Wikipedia and Tor - a solution in the works?

loki tiwaz loki_tiwaz at hotmail.com
Mon Oct 31 13:19:15 UTC 2005 

as i explained simply in my previous post, all of this is nonsense, much too 
much complexity. we are covering old ground that sites such as hotmail and 
yahoo have dealt with long ago, and the strategies they use are effective, 
although they could easily be tightened up for preventing abuse from any 
kind of anonymity proxy system. blind signed certificates and external 
authentication servers add a lot of complexity and complexity in security 
systems does not equal extra security, it just means more holes you can 
jimmy (having spent some time as a young man getting up to mischief 
unlocking things that i wasn't supposed to get into, i learned one thing: 
security is only as strong as the weakest link in the chain - if the janitor 
forgets to lock all the windows you might as well not even have locks on the 
doors).


>From: cyphrpunk <cyphrpunk at gmail.com>
>Reply-To: or-talk at freehaven.net
>To: or-talk at freehaven.net
>Subject: Re: Wikipedia and Tor - a solution in the works?
>Date: Sat, 29 Oct 2005 21:57:34 -0700
>
>On 10/29/05, Anthony DiPierro <or at inbox.org> wrote:
> >  So now, we have "trusted user -> tor cloud -> authentication server ->
> > wikipedia".  The Tor cloud between the authentication server and 
>Wikipedia
> > was difficult to implement and essentially useless, so we dropped it.
> > Instead the authentication server connects directly to Wikipedia using a
> > single IP address.  This could be implemented without too much work on 
>the
> > part of Wikipedia, they'd essentially only have to agree not to ban the 
>IP
> > address of the authentication server (at least not for a very long 
>period of
> > time), and to send information about any bad behavior to that server.  
>In
> > theory you could even run it as a Tor hidden service, increasing the
> > anonymity (especially since Wikipedia doesn't offer https).
>
>I agree with this concept, but I think you are focusing too narrowly
>on Wikipedia.  The general case is:
>
>trusted user -> tor cloud -> authentication server -> whatever
>
>The point is, as Jimmy Wales notes, what constitutes abuse is not that
>different for Wikipedia than for other wikis, for blog spam, for email
>spam, and for many other services on the net. An authentication server
>that only allows trusted users through is a generally useful
>capability.
>
>I am working on software to provide this service. It is slow going due
>to the complexity, but I will hopefully have something working in a
>few weeks. Here is a brief description.
>
>The authentication server can be thought of as a proxy which only
>serves a set of "customers in good standing". Like a Tor exit server,
>it applies its own policies to filter outbound connections to whatever
>the server operator thinks is appropriate. However the main point of
>the proxy server is to accept anonymous connections outbound from Tor
>(or any similar anonymity service), to verify that they are associated
>with good customers, and to pass them on. In this way, anonymous users
>can still access sites that block Tor exit nodes and those of other
>anonymity services.
>
>Although connections through the authentication server are anonymous,
>cryptography is used to associate each connection with a unique
>identifier. If the authentication server gets a report back of bad
>behavior by one of its customers, the identifier in use at the time of
>the abuse can be put on a blacklist. More crypto allows each user to
>prove that he is not on the blacklist, while still retaining his
>anonymity. Keeping the multiple uses of the authentication server
>unlinkable provides an important element of privacy. Otherwise the
>authentication server could build up profiles about the places which
>each nym likes to visit, and possibly correlate that with the use of
>various pseudonyms on the net.
>
>The result is that the authentication server is something like an
>"anonymous ISP" in terms of having a set of customers that go through
>the server, and being responsible for cancelling the accounts of
>customers who misbehave. Because it is responsive to complaints from
>services on the net, the authentication server should be able to avoid
>being blocked and can maintain the ability for good customers to
>continue to be first class users of the net even while being
>anonymous.
>
>The details are beyond the scope of this note, but the idea is similar
>to the mechanism used by Jason Holt in his nym software. Users would
>register for the service via some mechanism that makes it expensive.
>Perhaps this involves using their real names and/or email addresses,
>or maybe it could even cost money. On this basis they get what is
>essentially a blind signature, although the technology is not based on
>Chaum. They can then show this signature anonymously and unlinkably to
>other showings (this is where it goes beyond Chaum). At the same time
>they commit to their signed value and are able to prove that their
>commitment is different from any of those on the blacklist.
>
>Running the authentication server will take a certain amount of
>commitment on the part of the operator. He must respond to complaints
>fairly and expeditiously, and maintain the blacklist. He needs to set
>his policies for exit connections, and for how to make it expensive to
>create new accounts. It would nevertheless be a highly useful service
>for anonymous users and would therefore increase the spread of
>anonymity.
>
>CP

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

More information about the tor-talk mailing list