Wikipedia and Tor - a solution in the works?

Sun Oct 30 23:15:06 UTC 2005

On Sat, Oct 29, 2005 at 09:57:34PM -0700, cyphrpunk wrote:
> On 10/29/05, Anthony DiPierro <or at inbox.org> wrote:
> >  So now, we have "trusted user -> tor cloud -> authentication server ->
> > wikipedia".  The Tor cloud between the authentication server and Wikipedia
> > was difficult to implement and essentially useless, so we dropped it.
> > Instead the authentication server connects directly to Wikipedia using a
> > single IP address.  This could be implemented without too much work on the
> > part of Wikipedia, they'd essentially only have to agree not to ban the IP
> > address of the authentication server (at least not for a very long period of
> > time), and to send information about any bad behavior to that server.  In
> > theory you could even run it as a Tor hidden service, increasing the
> > anonymity (especially since Wikipedia doesn't offer https).
> 
> I agree with this concept, but I think you are focusing too narrowly
> on Wikipedia.  The general case is:
> 
> trusted user -> tor cloud -> authentication server -> whatever
> 
> The point is, as Jimmy Wales notes, what constitutes abuse is not that
> different for Wikipedia than for other wikis, for blog spam, for email
> spam, and for many other services on the net. An authentication server
> that only allows trusted users through is a generally useful
> capability.

i am not sure who of us is most confused about how this should work.
the following may be completely obvious to everybody except me.  in
that case i'll just write it down for myself.  (-:

nym (and in any other IMHO reasonable architecture) is baesd on the
idea that a user provides some credential like an IP address or
(slightly more effective) an e-mail address that is hard to replicate
in huge amounts.

wikipedia does that, but the problem with that is that (a) tor nodes
are punished for routing troll traffic and (b) it simply doesn't work.

this is where nym comes in.  it hides the IP address from wikipedia,
replacing it with a token that is exactly as hard to obtain as an IP
address, but detached from the user's real identity.  the
authentication server knows which IP address gets a token, and that no
IP address gets more than one token, but doesn't know the mapping
between IP addresses and tokens.  wikipedia can only see tokens, but
no IP addresses (except those of tor nodes), but trusts the
authentication server not to issue several tokens to the same address.

if wikipedia is unhappy with a user, it bans that user's token (with
the same effect as banning an IP address if there was no tor network).
if a blog site is perfectly happy with that same user, that site
doesn't ban her token, and she can keep blogging like mad, until she
gets banned here, too.  the authentication server is not involved in
the punishment and excommunication on either site at all.  its only
job is to detach identifying and anonymous credentials in a way that
makes sybling attacks hard.

as i understand the architectures anthony and cypherpunk propose, it
doesn't have these properties.  nym does.

cheers,
m.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20051031/60a9feb1/attachment.pgp>