somewhat regrettable but no suprise, is it? On the other hand, doesn't it seem a little -odd- that the Tor network is already being used in this way? Granted, even I the great Tyler Durden was able to get a Tor client up-and-running, but I find it suspicious that this early wave of Tor users also happen to have a high % of vandals...something stinks. A very subtle attack, perhaps? If I were so-and-so, I consider it a real coup to stop the kinds of legitimate Wikipedia entries that might be made from Tor users. And if this is the case, you can bet that there are other obvious targets that have been hammered through Tor. In other words, someone said, Two can play at this game. -TD From: Roy M. Silvernail [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Wikipedia Tor] Date: Tue, 27 Sep 2005 10:02:09 -0400 Quoting Eugen Leitl [EMAIL PROTECTED]: - Forwarded message from Arrakis Tor [EMAIL PROTECTED] - This is a conversation with Jimmy Wales regarding how we can get Wikipedia to let Tor get through. I completely fail to comprehend why Tor server operators consistently refuse to take responsibility for their crazed users. On one hand, this shows a deep misunderstanding of Tor and its purposes. On the other, I remain disappointed in the number of vandals that take advantage of Tor and other anonymizing services. On the gripping hand, perhaps the Wiki philosophy is flawed. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Re: [EMAIL PROTECTED]: Wikipedia Tor]
-- From: Tyler Durden [EMAIL PROTECTED] A very subtle attack, perhaps? If I were so-and-so, I consider it a real coup to stop the kinds of legitimate Wikipedia entries that might be made from Tor users. And if this is the case, you can bet that there are other obvious targets that have been hammered through Tor. In the long run, reliable pseudonymity will prove more valuable than reliable anonymity. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG wE/La87xersBx39sShMCS6TkdqJr6DSYslVdXZkf 4GY6BRCS/b8OBic0E/U36X+dc1UIs2oNAkWyXXCQB
Re: [EMAIL PROTECTED]: Wikipedia Tor]
At 8:43 AM -0700 9/27/05, James A. Donald wrote: In the long run, reliable pseudonymity will prove more valuable than reliable anonymity. Amen. And, at the extreme end of the curve, perfect psedudonymity *is* perfect anonymity. Character. I wouldn't buy anything from a man with no character if he offered me all the bonds in Christendom. -- J. Pierpont Morgan, Testimony to Congress, 1913. Reputation is *everything* folks. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [EMAIL PROTECTED]: Wikipedia Tor]
Quoting R.A. Hettinga [EMAIL PROTECTED]: At 8:43 AM -0700 9/27/05, James A. Donald wrote: In the long run, reliable pseudonymity will prove more valuable than reliable anonymity. Amen. And, at the extreme end of the curve, perfect psedudonymity *is* perfect anonymity. Character. I wouldn't buy anything from a man with no character if he offered me all the bonds in Christendom. -- J. Pierpont Morgan, Testimony to Congress, 1913. Reputation is *everything* folks. Damn good point. Now that I think of it, all the classic examples of anonymous publication were really pseudonymous. (Publius, et al) -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Re: [EMAIL PROTECTED]: Wikipedia Tor]
Speaking of pseudonymity... At 12:53 PM -0400 9/27/05, Somebody wrote: Argh! Not this again! Yes, again, and I'll keep repeating it until you get it. :-). No, anonymity is don't know who sent it. For some definitions of who. To paraphrase a famous sink-washing president, it depends on who you mean by who. :-) Examples are anonymizing remailers which give all incoming users the same outgoing name, or the Anonymous Coward comments in /. (Disregard for now details such as the /. admins being able to link an AC comment to an IP address.) Fine. Ignore the output thereof as noise, it's probably safe to do so. Though concordance programs are your friends. Behavior is biometric, after all. The words you use give you away, and can be filtered accordingly. Ask someone named Detweiller about that. Or, for that matter, Kaczynski. Or your trading patterns in market. Just like your fist, in telegraphy. Perfect pseudonymity is can't tie it to meatspace. See who, above. Since we haven't quite gotten AI down just yet, that's good enough for me, though I expect, like Genghis, and not True Names, we'll figure out that intelligence is an emergent property of *active* physical manifestation, and not a giant pile of data. Different communications from the same sender can be tied to each other. Examples include most of the free email services, and digitally signing a message sent through an anonymizer. Yup. That's what I mean by reputation, if I take your meaning right. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
[EMAIL PROTECTED]: Re: Wikipedia Tor]
