Wikipedia & Tor

Paul Syverson syverson at itd.nrl.navy.mil
Tue Sep 27 15:18:31 UTC 2005


On Tue, Sep 27, 2005 at 10:27:58AM -0400, Matt Thorne wrote:
> everyone is so worried about it, but has any one ever been successfully been
> able to use tor to effectively spam anyone?
> 

No. Cf.
http://tor.eff.org/faq-abuse.html#WhatAboutSpammers

I share frustrations that the statements attributed to Jimmy Wales in
the record below and in previous messages seem to show some fundamental
misunderstandings and willful ignorance of Tor, and more broadly of
identity, identifiers, reputation, authentication, etc. in open
network communications.

But, it's easy to misread both content and intent from terse email
excerpts.  As we said in the "Challenges" paper, besides their
short-term focus and limited effectiveness, IP address blacklists
constitute "a loss for both Tor and Wikipedia: we don't want to
compete for (or divvy up) the NAT-protected entities of the world."

A potential for cooperation is the proposal below for authenticated
access to Wikipedia through Tor. I will not speak to any particular
design here, but if Wikipedia has a notion of clients trusted to post
to Wikipedia, it should be possible to work with them to have an
authentication server that controls access to Wikipedia through Tor.
This would limit the type of anonymity that such posts could have,
probably pseudonymous at best, but it would be doable. A win for
everyone.

aloha,
Paul

> On 9/27/05, Arrakis Tor <arrakistor at gmail.com> wrote:
> >
> > Here is a further text with Jimmy
> > -------------------------------------------------
> >
> > > If we start to use code to monitor what websites people are visiting,
> > > in order to block them or whatnot, this might be a violation on Tor's
> > > principle.
> >
> > Is spam a principle of Tor? Is damage to volunteer efforts a principle
> > of Tor?
> >
> > > I do not think trusted or newbie Tor clients will ever be implemented,
> > > as it is important that we do not know who is using our servers so we
> > > cannot disclose it to those who would abuse the information.
> >
> >
> > end user -> tor cloud -> authentication server -> trusted user tor cloud
> > -> wikipedia
> >
> > end user -> tor cloud -> authentication server -> untrusted user tor
> > cloud -> no wikipedia
> >
> > Simple.
> >
> > > I'll definitely speak with the developers and see what we can come up
> > > with. There may be a type of security protocol that I am unaware of
> > > that might work. I'm certainly not interested in helping people
> > > vandalize. My specific hope is I'm helping a Chinese dissident who
> > > would otherwise be arrested for saying or observing ideas online.
> >
> > Mine too. But the current design of Tor makes this impossible -- people
> > will block Tor because it is abusive. So your Chinese dissident will
> > not be able to use Tor to edit Wikipedia, because the Chinese spammer
> > has ruined it.
> >
> > --Jimbo
> >



More information about the tor-talk mailing list