[roy at rant-central.com: Re: [arma at mit.edu: Re: Wikipedia & Tor]]

David Benfell benfell at greybeard95a.com
Thu Sep 29 09:59:44 UTC 2005


On Thu, 29 Sep 2005 00:17:07 -0400, Nick Mathewson wrote:
> 
> I assume that you're not just ignoring everybody else and replying
> only to what Jimmy says, right?  There have been other posts here
> explaining why pseudonymity and Tor are not at odds, so long as
> pseudonymity is user selected.

Pseudonyms are a separate problem from Tor.  As someone posted, Tor
does not prevent people from using pseudonyms.  If pseudonyms will
solve Wikipedia's problem, then fine; a good portion of this argument
has been about Wikipedia's need for authentication.  See my comments
following your footnote.

> Wikipedia has user accounts and IP-based blocking.  That's a kind of
> authentication.  Wikipedia does not require you to use a user account
> to edit pages, and does not do much to ensure that user accounts
> belong to real people.  That's a lack of authentication.
> 
Now why couldn't *he* say that?  The man's involved with an
encyclopedia project; he should be able to write.

The way this particular aspect of our disagreement arose is that I
accused him of wanting Tor to do his authentication for him.  He
claimed that Wikipedia does do its own authentication.  Now you
explain that Wikipedia does not *require* authentication.  Which
undermines the usefulness of offering authentication.

> It's like how Tor blocks some highly-abusable services, like SMTP on
> port 25, but doesn't do content filtering to try to hunt for abusive
> behavior on exiting streams.  We filter out some abuse, but we can't
> filter out all abuse without turning off the network.  An anti-Tor
> rhetorician could say, "You filter abuse, but you don't filter abuse!"
> But what would that prove?

You are attempting to compare Tor's security policy to Wikipedia's
security policy.

Tor has a security policy.  Tor's security policy is to protect
originating IP addresses which might be connected to persons.  We
hope, in combination with Privoxy, it protects anonymity
reasonably well.  On the reasonable (I think) premise that other
sites are primarily responsible for their own security, it only
limits some abuse.

Now, what is Wikipedia's security policy?  With no authentication
requirement, and a policy that allows anyone to edit (unless they're
connecting from a blacklisted IP address), I might as well ask, "What
is truth?"

> {1} This case is more commonly known, in the literature, as
>     pseudonymous communication than anonymous communication.  Then
>     again, if you're going to invoke dictionaries in a technical
>     discussion, anonymity becomes a very broad term.

But Tor is about anonymity.  Not about pseudonymity.  Not about other
forms of authentication.  As it should be.



More information about the tor-talk mailing list