Wikipedia and Tor - a solution in the works?

[Anthony DiPierro]

On 10/30/05, Matthias Fischmann <fis at wiwi.hu-berlin.de> wrote:

> this is where nym comes in. it hides the IP address from wikipedia,
> replacing it with a token that is exactly as hard to obtain as an IP
> address, but detached from the user's real identity. the
> authentication server knows which IP address gets a token, and that no
> IP address gets more than one token, but doesn't know the mapping
> between IP addresses and tokens. wikipedia can only see tokens, but
> no IP addresses (except those of tor nodes), but trusts the
> authentication server not to issue several tokens to the same address.


I don't really see how nym provides the security that was talked about by
Mr. Wales, with the authentication server and the trusted cloud. It is
really an entirely different solution. But more importantly, nym, as I
understand it, doesn't provide the same security as using the IP address
directly. Nym doesn't provide you with a token showing that have a unique IP
address, it provides you with a token showing that - at some point in the
past - you had a unique IP address.

I'm not sure when, if ever, tokens and certificates are supposed to expire,
but between expirations if you happen to be using an IP address which was
used by someone else to obtain a token (or, furthermore, if you simply have
lost the certificate you obtained for yourself), then you can't obtain a
token, and therefore can't obtian a certificate. Furthermore, it would be
rather trivial for anyone on an account which uses dynamic IP addresses to
build up a huge assortment of valid certificates, which could be used later
if one of them becomes invalid, and in fact such selfish behavior would
inherently destroy the system, as major ISPs would have a scarce supply of
tokens available.

Finally, the anonymity only increases as more people use the system (and in
fact would be completely unacceptable for anything but the most trivial of
protections without a significant number of users), and usability decreases
as more people use the system (for the reasons above).

I'm not even going to even get into what would happen if someone manages to
spoof IP addresses to the token server. This is arguably a problem with
Wikipedia's current system anyway, though on a more temporary basis. Same
thing with IPv6.

if wikipedia is unhappy with a user, it bans that user's token (with
> the same effect as banning an IP address if there was no tor network).


Effectively banning the IP address *forever*. Yes, you could add an
expiration on the certificate to allow someone to obtain a new token after a
certain period of time, but the shorter you make the period of time, the
less the anonymity you're providing (and the less useful the block).

Anthony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20051031/c8dc5fac/attachment.htm>