- Forwarded message from Roger Dingledine [EMAIL PROTECTED] - From: Roger Dingledine [EMAIL PROTECTED] Date: Tue, 27 Sep 2005 15:54:38 -0400 To: [EMAIL PROTECTED] Subject: Re: Wikipedia Tor User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] On Tue, Sep 27, 2005 at 11:18:31AM -0400, Paul Syverson wrote: On Tue, Sep 27, 2005 at 10:27:58AM -0400, Matt Thorne wrote: everyone is so worried about it, but has any one ever been successfully been able to use tor to effectively spam anyone? No. Cf. http://tor.eff.org/faq-abuse.html#WhatAboutSpammers To be fair, this answer is yes. People have used Tor to deface Wikipedia pages, along with Slashdot pages, certain IRC networks, and so on. I think that counts as spam at least in a broad sense. A potential for cooperation is the proposal below for authenticated access to Wikipedia through Tor. I will not speak to any particular design here, but if Wikipedia has a notion of clients trusted to post to Wikipedia, it should be possible to work with them to have an authentication server that controls access to Wikipedia through Tor. As I understand it, Jimmy is hoping that we will develop and maintain this notion. We would run both halves of the Tor network, and when they complain about a user, we would cut that user out of the authenticated side. Jimmy and I talked about Tor-and-Wikipedia many months ago, and the conclusion was that they (mediawiki) would be willing to try a variety of technological solutions to see if they work (i.e. cut down on vandalism and aren't too much of a burden to run). My favorite is to simply have certain address classes where the block expires after 15 minutes or so. Brandon Wiley proposed a similar idea but where the block timeout is exponentially longer for repeated abuse, so services that are frequently blocked will stay blocked longer. This is great. But somebody needs to actually code it. Wikipedia already needs this sort of thing because of AOL IPs -- they have similar characteristics to Tor, in that a single IP produces lots of behavior, some good some bad. The two differences as I understand them are that AOL will cancel user accounts if you complain loudly enough (but there's constant tension here because in plenty of cases AOL decides not to cancel the account, so Wikipedia has to deal some other way like temporarily blocking the IP), and that it's not clear enough to the Wikipedia operators that there *are* good Tor users. (One might argue that it's hard for Wikipedia to change their perception and learn about any good Tor uses, firstly because good users will blend in and nobody will notice, and secondly because they've prevented them all from editing so there are no data points either way.) So I've been content to wait and watch things progress. Perhaps we will find a volunteer who wants to help hack the mediawiki codebase to be more authentication-friendly (or have more powerful blocking config options). Perhaps we'll find a volunteer to help build the blind-signature pseudonymous authenticated identity management infrastructure that Nick refers to. Perhaps the Wikimedia operators will increasingly get a sense that Tor has something to offer besides vandalism. (I presume this thread re-surfaced because Tor users and operators are periodically telling Wikipedia that they don't like being blocked.) Maybe we will come to the point eventually that it makes sense to do something different than blocking the Tor IP addresses from editing Wikipedia. (Which, we should all remember compared the Gentoo forum situation, is a great step above blocking them from both reading and writing.) It could be that we never reach that point. Certain services on the Internet (like some IRC networks) that are really prone to abuse are probably doing the right thing by blocking all Tor users (and all AOL users, and all open proxies, and ...). And we want to keep Tor easy to block, or we're really going to start getting the other communities angry at us. In summary, I'm not too unhappy with the status quo for now. Tor needs way more basic development / usability work still. In the absence of actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve the problem, I'm going to focus on continuing to make Tor better, so down the road maybe we'll be able to see better answers. --Roger - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
[yes, I know I'm preaching to the choir] - Forwarded message from Roger Dingledine [EMAIL PROTECTED] - A potential for cooperation is the proposal below for authenticated access to Wikipedia through Tor. I will not speak to any particular design here, but if Wikipedia has a notion of clients trusted to post to Wikipedia, it should be possible to work with them to have an authentication server that controls access to Wikipedia through Tor. As I understand it, Jimmy is hoping that we will develop and maintain this notion. We would run both halves of the Tor network, and when they complain about a user, we would cut that user out of the authenticated side. A non-good idea, as it goes against what Tor is all about. The problem to be overcome here really has nothing to do with Tor, as such. Wikipedia already needs this sort of thing because of AOL IPs -- they have similar characteristics to Tor, in that a single IP produces lots of behavior, some good some bad. So Wikipedia understands that the transport layer isn't to blame, yet they persist in asking for changes in the Tor transport to address the problem of malicious users? *groan* (One might argue that it's hard for Wikipedia to change their perception and learn about any good Tor uses, firstly because good users will blend in and nobody will notice, and secondly because they've prevented them all from editing so there are no data points either way.) That's not the perception they need to change. They need to realize that if an avenue for action without responsibility exists, someone will use it. Wikis get defaced all the time *without* AOL or Tor, because the philosophy allows anyone to edit. It is that philosophy that is in error, not the transport layers used by the vandals. Wiki, as someone mentioned to me in a private mail, is the SMTP of web publishing; it doesn't scale well in the presence of large concentrations of assholes. In summary, I'm not too unhappy with the status quo for now. Tor needs way more basic development / usability work still. In the absence of actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve the problem, I'm going to focus on continuing to make Tor better, so down the road maybe we'll be able to see better answers. Roger gets it. The Wikipedians don't. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
