Voting for nym

Jason Holt jason at lunkwill.org
Tue Dec 20 20:12:38 UTC 2005


On Thu, 1 Dec 2005, Roger Dingledine wrote:

> On Fri, Dec 02, 2005 at 12:51:21AM +0000, Jason Holt wrote:
>> Rather than the elected Wikipedia officials deciding on proposals directly,
>> the modus operandi seems to be to take a vote among the users.
>
> Hi Jason,
>
> Can you walk us through the trade-offs between the following two schemes?
>
> a) Adding the patch to MediaWiki and having Wikipedia track which certs
> are good and which are bad.
>
> b) Running an http proxy of your own somewhere that demands
> authentication via certs, and then allows proxying to Wikipedia?
>
> Option b seems to need some way for Wikipedia to tell you "who" caused
> abuse so you can remember that yourself, but on the other hand maybe
> it's easier for Wikipedia to handle?

There's no point in writing a proxy if it'll still require support on 
wikipedia's end.  To be zero-barrier, the proxy would have to:

* maintain a table of "nymuserXX" wikipedia logins

* automatically login to wikipedia using the one corresponding to the 
connecting nym user

* prevent the client from logging out or doing other things that would let 
them hide behind the nym proxy using anything other than their assigned 
pseudonym.


I'm not sure exactly how blocking registered users works; if we're lucky, 
misbehaving users would get their "nymuserXX" account blocked, but other nym 
users coming from the proxy would still be fine.  If we're not (and I think 
this is actually how it works), then once a user got blocked, the proxy's IP 
would also get blocked to keep the misbehaver from simply logging out and 
continuing to vandalize.  This would make the proxy quite useless.

Such a proxy would have a number of other significant drawbacks:

* whereas the existing MediaWiki patch provides cryptographically strong 
pseoudonymity with less than 20 lines of code, the proxy would run over http, 
where the "nymuserXX" logins could be sniffed and used by others (and subject 
to abuse by the proxy admin as well)

* it could easily turn out to be more complicated and bug-prone than the 
entire rest of the system

* the proxy would be a single point of failure

* making nym opt-out instead of opt-in increases the risk of wikipedia being 
impatient with abuse (and being more likely to block the proxy entirely)


I'm not sure what to do next with nym; my list post didn't garner a single 
response, and while the proposal page did get 5 "for" votes, it doesn't seem 
to be enough to spur the wikipedia community into action.  I don't personally 
use tor very often, so perhaps others could make a more impassioned argument 
to wikipedia.  Or perhaps we can start elsewhere to gain some practical 
experience with nym before we ask a huge site like wikipedia to hop on board.

The Gentoo wiki/forum (as well as a Knoppix site) uses MediaWiki, and somebody 
even asked here about using it through tor.  We could set up a tor-related 
MediaWiki with enforced pseudonymity (perhaps as a hidden service), and it 
might not be too hard to interface nym with other services (such as blogging 
software).

Mostly I'm waiting to see what people actually care about.

 						-J



More information about the tor-talk mailing list