Jimmy Wales proposed what he described as a "simple solution to the
problem of Tor users being unable to edit Wikipedia." Here it is:<br>
<br>
"trusted user -> tor cloud -> authentication server -> trusted tor cloud -> wikipedia"<br>
<br>
"untrusted user -> tor cloud -> authentication server -> untrusted tor cloud -> no wikipedia"<br>
<br>
David Benfell responded "So they want us to do their authentication for
them. Wrong answer." I think this points out exactly the
problem with Mr. Wales' proposal, but it's perhaps not clear to
everyone why.<br>
<br>
First, let me try to understand exactly what it is Mr. Wales is
proposing. Someone, presumably someone not affiliated directly
with Wikipedia, is supposed to run an "authentication server".
Presumably this authentication server will establish pseudonymous
accounts with some mechanism for authentication (for simplicity let's
say username/password). Some mechanism will be used to tie edits
made to Wikipedia to the account username, and upon complaints coming
from Wikipedia that account will be disabled. Now, since the
authentication server must not know the true identity of the trusted
user (since that would completely destroy the anonymity), there needs
to be a way for an untrusted user to become a trusted user. But
to limit abuse where a single person creates many accounts, some
mechanism must be implemented at the authentication server to throttle
the creation of new pseudonymous accounts.<br>
<br>
Let me now explain why the "trusted tor cloud" would be very difficult
to implement, as well as why it is essentially useless. The
difference between a "trusted user" and an "untrusted user" is specific
to the application. What Wikipedia considers bad behavior does
not coincide with what someone else might consider bad behavior.
While there might be some actions which are fairly universally accepted
as bad behavior, it is likely that Wikipedia will not accept merely
limiting these behaviors. What I'm saying in essense, is that the
"authentication server" would have to be geared specifically to
Wikipedia. For this reason, the trusted tor cloud would likely be
very small, and it would be quite simple to determine the location of
the authentication server. So you might as well remove the
"trusted tor cloud" completely, and simply have the authentication
server connect directly to Wikipedia.<br>
<br>
So now, we have "trusted user -> tor cloud -> authentication
server -> wikipedia". The Tor cloud between the authentication
server and Wikipedia was difficult to implement and essentially
useless, so we dropped it. Instead the authentication server
connects directly to Wikipedia using a single IP address. This
could be implemented without too much work on the part of Wikipedia,
they'd essentially only have to agree not to ban the IP address of the
authentication server (at least not for a very long period of time),
and to send information about any bad behavior to that server. In
theory you could even run it as a Tor hidden service, increasing the
anonymity (especially since Wikipedia doesn't offer https).<br>
<br>
If Wikipedia would agree to this, it wouldn't be too hard to set
up. But it would make the most sense for Wikipedia to run the
authentication server itself! Wikipedia already has pseudonymous
accounts set up, after all.<br>
<br>
To be clear, for those who aren't familiar with the way Wikipedia
implements blocking, users, even users that have established accounts
on Wikipedia for years, cannot edit Wikipedia if the IP address they
are using is blocked (even admins are blocked from editing, though they
are able to remove the IP block). There is a proposal on
Wikipedia to correct this, at
<a href="http://en.wikipedia.org/wiki/Wikipedia:Blocking_policy_proposal">http://en.wikipedia.org/wiki/Wikipedia:Blocking_policy_proposal</a> .
Almost everyone supports it, the only real question is what mechanism
to use to throttle/limit the creation of new accounts. It seems
to me that this is a good implementation of "trusted user -> tor
cloud -> authentication server -> wikipedia", where the
authentication server is run by Wikipedia itself. What would be a
good additional feature would be for Wikipedia to offer a Tor hidden
service to use to connect to Wikipedia. This is especially true
since Wikipedia passwords are passed in plaintext over http and thus
could be snooped by an exit node.<br>