RE: [EMAIL PROTECTED]: Re: Wikipedia Tor]
Sorry...I don't understand...why would psuedonymity services be provided within Tor? An external reputation/psuedonymity server would of course reduce a Tor users' anonymity to mere psuedonymity, but I don't see how it would do anything more, and who cares? If Wikipedia (or anyone) doesn't want to interact with the truly anonymous (as opposed to psuedonymous), then ah well. Solution: Wait and do nothing until someone (commericially) provides such services. Am I punchdrunk or stating the obvious? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: Wikipedia Tor] Date: Tue, 27 Sep 2005 21:57:50 +0200 - Forwarded message from Roger Dingledine [EMAIL PROTECTED] - From: Roger Dingledine [EMAIL PROTECTED] Date: Tue, 27 Sep 2005 15:54:38 -0400 To: [EMAIL PROTECTED] Subject: Re: Wikipedia Tor User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] On Tue, Sep 27, 2005 at 11:18:31AM -0400, Paul Syverson wrote: On Tue, Sep 27, 2005 at 10:27:58AM -0400, Matt Thorne wrote: everyone is so worried about it, but has any one ever been successfully been able to use tor to effectively spam anyone? No. Cf. http://tor.eff.org/faq-abuse.html#WhatAboutSpammers To be fair, this answer is yes. People have used Tor to deface Wikipedia pages, along with Slashdot pages, certain IRC networks, and so on. I think that counts as spam at least in a broad sense. A potential for cooperation is the proposal below for authenticated access to Wikipedia through Tor. I will not speak to any particular design here, but if Wikipedia has a notion of clients trusted to post to Wikipedia, it should be possible to work with them to have an authentication server that controls access to Wikipedia through Tor. As I understand it, Jimmy is hoping that we will develop and maintain this notion. We would run both halves of the Tor network, and when they complain about a user, we would cut that user out of the authenticated side. Jimmy and I talked about Tor-and-Wikipedia many months ago, and the conclusion was that they (mediawiki) would be willing to try a variety of technological solutions to see if they work (i.e. cut down on vandalism and aren't too much of a burden to run). My favorite is to simply have certain address classes where the block expires after 15 minutes or so. Brandon Wiley proposed a similar idea but where the block timeout is exponentially longer for repeated abuse, so services that are frequently blocked will stay blocked longer. This is great. But somebody needs to actually code it. Wikipedia already needs this sort of thing because of AOL IPs -- they have similar characteristics to Tor, in that a single IP produces lots of behavior, some good some bad. The two differences as I understand them are that AOL will cancel user accounts if you complain loudly enough (but there's constant tension here because in plenty of cases AOL decides not to cancel the account, so Wikipedia has to deal some other way like temporarily blocking the IP), and that it's not clear enough to the Wikipedia operators that there *are* good Tor users. (One might argue that it's hard for Wikipedia to change their perception and learn about any good Tor uses, firstly because good users will blend in and nobody will notice, and secondly because they've prevented them all from editing so there are no data points either way.) So I've been content to wait and watch things progress. Perhaps we will find a volunteer who wants to help hack the mediawiki codebase to be more authentication-friendly (or have more powerful blocking config options). Perhaps we'll find a volunteer to help build the blind-signature pseudonymous authenticated identity management infrastructure that Nick refers to. Perhaps the Wikimedia operators will increasingly get a sense that Tor has something to offer besides vandalism. (I presume this thread re-surfaced because Tor users and operators are periodically telling Wikipedia that they don't like being blocked.) Maybe we will come to the point eventually that it makes sense to do something different than blocking the Tor IP addresses from editing Wikipedia. (Which, we should all remember compared the Gentoo forum situation, is a great step above blocking them from both reading and writing.) It could be that we never reach that point. Certain services on the Internet (like some IRC networks) that are really prone to abuse are probably doing the right thing by blocking all Tor users (and all AOL users, and all open proxies, and ...). And we want to keep Tor easy to block, or we're really going to start getting the other communities angry at us. In summary, I'm not too unhappy with the status quo for now. Tor needs way more basic development / usability work still. In the absence of actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve the problem, I'm going to focus on continuing to make Tor better, so down the road maybe we'll be able
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
Tyler Durden wrote: Sorry...I don't understand...why would psuedonymity services be provided within Tor? I find the concept of having both pseudonymous and anonymous traffic through TOR quite interesting. In some cases, you really do wish to just separate yourself from your meatspace identity but you may want the reputation of a bitspace identity; in other cases, you want to completely separate yourself from any identity. There are audited anonymizers that provide a form of pseudonymity, in that, they know who you are and can regulate your behavior accordingly. These are generally in the commercial space. Building a TOR nymspace would be much more interesting and distributed. TOR itself does not necessarily have to deal with this. There could be services flowing through TOR that provide this. However, TOR nodes implementing pseudonymous traffic for their own network seems more natural and easier to do. Entry/exit nodes, some nodes, all nodes, or whatever subset makes the most sense could then authenticate pseudonymous traffic and determine capabilities based on things like reputation. But, that was not a why. Anonymity has the property of removing responsibility from the actor for their actions, which is not always a good thing. I am sure TOR exit nodes are hit with the responsibility for those actors, which can lead to the end of exit nodes. At a minimum, pseudonymity can provide a degree of responsibility through reputation. Exit nodes could support either pseudo or anon, or both, depending on beliefs, risks, etc. Also, users could select anon or pseudo as needed. I like choice. Anyway, that is a why and an interesting topic, but TOR has other things to focus on. -Andrew
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
At 8:37 PM -0400 9/27/05, lists wrote: Building a TOR nymspace would be much more interesting and distributed. Since the first time I met Dingledine, he was talking pseudonymity, bigtime. I was curious when he went to play with onion routers, but maybe I'm not so surprised anymore... Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [EMAIL PROTECTED]: Wikipedia Tor]
Quoting Eugen Leitl [EMAIL PROTECTED]: - Forwarded message from Arrakis Tor [EMAIL PROTECTED] - This is a conversation with Jimmy Wales regarding how we can get Wikipedia to let Tor get through. I completely fail to comprehend why Tor server operators consistently refuse to take responsibility for their crazed users. On one hand, this shows a deep misunderstanding of Tor and its purposes. On the other, I remain disappointed in the number of vandals that take advantage of Tor and other anonymizing services. On the gripping hand, perhaps the Wiki philosophy is flawed. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
[EMAIL PROTECTED]: Wikipedia Tor]
- Forwarded message from Arrakis Tor [EMAIL PROTECTED] - From: Arrakis Tor [EMAIL PROTECTED] Date: Tue, 27 Sep 2005 07:48:22 -0500 To: [EMAIL PROTECTED] Subject: Wikipedia Tor Reply-To: [EMAIL PROTECTED] This is a conversation with Jimmy Wales regarding how we can get Wikipedia to let Tor get through. Anyone with a port 80 can vandalize your website. Yes, but we notice that we can control a significant amount of vandalism by blocking ip numbers which have proven to be particularly problematic. TOR servers are among the absolute worst. And TOR operators don't seem to care. We go to the trouble to block all the file sharing clients, and often abused ports and protocols like IRC. Many of us typically block ports which do not have any legitimate reason for being used. If all it take is a port 80 to vandalize the wikipedia, of which port 80 is a public service, then there is no point in discriminating against Tor users since every IP is an equal opportunity offender. Equal *opportunity*, but we have very strong empirical evidence here. TOR ip numbers are the worst offenders that we have seen. People use TOR specifically to hide their identity, specifically to vandalize wikipedia. You say that tor is quite irresponsibly managed. How would you propose we manage tor servers differently? Ban users who vandalize wikipedia. That'd be a start. Rate limit edits at Wikipedia, that'd be good. Write an extension to your software which would help us to distinguish between trusted and newbie Tor clients. I completely fail to comprehend why Tor server operators consistently refuse to take responsibility for their crazed users. - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: [EMAIL PROTECTED]: Wikipedia Tor]
What's the problem here? The Wikipedia guy sees lots of garbage coming out of IP address set {X} so he blocks said address set. Somewhat regrettable but no suprise, is it? On the other hand, doesn't it seem a little -odd- that the Tor network is already being used in this way? Granted, even I the great Tyler Durden was able to get a Tor client up-and-running, but I find it suspicious that this early wave of Tor users also happen to have a high % of vandals...something stinks. A very subtle attack, perhaps? If I were so-and-so, I consider it a real coup to stop the kinds of legitimate Wikipedia entries that might be made from Tor users. And if this is the case, you can bet that there are other obvious targets that have been hammered through Tor. In other words, someone said, Two can play at this game. -TD From: Roy M. Silvernail [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Wikipedia Tor] Date: Tue, 27 Sep 2005 10:02:09 -0400 Quoting Eugen Leitl [EMAIL PROTECTED]: - Forwarded message from Arrakis Tor [EMAIL PROTECTED] - This is a conversation with Jimmy Wales regarding how we can get Wikipedia to let Tor get through. I completely fail to comprehend why Tor server operators consistently refuse to take responsibility for their crazed users. On one hand, this shows a deep misunderstanding of Tor and its purposes. On the other, I remain disappointed in the number of vandals that take advantage of Tor and other anonymizing services. On the gripping hand, perhaps the Wiki philosophy is flawed. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com